Rule

Provides an AWS Config Rule.

Note: Config Rule requires an existing Configuration Recorder to be present. Use of depends_on is recommended (as shown below) to avoid race conditions.

Example Usage

AWS Managed Rules

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs
        {
            Source = new Aws.Cfg.Inputs.RuleSourceArgs
            {
                Owner = "AWS",
                SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                "aws_config_configuration_recorder.foo",
            },
        });
        var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""config.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}

",
        });
        var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
        {
            RoleArn = role.Arn,
        });
        var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
     {
         ""Action"": ""config:Put*"",
         ""Effect"": ""Allow"",
         ""Resource"": ""*""

     }
  ]
}

",
            Role = role.Id,
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cfg"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cfg.NewRule(ctx, "rule", &cfg.RuleArgs{
            Source: &cfg.RuleSourceArgs{
                Owner:            pulumi.String("AWS"),
                SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
            },
        }, pulumi.DependsOn([]pulumi.Resource{
            "aws_config_configuration_recorder.foo",
        }))
        if err != nil {
            return err
        }
        role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
            AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n", "\n")),
        })
        if err != nil {
            return err
        }
        _, err = cfg.NewRecorder(ctx, "foo", &cfg.RecorderArgs{
            RoleArn: role.Arn,
        })
        if err != nil {
            return err
        }
        _, err = iam.NewRolePolicy(ctx, "rolePolicy", &iam.RolePolicyArgs{
            Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "   {\n", "       \"Action\": \"config:Put*\",\n", "        \"Effect\": \"Allow\",\n", "          \"Resource\": \"*\"\n", "\n", "     }\n", "  ]\n", "}\n", "\n")),
            Role: role.ID(),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

rule = aws.cfg.Rule("rule", source={
    "owner": "AWS",
    "sourceIdentifier": "S3_BUCKET_VERSIONING_ENABLED",
},
opts=ResourceOptions(depends_on=["aws_config_configuration_recorder.foo"]))
role = aws.iam.Role("role", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}

""")
foo = aws.cfg.Recorder("foo", role_arn=role.arn)
role_policy = aws.iam.RolePolicy("rolePolicy",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
        "Action": "config:Put*",
        "Effect": "Allow",
        "Resource": "*"

    }
  ]
}

""",
    role=role.id)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const foo = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const rule = new aws.cfg.Rule("r", {
    source: {
        owner: "AWS",
        sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
    },
}, { dependsOn: [foo] });
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
        "Action": "config:Put*",
        "Effect": "Allow",
        "Resource": "*"

    }
  ]
}
`,
    role: role.id,
});

Custom Rules

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleRecorder = new Aws.Cfg.Recorder("exampleRecorder", new Aws.Cfg.RecorderArgs
        {
        });
        var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
        {
        });
        var examplePermission = new Aws.Lambda.Permission("examplePermission", new Aws.Lambda.PermissionArgs
        {
            Action = "lambda:InvokeFunction",
            Function = exampleFunction.Arn,
            Principal = "config.amazonaws.com",
        });
        var exampleRule = new Aws.Cfg.Rule("exampleRule", new Aws.Cfg.RuleArgs
        {
            Source = new Aws.Cfg.Inputs.RuleSourceArgs
            {
                Owner = "CUSTOM_LAMBDA",
                SourceIdentifier = exampleFunction.Arn,
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                "aws_config_configuration_recorder.example",
                "aws_lambda_permission.example",
            },
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cfg"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/lambda"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        _, err := cfg.NewRecorder(ctx, "exampleRecorder", nil)
        if err != nil {
            return err
        }
        exampleFunction, err := lambda.NewFunction(ctx, "exampleFunction", nil)
        if err != nil {
            return err
        }
        _, err = lambda.NewPermission(ctx, "examplePermission", &lambda.PermissionArgs{
            Action:    pulumi.String("lambda:InvokeFunction"),
            Function:  exampleFunction.Arn,
            Principal: pulumi.String("config.amazonaws.com"),
        })
        if err != nil {
            return err
        }
        _, err = cfg.NewRule(ctx, "exampleRule", &cfg.RuleArgs{
            Source: &cfg.RuleSourceArgs{
                Owner:            pulumi.String("CUSTOM_LAMBDA"),
                SourceIdentifier: exampleFunction.Arn,
            },
        }, pulumi.DependsOn([]pulumi.Resource{
            "aws_config_configuration_recorder.example",
            "aws_lambda_permission.example",
        }))
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

