pulumi-aws-kotlin/com.pulumi.aws.cfg.kotlin/RemediationConfigurationArgs

RemediationConfigurationArgs

data class RemediationConfigurationArgs(val automatic: Output<Boolean>? = null, val configRuleName: Output<String>? = null, val executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null, val maximumAutomaticAttempts: Output<Int>? = null, val parameters: Output<List<RemediationConfigurationParameterArgs>>? = null, val resourceType: Output<String>? = null, val retryAttemptSeconds: Output<Int>? = null, val targetId: Output<String>? = null, val targetType: Output<String>? = null, val targetVersion: Output<String>? = null) : ConvertibleToJava<RemediationConfigurationArgs>

Provides an AWS Config Remediation Configuration.

Note: Config Remediation Configuration requires an existing Config Rule to be present.

Example Usage

AWS managed rules can be used by setting the source owner to AWS and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the AWS Config Developer Guide.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const _this = new aws.cfg.Rule("this", {
    name: "example",
    source: {
        owner: "AWS",
        sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
    },
});
const thisRemediationConfiguration = new aws.cfg.RemediationConfiguration("this", {
    configRuleName: _this.name,
    resourceType: "AWS::S3::Bucket",
    targetType: "SSM_DOCUMENT",
    targetId: "AWS-EnableS3BucketEncryption",
    targetVersion: "1",
    parameters: [
        {
            name: "AutomationAssumeRole",
            staticValue: "arn:aws:iam::875924563244:role/security_config",
        },
        {
            name: "BucketName",
            resourceValue: "RESOURCE_ID",
        },
        {
            name: "SSEAlgorithm",
            staticValue: "AES256",
        },
    ],
    automatic: true,
    maximumAutomaticAttempts: 10,
    retryAttemptSeconds: 600,
    executionControls: {
        ssmControls: {
            concurrentExecutionRatePercentage: 25,
            errorPercentage: 20,
        },
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
this = aws.cfg.Rule("this",
    name="example",
    source={
        "owner": "AWS",
        "source_identifier": "S3_BUCKET_VERSIONING_ENABLED",
    })
this_remediation_configuration = aws.cfg.RemediationConfiguration("this",
    config_rule_name=this.name,
    resource_type="AWS::S3::Bucket",
    target_type="SSM_DOCUMENT",
    target_id="AWS-EnableS3BucketEncryption",
    target_version="1",
    parameters=[
        {
            "name": "AutomationAssumeRole",
            "static_value": "arn:aws:iam::875924563244:role/security_config",
        },
        {
            "name": "BucketName",
            "resource_value": "RESOURCE_ID",
        },
        {
            "name": "SSEAlgorithm",
            "static_value": "AES256",
        },
    ],
    automatic=True,
    maximum_automatic_attempts=10,
    retry_attempt_seconds=600,
    execution_controls={
        "ssm_controls": {
            "concurrent_execution_rate_percentage": 25,
            "error_percentage": 20,
        },
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var @this = new Aws.Cfg.Rule("this", new()
    {
        Name = "example",
        Source = new Aws.Cfg.Inputs.RuleSourceArgs
        {
            Owner = "AWS",
            SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
        },
    });
    var thisRemediationConfiguration = new Aws.Cfg.RemediationConfiguration("this", new()
    {
        ConfigRuleName = @this.Name,
        ResourceType = "AWS::S3::Bucket",
        TargetType = "SSM_DOCUMENT",
        TargetId = "AWS-EnableS3BucketEncryption",
        TargetVersion = "1",
        Parameters = new[]
        {
            new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
            {
                Name = "AutomationAssumeRole",
                StaticValue = "arn:aws:iam::875924563244:role/security_config",
            },
            new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
            {
                Name = "BucketName",
                ResourceValue = "RESOURCE_ID",
            },
            new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs
            {
                Name = "SSEAlgorithm",
                StaticValue = "AES256",
            },
        },
        Automatic = true,
        MaximumAutomaticAttempts = 10,
        RetryAttemptSeconds = 600,
        ExecutionControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsArgs
        {
            SsmControls = new Aws.Cfg.Inputs.RemediationConfigurationExecutionControlsSsmControlsArgs
            {
                ConcurrentExecutionRatePercentage = 25,
                ErrorPercentage = 20,
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		this, err := cfg.NewRule(ctx, "this", &cfg.RuleArgs{
			Name: pulumi.String("example"),
			Source: &cfg.RuleSourceArgs{
				Owner:            pulumi.String("AWS"),
				SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
			},
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRemediationConfiguration(ctx, "this", &cfg.RemediationConfigurationArgs{
			ConfigRuleName: this.Name,
			ResourceType:   pulumi.String("AWS::S3::Bucket"),
			TargetType:     pulumi.String("SSM_DOCUMENT"),
			TargetId:       pulumi.String("AWS-EnableS3BucketEncryption"),
			TargetVersion:  pulumi.String("1"),
			Parameters: cfg.RemediationConfigurationParameterArray{
				&cfg.RemediationConfigurationParameterArgs{
					Name:        pulumi.String("AutomationAssumeRole"),
					StaticValue: pulumi.String("arn:aws:iam::875924563244:role/security_config"),
				},
				&cfg.RemediationConfigurationParameterArgs{
					Name:          pulumi.String("BucketName"),
					ResourceValue: pulumi.String("RESOURCE_ID"),
				},
				&cfg.RemediationConfigurationParameterArgs{
					Name:        pulumi.String("SSEAlgorithm"),
					StaticValue: pulumi.String("AES256"),
				},
			},
			Automatic:                pulumi.Bool(true),
			MaximumAutomaticAttempts: pulumi.Int(10),
			RetryAttemptSeconds:      pulumi.Int(600),
			ExecutionControls: &cfg.RemediationConfigurationExecutionControlsArgs{
				SsmControls: &cfg.RemediationConfigurationExecutionControlsSsmControlsArgs{
					ConcurrentExecutionRatePercentage: pulumi.Int(25),
					ErrorPercentage:                   pulumi.Int(20),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.Rule;
import com.pulumi.aws.cfg.RuleArgs;
import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
import com.pulumi.aws.cfg.RemediationConfiguration;
import com.pulumi.aws.cfg.RemediationConfigurationArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationParameterArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsArgs;
import com.pulumi.aws.cfg.inputs.RemediationConfigurationExecutionControlsSsmControlsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var this_ = new Rule("this", RuleArgs.builder()
            .name("example")
            .source(RuleSourceArgs.builder()
                .owner("AWS")
                .sourceIdentifier("S3_BUCKET_VERSIONING_ENABLED")
                .build())
            .build());
        var thisRemediationConfiguration = new RemediationConfiguration("thisRemediationConfiguration", RemediationConfigurationArgs.builder()
            .configRuleName(this_.name())
            .resourceType("AWS::S3::Bucket")
            .targetType("SSM_DOCUMENT")
            .targetId("AWS-EnableS3BucketEncryption")
            .targetVersion("1")
            .parameters(
                RemediationConfigurationParameterArgs.builder()
                    .name("AutomationAssumeRole")
                    .staticValue("arn:aws:iam::875924563244:role/security_config")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("BucketName")
                    .resourceValue("RESOURCE_ID")
                    .build(),
                RemediationConfigurationParameterArgs.builder()
                    .name("SSEAlgorithm")
                    .staticValue("AES256")
                    .build())
            .automatic(true)
            .maximumAutomaticAttempts(10)
            .retryAttemptSeconds(600)
            .executionControls(RemediationConfigurationExecutionControlsArgs.builder()
                .ssmControls(RemediationConfigurationExecutionControlsSsmControlsArgs.builder()
                    .concurrentExecutionRatePercentage(25)
                    .errorPercentage(20)
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  this:
    type: aws:cfg:Rule
    properties:
      name: example
      source:
        owner: AWS
        sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED
  thisRemediationConfiguration:
    type: aws:cfg:RemediationConfiguration
    name: this
    properties:
      configRuleName: ${this.name}
      resourceType: AWS::S3::Bucket
      targetType: SSM_DOCUMENT
      targetId: AWS-EnableS3BucketEncryption
      targetVersion: '1'
      parameters:
        - name: AutomationAssumeRole
          staticValue: arn:aws:iam::875924563244:role/security_config
        - name: BucketName
          resourceValue: RESOURCE_ID
        - name: SSEAlgorithm
          staticValue: AES256
      automatic: true
      maximumAutomaticAttempts: 10
      retryAttemptSeconds: 600
      executionControls:
        ssmControls:
          concurrentExecutionRatePercentage: 25
          errorPercentage: 20
Content copied to clipboard

