Class Rule

Provides an AWS Config Rule.

Note: Config Rule requires an existing Configuration Recorder to be present. Use of depends_on is recommended (as shown below) to avoid race conditions.

Example Usage

AWS Managed Rules

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var rule = new Aws.Cfg.Rule("rule", new Aws.Cfg.RuleArgs
    {
        Source = new Aws.Cfg.Inputs.RuleSourceArgs
        {
            Owner = "AWS",
            SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
        },
    });
    var role = new Aws.Iam.Role("role", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": ""sts:AssumeRole"",
  ""Principal"": {
    ""Service"": ""config.amazonaws.com""
  },
  ""Effect"": ""Allow"",
  ""Sid"": """"
}
]
}

",
    });
    var foo = new Aws.Cfg.Recorder("foo", new Aws.Cfg.RecorderArgs
    {
        RoleArn = role.Arn,
    });
    var rolePolicy = new Aws.Iam.RolePolicy("rolePolicy", new Aws.Iam.RolePolicyArgs
    {
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""config:Put*"",
""Effect"": ""Allow"",
""Resource"": ""*""

}
]
}

",
        Role = role.Id,
    });
}

}

Custom Rules

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleRecorder = new Aws.Cfg.Recorder("exampleRecorder", new Aws.Cfg.RecorderArgs
    {
    });
    var exampleFunction = new Aws.Lambda.Function("exampleFunction", new Aws.Lambda.FunctionArgs
    {
    });
    var examplePermission = new Aws.Lambda.Permission("examplePermission", new Aws.Lambda.PermissionArgs
    {
        Action = "lambda:InvokeFunction",
        Function = exampleFunction.Arn,
        Principal = "config.amazonaws.com",
    });
    var exampleRule = new Aws.Cfg.Rule("exampleRule", new Aws.Cfg.RuleArgs
    {
        Source = new Aws.Cfg.Inputs.RuleSourceArgs
        {
            Owner = "CUSTOM_LAMBDA",
            SourceIdentifier = exampleFunction.Arn,
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
Rule
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Cfg
Assembly: Pulumi.Aws.dll
Syntax
public class Rule : CustomResource

Constructors

View Source

Rule(String, RuleArgs, CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

Declaration
public Rule(string name, RuleArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
RuleArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

The ARN of the config rule

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

Description

Description of the rule

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

InputParameters

A string in JSON format that is passed to the AWS Config rule Lambda function.

Declaration
public Output<string> InputParameters { get; }
Property Value
Type Description
Output<System.String>
View Source

MaximumExecutionFrequency

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires message_type to be ScheduledNotification.

Declaration
public Output<string> MaximumExecutionFrequency { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

The name of the rule

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

RuleId

The ID of the config rule

Declaration
public Output<string> RuleId { get; }
Property Value
Type Description
Output<System.String>
View Source

Scope

Scope defines which resources can trigger an evaluation for the rule as documented below.

Declaration
public Output<RuleScope> Scope { get; }
Property Value
Type Description
Output<RuleScope>
View Source

Source

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

Declaration
public Output<RuleSource> Source { get; }
Property Value
Type Description
Output<RuleSource>
View Source

Tags

A map of tags to assign to the resource.

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>

Methods

View Source

Get(String, Input<String>, RuleState, CustomResourceOptions)

Get an existing Rule resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Rule Get(string name, Input<string> id, RuleState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
RuleState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Rule