Class OrganizationManagedRule

Manages a Config Organization Managed Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the aws.cfg.OrganizationCustomRule resource.

NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the excluded_accounts argument.

NOTE: Every Organization account except those configured in the excluded_accounts argument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also the aws.cfg.Recorder resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleOrganization = new Aws.Organizations.Organization("exampleOrganization", new Aws.Organizations.OrganizationArgs
    {
        AwsServiceAccessPrincipals = 
        {
            "config-multiaccountsetup.amazonaws.com",
        },
        FeatureSet = "ALL",
    });
    var exampleOrganizationManagedRule = new Aws.Cfg.OrganizationManagedRule("exampleOrganizationManagedRule", new Aws.Cfg.OrganizationManagedRuleArgs
    {
        RuleIdentifier = "IAM_PASSWORD_POLICY",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
OrganizationManagedRule
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Cfg
Assembly: Pulumi.Aws.dll
Syntax
public class OrganizationManagedRule : CustomResource

Constructors

View Source

OrganizationManagedRule(String, OrganizationManagedRuleArgs, CustomResourceOptions)

Create a OrganizationManagedRule resource with the given unique name, arguments, and options.

Declaration
public OrganizationManagedRule(string name, OrganizationManagedRuleArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
OrganizationManagedRuleArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

Amazon Resource Name (ARN) of the rule

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

Description

Description of the rule

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

ExcludedAccounts

List of AWS account identifiers to exclude from the rule

Declaration
public Output<ImmutableArray<string>> ExcludedAccounts { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

InputParameters

A string in JSON format that is passed to the AWS Config Rule Lambda Function

Declaration
public Output<string> InputParameters { get; }
Property Value
Type Description
Output<System.String>
View Source

MaximumExecutionFrequency

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

Declaration
public Output<string> MaximumExecutionFrequency { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

The name of the rule

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

ResourceIdScope

Identifier of the AWS resource to evaluate

Declaration
public Output<string> ResourceIdScope { get; }
Property Value
Type Description
Output<System.String>
View Source

ResourceTypesScopes

List of types of AWS resources to evaluate

Declaration
public Output<ImmutableArray<string>> ResourceTypesScopes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

RuleIdentifier

Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation

Declaration
public Output<string> RuleIdentifier { get; }
Property Value
Type Description
Output<System.String>
View Source

TagKeyScope

Tag key of AWS resources to evaluate

Declaration
public Output<string> TagKeyScope { get; }
Property Value
Type Description
Output<System.String>
View Source

TagValueScope

Tag value of AWS resources to evaluate

Declaration
public Output<string> TagValueScope { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, OrganizationManagedRuleState, CustomResourceOptions)

Get an existing OrganizationManagedRule resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static OrganizationManagedRule Get(string name, Input<string> id, OrganizationManagedRuleState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
OrganizationManagedRuleState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
OrganizationManagedRule