example_recorder = aws.cfg.Recorder("exampleRecorder")
example_function = aws.lambda_.Function("exampleFunction")
example_permission = aws.lambda_.Permission("examplePermission",
    action="lambda:InvokeFunction",
    function=example_function.arn,
    principal="config.amazonaws.com")
example_rule = aws.cfg.Rule("exampleRule", source={
    "owner": "CUSTOM_LAMBDA",
    "sourceIdentifier": example_function.arn,
},
opts=ResourceOptions(depends_on=[
        "aws_config_configuration_recorder.example",
        "aws_lambda_permission.example",
    ]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRecorder = new aws.cfg.Recorder("example", {});
const exampleFunction = new aws.lambda.Function("example", {});
const examplePermission = new aws.lambda.Permission("example", {
    action: "lambda:InvokeFunction",
    function: exampleFunction.arn,
    principal: "config.amazonaws.com",
});
const exampleRule = new aws.cfg.Rule("example", {
    source: {
        owner: "CUSTOM_LAMBDA",
        sourceIdentifier: exampleFunction.arn,
    },
}, { dependsOn: [exampleRecorder, examplePermission] });

Create a Rule Resource

new Rule(name: string, args: RuleArgs, opts?: CustomResourceOptions);

def Rule(resource_name, opts=None, description=None, input_parameters=None, maximum_execution_frequency=None, name=None, scope=None, source=None, tags=None, __props__=None);

func NewRule(ctx *Context, name string, args RuleArgs, opts ...ResourceOption) (*Rule, error)

public Rule(string name, RuleArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args RuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Rule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Rule resource accepts the following input properties:

Source RuleSourceArgs: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
Description string: Description of the rule
InputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
Name string: The name of the rule
Scope RuleScopeArgs: Scope defines which resources can trigger an evaluation for the rule as documented below.
Tags Dictionary<string, string>: A map of tags to assign to the resource.

Source RuleSource: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
Description string: Description of the rule
InputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
Name string: The name of the rule
Scope RuleScope: Scope defines which resources can trigger an evaluation for the rule as documented below.
Tags map[string]string: A map of tags to assign to the resource.

source RuleSource: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
description string: Description of the rule
inputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
maximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
name string: The name of the rule
scope RuleScope: Scope defines which resources can trigger an evaluation for the rule as documented below.
tags {[key: string]: string}: A map of tags to assign to the resource.

source Dict[RuleSource]: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
description str: Description of the rule
input_parameters str: A string in JSON format that is passed to the AWS Config rule Lambda function.
maximum_execution_frequency str: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
name str: The name of the rule
scope Dict[RuleScope]: Scope defines which resources can trigger an evaluation for the rule as documented below.
tags Dict[str, str]: A map of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Rule resource produces the following output properties:

Arn string: The ARN of the config rule
Id string: The provider-assigned unique ID for this managed resource.
RuleId string: The ID of the config rule

Arn string: The ARN of the config rule
Id string: The provider-assigned unique ID for this managed resource.
RuleId string: The ID of the config rule

arn string: The ARN of the config rule
id string: The provider-assigned unique ID for this managed resource.
ruleId string: The ID of the config rule

arn str: The ARN of the config rule
id str: The provider-assigned unique ID for this managed resource.
rule_id str: The ID of the config rule

Look up an Existing Rule Resource

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RuleState, opts?: CustomResourceOptions): Rule

static get(resource_name, id, opts=None, arn=None, description=None, input_parameters=None, maximum_execution_frequency=None, name=None, rule_id=None, scope=None, source=None, tags=None, __props__=None);

func GetRule(ctx *Context, name string, id IDInput, state *RuleState, opts ...ResourceOption) (*Rule, error)

public static Rule Get(string name, Input<string> id, RuleState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The ARN of the config rule
Description string: Description of the rule
InputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
Name string: The name of the rule
RuleId string: The ID of the config rule
Scope RuleScopeArgs: Scope defines which resources can trigger an evaluation for the rule as documented below.
Source RuleSourceArgs: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
Tags Dictionary<string, string>: A map of tags to assign to the resource.

Arn string: The ARN of the config rule
Description string: Description of the rule
InputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
Name string: The name of the rule
RuleId string: The ID of the config rule
Scope RuleScope: Scope defines which resources can trigger an evaluation for the rule as documented below.
Source RuleSource: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
Tags map[string]string: A map of tags to assign to the resource.

arn string: The ARN of the config rule
description string: Description of the rule
inputParameters string: A string in JSON format that is passed to the AWS Config rule Lambda function.
maximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
name string: The name of the rule
ruleId string: The ID of the config rule
scope RuleScope: Scope defines which resources can trigger an evaluation for the rule as documented below.
source RuleSource: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
tags {[key: string]: string}: A map of tags to assign to the resource.

arn str: The ARN of the config rule
description str: Description of the rule
input_parameters str: A string in JSON format that is passed to the AWS Config rule Lambda function.
maximum_execution_frequency str: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
name str: The name of the rule
rule_id str: The ID of the config rule
scope Dict[RuleScope]: Scope defines which resources can trigger an evaluation for the rule as documented below.
source Dict[RuleSource]: Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.
tags Dict[str, str]: A map of tags to assign to the resource.

