Organization
Manages a Config Organization Managed Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the aws.cfg.OrganizationCustomRule resource.
NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the
excluded_accountsargument. NOTE: Every Organization account except those configured in theexcluded_accountsargument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also theaws.cfg.Recorderresource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.organizations.Organization("example", {
awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
featureSet: "ALL",
});
const exampleOrganizationManagedRule = new aws.cfg.OrganizationManagedRule("example", {
name: "example",
ruleIdentifier: "IAM_PASSWORD_POLICY",
}, {
dependsOn: [example],
});import pulumi
import pulumi_aws as aws
example = aws.organizations.Organization("example",
aws_service_access_principals=["config-multiaccountsetup.amazonaws.com"],
feature_set="ALL")
example_organization_managed_rule = aws.cfg.OrganizationManagedRule("example",
name="example",
rule_identifier="IAM_PASSWORD_POLICY",
opts = pulumi.ResourceOptions(depends_on=[example]))using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"config-multiaccountsetup.amazonaws.com",
},
FeatureSet = "ALL",
});
var exampleOrganizationManagedRule = new Aws.Cfg.OrganizationManagedRule("example", new()
{
Name = "example",
RuleIdentifier = "IAM_PASSWORD_POLICY",
}, new CustomResourceOptions
{
DependsOn =
{
example,
},
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("config-multiaccountsetup.amazonaws.com"),
},
FeatureSet: pulumi.String("ALL"),
})
if err != nil {
return err
}
_, err = cfg.NewOrganizationManagedRule(ctx, "example", &cfg.OrganizationManagedRuleArgs{
Name: pulumi.String("example"),
RuleIdentifier: pulumi.String("IAM_PASSWORD_POLICY"),
}, pulumi.DependsOn([]pulumi.Resource{
example,
}))
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.cfg.OrganizationManagedRule;
import com.pulumi.aws.cfg.OrganizationManagedRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Organization("example", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var exampleOrganizationManagedRule = new OrganizationManagedRule("exampleOrganizationManagedRule", OrganizationManagedRuleArgs.builder()
.name("example")
.ruleIdentifier("IAM_PASSWORD_POLICY")
.build(), CustomResourceOptions.builder()
.dependsOn(example)
.build());
}
}resources:
example:
type: aws:organizations:Organization
properties:
awsServiceAccessPrincipals:
- config-multiaccountsetup.amazonaws.com
featureSet: ALL
exampleOrganizationManagedRule:
type: aws:cfg:OrganizationManagedRule
name: example
properties:
name: example
ruleIdentifier: IAM_PASSWORD_POLICY
options:
dependsOn:
- ${example}Import
Using pulumi import, import Config Organization Managed Rules using the name. For example:
$ pulumi import aws:cfg/organizationManagedRule:OrganizationManagedRule example exampleProperties
Description of the rule
List of AWS account identifiers to exclude from the rule
A string in JSON format that is passed to the AWS Config Rule Lambda Function
The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.
Identifier of the AWS resource to evaluate
List of types of AWS resources to evaluate
Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation
Tag key of AWS resources to evaluate
Tag value of AWS resources to evaluate