1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. cfg

Module cfg

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Others

Resources

Resource AggregateAuthorization

class AggregateAuthorization extends CustomResource

Manages an AWS Config Aggregate Authorization

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cfg.AggregateAuthorization("example", {
    accountId: "123456789012",
    region: "eu-west-2",
});

constructor

new AggregateAuthorization(name: string, args: AggregateAuthorizationArgs, opts?: pulumi.CustomResourceOptions)

Create a AggregateAuthorization resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AggregateAuthorizationState, opts?: pulumi.CustomResourceOptions): AggregateAuthorization

Get an existing AggregateAuthorization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AggregateAuthorization

Returns true if the given object is an instance of AggregateAuthorization. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

Account ID

property arn

public arn: pulumi.Output<string>;

The ARN of the authorization

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property region

public region: pulumi.Output<string>;

Region

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ConfigurationAggregator

class ConfigurationAggregator extends CustomResource

Manages an AWS Config Configuration Aggregator

Example Usage

Account Based Aggregation
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.cfg.ConfigurationAggregator("account", {
    accountAggregationSource: {
        accountIds: ["123456789012"],
        regions: ["us-west-2"],
    },
});
Organization Based Aggregation
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const organizationRole = new aws.iam.Role("organization", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`,
});
const organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("organization", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
    role: organizationRole.name,
});
const organizationConfigurationAggregator = new aws.cfg.ConfigurationAggregator("organization", {
    organizationAggregationSource: {
        allRegions: true,
        roleArn: organizationRole.arn,
    },
}, { dependsOn: [organizationRolePolicyAttachment] });

constructor

new ConfigurationAggregator(name: string, args?: ConfigurationAggregatorArgs, opts?: pulumi.CustomResourceOptions)

Create a ConfigurationAggregator resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ConfigurationAggregatorState, opts?: pulumi.CustomResourceOptions): ConfigurationAggregator

Get an existing ConfigurationAggregator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ConfigurationAggregator

Returns true if the given object is an instance of ConfigurationAggregator. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountAggregationSource

public accountAggregationSource: pulumi.Output<ConfigurationAggregatorAccountAggregationSource | undefined>;

The account(s) to aggregate config data from as documented below.

property arn

public arn: pulumi.Output<string>;

The ARN of the aggregator

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the configuration aggregator.

property organizationAggregationSource

public organizationAggregationSource: pulumi.Output<ConfigurationAggregatorOrganizationAggregationSource | undefined>;

The organization to aggregate config data from as documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DeliveryChannel

class DeliveryChannel extends CustomResource

Provides an AWS Config Delivery Channel.

Note: Delivery Channel requires a Configuration Recorder to be present. Use of dependsOn (as shown below) is recommended to avoid race conditions.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {
    forceDestroy: true,
});
const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const fooRecorder = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const fooDeliveryChannel = new aws.cfg.DeliveryChannel("foo", {
    s3BucketName: bucket.bucket,
}, { dependsOn: [fooRecorder] });
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}",
        "${bucket.arn}/*"
      ]
    }
  ]
}
`,
    role: role.id,
});

constructor

new DeliveryChannel(name: string, args: DeliveryChannelArgs, opts?: pulumi.CustomResourceOptions)

Create a DeliveryChannel resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DeliveryChannelState, opts?: pulumi.CustomResourceOptions): DeliveryChannel

Get an existing DeliveryChannel resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DeliveryChannel

Returns true if the given object is an instance of DeliveryChannel. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

public s3BucketName: pulumi.Output<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

public s3KeyPrefix: pulumi.Output<string | undefined>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

public snapshotDeliveryProperties: pulumi.Output<DeliveryChannelSnapshotDeliveryProperties | undefined>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

public snsTopicArn: pulumi.Output<string | undefined>;

The ARN of the SNS topic that AWS Config delivers notifications to.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrganizationCustomRule

class OrganizationCustomRule extends CustomResource

Manages a Config Organization Custom Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule resource.

NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the excludedAccounts argument.

