Class OrganizationCustomRule
Manages a Config Organization Custom Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule resource.
NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the
excluded_accountsargument.
NOTE: The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the
aws.lambda.Permissionresource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var examplePermission = new Aws.Lambda.Permission("examplePermission", new Aws.Lambda.PermissionArgs
{
Action = "lambda:InvokeFunction",
Function = aws_lambda_function.Example.Arn,
Principal = "config.amazonaws.com",
});
var exampleOrganization = new Aws.Organizations.Organization("exampleOrganization", new Aws.Organizations.OrganizationArgs
{
AwsServiceAccessPrincipals =
{
"config-multiaccountsetup.amazonaws.com",
},
FeatureSet = "ALL",
});
var exampleOrganizationCustomRule = new Aws.Cfg.OrganizationCustomRule("exampleOrganizationCustomRule", new Aws.Cfg.OrganizationCustomRuleArgs
{
LambdaFunctionArn = aws_lambda_function.Example.Arn,
TriggerTypes =
{
"ConfigurationItemChangeNotification",
},
});
}
}
Inherited Members
Namespace: Pulumi.Aws.Cfg
Assembly: Pulumi.Aws.dll
Syntax
public class OrganizationCustomRule : CustomResourceConstructors
View SourceOrganizationCustomRule(String, OrganizationCustomRuleArgs, CustomResourceOptions)
Create a OrganizationCustomRule resource with the given unique name, arguments, and options.
Declaration
public OrganizationCustomRule(string name, OrganizationCustomRuleArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| OrganizationCustomRuleArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceArn
Amazon Resource Name (ARN) of the rule
Declaration
public Output<string> Arn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Description
Description of the rule
Declaration
public Output<string> Description { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ExcludedAccounts
List of AWS account identifiers to exclude from the rule
Declaration
public Output<ImmutableArray<string>> ExcludedAccounts { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
InputParameters
A string in JSON format that is passed to the AWS Config Rule Lambda Function
Declaration
public Output<string> InputParameters { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
LambdaFunctionArn
Amazon Resource Name (ARN) of the rule Lambda Function
Declaration
public Output<string> LambdaFunctionArn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
MaximumExecutionFrequency
The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.
Declaration
public Output<string> MaximumExecutionFrequency { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Name
The name of the rule
Declaration
public Output<string> Name { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ResourceIdScope
Identifier of the AWS resource to evaluate
Declaration
public Output<string> ResourceIdScope { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ResourceTypesScopes
List of types of AWS resources to evaluate
Declaration
public Output<ImmutableArray<string>> ResourceTypesScopes { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
TagKeyScope
Tag key of AWS resources to evaluate
Declaration
public Output<string> TagKeyScope { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
TagValueScope
Tag value of AWS resources to evaluate
Declaration
public Output<string> TagValueScope { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
TriggerTypes
List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: ConfigurationItemChangeNotification, OversizedConfigurationItemChangeNotification, and ScheduledNotification
Declaration
public Output<ImmutableArray<string>> TriggerTypes { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<System.String>> |
Methods
View SourceGet(String, Input<String>, OrganizationCustomRuleState, CustomResourceOptions)
Get an existing OrganizationCustomRule resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static OrganizationCustomRule Get(string name, Input<string> id, OrganizationCustomRuleState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| OrganizationCustomRuleState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| OrganizationCustomRule |