Import

Using pulumi import, import Remediation Configurations using the name config_rule_name. For example:

$ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(automatic: Output<Boolean>? = null, configRuleName: Output<String>? = null, executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null, maximumAutomaticAttempts: Output<Int>? = null, parameters: Output<List<RemediationConfigurationParameterArgs>>? = null, resourceType: Output<String>? = null, retryAttemptSeconds: Output<Int>? = null, targetId: Output<String>? = null, targetType: Output<String>? = null, targetVersion: Output<String>? = null)

Properties

Link copied to clipboard
val automatic: Output<Boolean>? = null

Remediation is triggered automatically if true.

Link copied to clipboard
val configRuleName: Output<String>? = null

Name of the AWS Config rule.

Link copied to clipboard
val executionControls: Output<RemediationConfigurationExecutionControlsArgs>? = null

Configuration block for execution controls. See below.

Link copied to clipboard
val maximumAutomaticAttempts: Output<Int>? = null

Maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.

Link copied to clipboard
val parameters: Output<List<RemediationConfigurationParameterArgs>>? = null

Can be specified multiple times for each parameter. Each parameter block supports arguments below.

Link copied to clipboard
val resourceType: Output<String>? = null

Type of resource.

Link copied to clipboard
val retryAttemptSeconds: Output<Int>? = null

Maximum time in seconds that AWS Config runs auto-remediation. If you do not select a number, the default is 60 seconds.

Link copied to clipboard
val targetId: Output<String>? = null

Target ID is the name of the public document.

Link copied to clipboard
val targetType: Output<String>? = null

Type of the target. Target executes remediation. For example, SSM document. The following arguments are optional:

Link copied to clipboard
val targetVersion: Output<String>? = null

Version of the target. For example, version of the SSM document

Functions

Link copied to clipboard
open override fun toJava(): RemediationConfigurationArgs