NOTE: The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the aws.lambda.Permission resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const examplePermission = new aws.lambda.Permission("example", {
    action: "lambda:InvokeFunction",
    function: aws_lambda_function_example.arn,
    principal: "config.amazonaws.com",
});
const exampleOrganization = new aws.organizations.Organization("example", {
    awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
    featureSet: "ALL",
});
const exampleOrganizationCustomRule = new aws.cfg.OrganizationCustomRule("example", {
    lambdaFunctionArn: aws_lambda_function_example.arn,
    triggerTypes: ["ConfigurationItemChangeNotification"],
}, { dependsOn: [examplePermission, exampleOrganization] });

constructor

new OrganizationCustomRule(name: string, args: OrganizationCustomRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationCustomRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationCustomRuleState, opts?: pulumi.CustomResourceOptions): OrganizationCustomRule

Get an existing OrganizationCustomRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrganizationCustomRule

Returns true if the given object is an instance of OrganizationCustomRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the rule

property description

public description: pulumi.Output<string | undefined>;

Description of the rule

property excludedAccounts

public excludedAccounts: pulumi.Output<string[] | undefined>;

List of AWS account identifiers to exclude from the rule

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property inputParameters

public inputParameters: pulumi.Output<string | undefined>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property lambdaFunctionArn

public lambdaFunctionArn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the rule Lambda Function

property maximumExecutionFrequency

public maximumExecutionFrequency: pulumi.Output<string | undefined>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

public name: pulumi.Output<string>;

The name of the rule

property resourceIdScope

public resourceIdScope: pulumi.Output<string | undefined>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

public resourceTypesScopes: pulumi.Output<string[] | undefined>;

List of types of AWS resources to evaluate

property tagKeyScope

public tagKeyScope: pulumi.Output<string | undefined>;

Tag key of AWS resources to evaluate

property tagValueScope

public tagValueScope: pulumi.Output<string | undefined>;

Tag value of AWS resources to evaluate

property triggerTypes

public triggerTypes: pulumi.Output<string[]>;

List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: ConfigurationItemChangeNotification, OversizedConfigurationItemChangeNotification, and ScheduledNotification

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource OrganizationManagedRule

class OrganizationManagedRule extends CustomResource

Manages a Config Organization Managed Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the aws.cfg.OrganizationCustomRule resource.

NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the excludedAccounts argument.

NOTE: Every Organization account except those configured in the excludedAccounts argument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also the aws.cfg.Recorder resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleOrganization = new aws.organizations.Organization("example", {
    awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
    featureSet: "ALL",
});
const exampleOrganizationManagedRule = new aws.cfg.OrganizationManagedRule("example", {
    ruleIdentifier: "IAM_PASSWORD_POLICY",
}, { dependsOn: [exampleOrganization] });

constructor

new OrganizationManagedRule(name: string, args: OrganizationManagedRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a OrganizationManagedRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OrganizationManagedRuleState, opts?: pulumi.CustomResourceOptions): OrganizationManagedRule

Get an existing OrganizationManagedRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is OrganizationManagedRule

Returns true if the given object is an instance of OrganizationManagedRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the rule

property description

public description: pulumi.Output<string | undefined>;

Description of the rule

property excludedAccounts

public excludedAccounts: pulumi.Output<string[] | undefined>;

List of AWS account identifiers to exclude from the rule

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property inputParameters

public inputParameters: pulumi.Output<string | undefined>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property maximumExecutionFrequency

public maximumExecutionFrequency: pulumi.Output<string | undefined>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

public name: pulumi.Output<string>;

The name of the rule

property resourceIdScope

public resourceIdScope: pulumi.Output<string | undefined>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

public resourceTypesScopes: pulumi.Output<string[] | undefined>;

List of types of AWS resources to evaluate

property ruleIdentifier

public ruleIdentifier: pulumi.Output<string>;

Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation

property tagKeyScope

public tagKeyScope: pulumi.Output<string | undefined>;

Tag key of AWS resources to evaluate

property tagValueScope

public tagValueScope: pulumi.Output<string | undefined>;

Tag value of AWS resources to evaluate

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Recorder

class Recorder extends CustomResource

Provides an AWS Config Configuration Recorder. Please note that this resource does not start the created recorder automatically.

