pulumi-aws-kotlin/com.pulumi.aws.cfg.kotlin/RemediationConfiguration

RemediationConfiguration

class RemediationConfiguration : KotlinCustomResource

Provides an AWS Config Remediation Configuration.

Note: Config Remediation Configuration requires an existing Config Rule to be present.

Example Usage

AWS managed rules can be used by setting the source owner to AWS and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the AWS Config Developer Guide.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.Rule;
import com.pulumi.aws.cfg.RuleArgs;
import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
import com.pulumi.aws.cfg.RemediationConfiguration;
import com.pulumi.aws.cfg.RemediationConfigurationArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationParameterArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsSsmControlsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var thisRule = new Rule("thisRule", RuleArgs.builder()
            .source(RuleSourceArgs.builder()
                .owner("AWS")
                .sourceIdentifier("S3_BUCKET_VERSIONING_ENABLED")
                .build())
            .build());
        var thisRemediationConfiguration = new RemediationConfiguration("thisRemediationConfiguration", RemediationConfigurationArgs.builder()
            .configRuleName(thisRule.name())
            .resourceType("AWS::S3::Bucket")
            .targetType("SSM_DOCUMENT")
            .targetId("AWS-EnableS3BucketEncryption")
            .targetVersion("1")
            .parameters(
                RemediationConfigurationParameterArgs.builder()
                    .name("AutomationAssumeRole")
                    .staticValue("arn:aws:iam::875924563244:role/security_config")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("BucketName")
                    .resourceValue("RESOURCE_ID")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("SSEAlgorithm")
                    .staticValue("AES256")
                    .build())
            .automatic(true)
            .maximumAutomaticAttempts(10)
            .retryAttemptSeconds(600)
            .executionControls(RemediationConfigurationExecutionControlsArgs.builder()
                .ssmControls(RemediationConfigurationExecutionControlsSsmControlsArgs.builder()
                    .concurrentExecutionRatePercentage(25)
                    .errorPercentage(20)
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Remediation Configurations can be imported using the name config_rule_name, e.g.,

$ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

ARN of the Config Remediation Configuration.

Link copied to clipboard
val automatic: Output<Boolean>?

Remediation is triggered automatically if true.

Link copied to clipboard
val configRuleName: Output<String>

Name of the AWS Config rule.

Link copied to clipboard
val executionControls: Output<RemediationConfigurationExecutionControls>?

Configuration block for execution controls. See below.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val maximumAutomaticAttempts: Output<Int>?

Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.

Link copied to clipboard
val parameters: Output<List<RemediationConfigurationParameter>>?

Can be specified multiple times for each parameter. Each parameter block supports arguments below.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val resourceType: Output<String>?

Type of resource.

Link copied to clipboard
val retryAttemptSeconds: Output<Int>?

Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.

Link copied to clipboard
val targetId: Output<String>

Target ID is the name of the public document.

Link copied to clipboard
val targetType: Output<String>

Type of the target. Target executes remediation. For example, SSM document. The following arguments are optional:

Link copied to clipboard
val targetVersion: Output<String>?

Version of the target. For example, version of the SSM document

Link copied to clipboard
val urn: Output<String>