Organization
Manages a Config Organization Conformance Pack. More information can be found in the Managing Conformance Packs Across all Accounts in Your Organization and AWS Config Managed Rules documentation. Example conformance pack templates may be found in the AWS Config Rules Repository.
NOTE: This resource must be created in the Organization master account or a delegated administrator account, and the Organization must have all features enabled. Every Organization account except those configured in the
excluded_accountsargument must have a Configuration Recorder with proper IAM permissions before the Organization Conformance Pack will successfully create or update. See also theaws.cfg.Recorderresource.
Example Usage
Using Template Body
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.cfg.OrganizationConformancePack;
import com.pulumi.aws.cfg.OrganizationConformancePackArgs;
import com.pulumi.aws.cfg.inputs.OrganizationConformancePackInputParameterArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var exampleOrganizationConformancePack = new OrganizationConformancePack("exampleOrganizationConformancePack", OrganizationConformancePackArgs.builder()
.inputParameters(OrganizationConformancePackInputParameterArgs.builder()
.parameterName("AccessKeysRotatedParameterMaxAccessKeyAge")
.parameterValue("90")
.build())
.templateBody("""
Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""")
.build(), CustomResourceOptions.builder()
.dependsOn(
aws_config_configuration_recorder.example(),
exampleOrganization)
.build());
}
}Content copied to clipboard
Using Template S3 URI
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketObjectv2;
import com.pulumi.aws.s3.BucketObjectv2Args;
import com.pulumi.aws.cfg.OrganizationConformancePack;
import com.pulumi.aws.cfg.OrganizationConformancePackArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var exampleBucketV2 = new BucketV2("exampleBucketV2");
var exampleBucketObjectv2 = new BucketObjectv2("exampleBucketObjectv2", BucketObjectv2Args.builder()
.bucket(exampleBucketV2.id())
.key("example-key")
.content("""
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""")
.build());
var exampleOrganizationConformancePack = new OrganizationConformancePack("exampleOrganizationConformancePack", OrganizationConformancePackArgs.builder()
.templateS3Uri(Output.tuple(exampleBucketV2.bucket(), exampleBucketObjectv2.key()).applyValue(values -> {
var bucket = values.t1;
var key = values.t2;
return String.format("s3://%s/%s", bucket,key);
}))
.build(), CustomResourceOptions.builder()
.dependsOn(
aws_config_configuration_recorder.example(),
exampleOrganization)
.build());
}
}Content copied to clipboard
Import
Using pulumi import, import Config Organization Conformance Packs using the name. For example:
$ pulumi import aws:cfg/organizationConformancePack:OrganizationConformancePack example exampleContent copied to clipboard