Note: Starting the Configuration Recorder requires a delivery channel (while delivery channel creation requires Configuration Recorder). This is why aws.cfg.RecorderStatus is a separate resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const foo = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});

constructor

new Recorder(name: string, args: RecorderArgs, opts?: pulumi.CustomResourceOptions)

Create a Recorder resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RecorderState, opts?: pulumi.CustomResourceOptions): Recorder

Get an existing Recorder resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Recorder

Returns true if the given object is an instance of Recorder. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

public recordingGroup: pulumi.Output<RecorderRecordingGroup>;

Recording group - see below.

property roleArn

public roleArn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RecorderStatus

class RecorderStatus extends CustomResource

Manages status (recording / stopped) of an AWS Config Configuration Recorder.

Note: Starting Configuration Recorder requires a Delivery Channel to be present. Use of dependsOn (as shown below) is recommended to avoid race conditions.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("b", {});
const fooDeliveryChannel = new aws.cfg.DeliveryChannel("foo", {
    s3BucketName: bucket.bucket,
});
const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const fooRecorder = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const fooRecorderStatus = new aws.cfg.RecorderStatus("foo", {
    isEnabled: true,
}, { dependsOn: [fooDeliveryChannel] });
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("a", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
    role: role.name,
});
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}",
        "${bucket.arn}/*"
      ]
    }
  ]
}
`,
    role: role.id,
});

constructor

new RecorderStatus(name: string, args: RecorderStatusArgs, opts?: pulumi.CustomResourceOptions)

Create a RecorderStatus resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RecorderStatusState, opts?: pulumi.CustomResourceOptions): RecorderStatus

Get an existing RecorderStatus resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RecorderStatus

Returns true if the given object is an instance of RecorderStatus. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property isEnabled

public isEnabled: pulumi.Output<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

public name: pulumi.Output<string>;

The name of the recorder

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Rule

class Rule extends CustomResource

Provides an AWS Config Rule.

Note: Config Rule requires an existing Configuration Recorder to be present. Use of dependsOn is recommended (as shown below) to avoid race conditions.

Example Usage

AWS Managed Rules
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const foo = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const rule = new aws.cfg.Rule("r", {
    source: {
        owner: "AWS",
        sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
    },
}, { dependsOn: [foo] });
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
  	{
  		"Action": "config:Put*",
  		"Effect": "Allow",
  		"Resource": "*"

  	}
  ]
}
`,
    role: role.id,
});
Custom Rules
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRecorder = new aws.cfg.Recorder("example", {});
const exampleFunction = new aws.lambda.Function("example", {});
const examplePermission = new aws.lambda.Permission("example", {
    action: "lambda:InvokeFunction",
    function: exampleFunction.arn,
    principal: "config.amazonaws.com",
});
const exampleRule = new aws.cfg.Rule("example", {
    source: {
        owner: "CUSTOM_LAMBDA",
        sourceIdentifier: exampleFunction.arn,
    },
}, { dependsOn: [exampleRecorder, examplePermission] });

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Rule

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the config rule

property description

public description: pulumi.Output<string | undefined>;

Description of the rule

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property inputParameters

public inputParameters: pulumi.Output<string | undefined>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

public maximumExecutionFrequency: pulumi.Output<string | undefined>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

public name: pulumi.Output<string>;

The name of the rule

property ruleId

public ruleId: pulumi.Output<string>;

The ID of the config rule

property scope

public scope: pulumi.Output<RuleScope | undefined>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

public source: pulumi.Output<RuleSource>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Others

interface AggregateAuthorizationArgs

interface AggregateAuthorizationArgs

The set of arguments for constructing a AggregateAuthorization resource.

property accountId

accountId: pulumi.Input<string>;

Account ID

property region

region: pulumi.Input<string>;

Region

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface AggregateAuthorizationState

interface AggregateAuthorizationState

Input properties used for looking up and filtering AggregateAuthorization resources.

property accountId

accountId?: pulumi.Input<string>;

Account ID

property arn

arn?: pulumi.Input<string>;

The ARN of the authorization

property region

region?: pulumi.Input<string>;

Region

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface ConfigurationAggregatorArgs

interface ConfigurationAggregatorArgs

The set of arguments for constructing a ConfigurationAggregator resource.

property accountAggregationSource

accountAggregationSource?: pulumi.Input<ConfigurationAggregatorAccountAggregationSource>;

