pulumi-aws-kotlin/com.pulumi.aws.cfg.kotlin/OrganizationManagedRuleArgs

OrganizationManagedRuleArgs

data class OrganizationManagedRuleArgs(val description: Output<String>? = null, val excludedAccounts: Output<List<String>>? = null, val inputParameters: Output<String>? = null, val maximumExecutionFrequency: Output<String>? = null, val name: Output<String>? = null, val resourceIdScope: Output<String>? = null, val resourceTypesScopes: Output<List<String>>? = null, val ruleIdentifier: Output<String>? = null, val tagKeyScope: Output<String>? = null, val tagValueScope: Output<String>? = null) : ConvertibleToJava<OrganizationManagedRuleArgs>

Manages a Config Organization Managed Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the aws.cfg.OrganizationCustomRule resource.

NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the excluded_accounts argument. NOTE: Every Organization account except those configured in the excluded_accounts argument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also the aws.cfg.Recorder resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.cfg.OrganizationManagedRule;
import com.pulumi.aws.cfg.OrganizationManagedRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
            .awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
            .featureSet("ALL")
            .build());
        var exampleOrganizationManagedRule = new OrganizationManagedRule("exampleOrganizationManagedRule", OrganizationManagedRuleArgs.builder()
            .ruleIdentifier("IAM_PASSWORD_POLICY")
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleOrganization)
                .build());
    }
}

Import

Config Organization Managed Rules can be imported using the name, e.g.,

$ pulumi import aws:cfg/organizationManagedRule:OrganizationManagedRule example example

Constructors

OrganizationManagedRuleArgs

constructor(description: Output<String>? = null, excludedAccounts: Output<List<String>>? = null, inputParameters: Output<String>? = null, maximumExecutionFrequency: Output<String>? = null, name: Output<String>? = null, resourceIdScope: Output<String>? = null, resourceTypesScopes: Output<List<String>>? = null, ruleIdentifier: Output<String>? = null, tagKeyScope: Output<String>? = null, tagValueScope: Output<String>? = null)

Properties

description

val description: Output<String>? = null

Description of the rule

excludedAccounts

val excludedAccounts: Output<List<String>>? = null

List of AWS account identifiers to exclude from the rule

inputParameters

val inputParameters: Output<String>? = null

A string in JSON format that is passed to the AWS Config Rule Lambda Function

maximumExecutionFrequency

val maximumExecutionFrequency: Output<String>? = null

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.