Supporting Types

RuleScope

See the input and output API doc for this type.

ComplianceResourceId string: The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for compliance_resource_types.
ComplianceResourceTypes List<string>: A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. AWS::EC2::Instance. You can only specify one type if you also specify a resource ID for compliance_resource_id. See relevant part of AWS Docs for available types.
TagKey string: The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.
TagValue string: The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

ComplianceResourceId string: The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for compliance_resource_types.
ComplianceResourceTypes []string: A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. AWS::EC2::Instance. You can only specify one type if you also specify a resource ID for compliance_resource_id. See relevant part of AWS Docs for available types.
TagKey string: The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.
TagValue string: The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

complianceResourceId string: The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for compliance_resource_types.
complianceResourceTypes string[]: A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. AWS::EC2::Instance. You can only specify one type if you also specify a resource ID for compliance_resource_id. See relevant part of AWS Docs for available types.
tagKey string: The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.
tagValue string: The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

complianceResourceId str: The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for compliance_resource_types.
complianceResourceTypes List[str]: A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. AWS::EC2::Instance. You can only specify one type if you also specify a resource ID for compliance_resource_id. See relevant part of AWS Docs for available types.
tagKey str: The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.
tagValue str: The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

RuleSource

See the input and output API doc for this type.

Owner string: Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are AWS or CUSTOM_LAMBDA. For more information about managed rules, see the AWS Config Managed Rules documentation. For more information about custom rules, see the AWS Config Custom Rules documentation. Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the aws.lambda.Permission resource.
SourceIdentifier string: For AWS Config managed rules, a predefined identifier, e.g IAM_PASSWORD_POLICY. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name or the arn attribute of the aws.lambda.Function resource.
SourceDetails List<RuleSourceSourceDetailArgs>: Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if owner is CUSTOM_LAMBDA.

Owner string: Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are AWS or CUSTOM_LAMBDA. For more information about managed rules, see the AWS Config Managed Rules documentation. For more information about custom rules, see the AWS Config Custom Rules documentation. Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the aws.lambda.Permission resource.
SourceIdentifier string: For AWS Config managed rules, a predefined identifier, e.g IAM_PASSWORD_POLICY. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name or the arn attribute of the aws.lambda.Function resource.
SourceDetails []RuleSourceSourceDetail: Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if owner is CUSTOM_LAMBDA.

owner string: Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are AWS or CUSTOM_LAMBDA. For more information about managed rules, see the AWS Config Managed Rules documentation. For more information about custom rules, see the AWS Config Custom Rules documentation. Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the aws.lambda.Permission resource.
sourceIdentifier string: For AWS Config managed rules, a predefined identifier, e.g IAM_PASSWORD_POLICY. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name or the arn attribute of the aws.lambda.Function resource.
sourceDetails RuleSourceSourceDetail[]: Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if owner is CUSTOM_LAMBDA.

owner str: Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are AWS or CUSTOM_LAMBDA. For more information about managed rules, see the AWS Config Managed Rules documentation. For more information about custom rules, see the AWS Config Custom Rules documentation. Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the aws.lambda.Permission resource.
sourceIdentifier str: For AWS Config managed rules, a predefined identifier, e.g IAM_PASSWORD_POLICY. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name or the arn attribute of the aws.lambda.Function resource.
sourceDetails List[RuleSourceSourceDetail]: Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if owner is CUSTOM_LAMBDA.

RuleSourceSourceDetail

See the input and output API doc for this type.

EventSource string: The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to aws.config and is the only valid value.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
MessageType string: The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:

EventSource string: The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to aws.config and is the only valid value.
MaximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
MessageType string: The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:

eventSource string: The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to aws.config and is the only valid value.
maximumExecutionFrequency string: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
messageType string: The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:

eventSource str: The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to aws.config and is the only valid value.
maximum_execution_frequency str: The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.
messageType str: The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Rule

Example Usage

AWS Managed Rules

Custom Rules

Create a Rule Resource

Rule Resource Properties

Inputs

Outputs

Look up an Existing Rule Resource

Supporting Types

RuleScope

RuleSource

RuleSourceSourceDetail

Package Details

On This Page