The account(s) to aggregate config data from as documented below.

property name

name?: pulumi.Input<string>;

The name of the configuration aggregator.

property organizationAggregationSource

organizationAggregationSource?: pulumi.Input<ConfigurationAggregatorOrganizationAggregationSource>;

The organization to aggregate config data from as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface ConfigurationAggregatorState

interface ConfigurationAggregatorState

Input properties used for looking up and filtering ConfigurationAggregator resources.

property accountAggregationSource

accountAggregationSource?: pulumi.Input<ConfigurationAggregatorAccountAggregationSource>;

The account(s) to aggregate config data from as documented below.

property arn

arn?: pulumi.Input<string>;

The ARN of the aggregator

property name

name?: pulumi.Input<string>;

The name of the configuration aggregator.

property organizationAggregationSource

organizationAggregationSource?: pulumi.Input<ConfigurationAggregatorOrganizationAggregationSource>;

The organization to aggregate config data from as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface DeliveryChannelArgs

interface DeliveryChannelArgs

The set of arguments for constructing a DeliveryChannel resource.

property name

name?: pulumi.Input<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

s3BucketName: pulumi.Input<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

snapshotDeliveryProperties?: pulumi.Input<DeliveryChannelSnapshotDeliveryProperties>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

snsTopicArn?: pulumi.Input<string>;

The ARN of the SNS topic that AWS Config delivers notifications to.

interface DeliveryChannelState

interface DeliveryChannelState

Input properties used for looking up and filtering DeliveryChannel resources.

property name

name?: pulumi.Input<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

s3BucketName?: pulumi.Input<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

snapshotDeliveryProperties?: pulumi.Input<DeliveryChannelSnapshotDeliveryProperties>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

snsTopicArn?: pulumi.Input<string>;

The ARN of the SNS topic that AWS Config delivers notifications to.

interface OrganizationCustomRuleArgs

interface OrganizationCustomRuleArgs

The set of arguments for constructing a OrganizationCustomRule resource.

property description

description?: pulumi.Input<string>;

Description of the rule

property excludedAccounts

excludedAccounts?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS account identifiers to exclude from the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property lambdaFunctionArn

lambdaFunctionArn: pulumi.Input<string>;

Amazon Resource Name (ARN) of the rule Lambda Function

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

name?: pulumi.Input<string>;

The name of the rule

property resourceIdScope

resourceIdScope?: pulumi.Input<string>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

resourceTypesScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of types of AWS resources to evaluate

property tagKeyScope

tagKeyScope?: pulumi.Input<string>;

Tag key of AWS resources to evaluate

property tagValueScope

tagValueScope?: pulumi.Input<string>;

Tag value of AWS resources to evaluate

property triggerTypes

triggerTypes: pulumi.Input<pulumi.Input<string>[]>;

List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: ConfigurationItemChangeNotification, OversizedConfigurationItemChangeNotification, and ScheduledNotification

interface OrganizationCustomRuleState

interface OrganizationCustomRuleState

Input properties used for looking up and filtering OrganizationCustomRule resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the rule

property description

description?: pulumi.Input<string>;

Description of the rule

property excludedAccounts

excludedAccounts?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS account identifiers to exclude from the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property lambdaFunctionArn

lambdaFunctionArn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the rule Lambda Function

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

name?: pulumi.Input<string>;

The name of the rule

property resourceIdScope

resourceIdScope?: pulumi.Input<string>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

resourceTypesScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of types of AWS resources to evaluate

property tagKeyScope

tagKeyScope?: pulumi.Input<string>;

Tag key of AWS resources to evaluate

property tagValueScope

tagValueScope?: pulumi.Input<string>;

Tag value of AWS resources to evaluate

property triggerTypes

triggerTypes?: pulumi.Input<pulumi.Input<string>[]>;

List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: ConfigurationItemChangeNotification, OversizedConfigurationItemChangeNotification, and ScheduledNotification

interface OrganizationManagedRuleArgs

interface OrganizationManagedRuleArgs

The set of arguments for constructing a OrganizationManagedRule resource.

property description

description?: pulumi.Input<string>;

Description of the rule

property excludedAccounts

excludedAccounts?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS account identifiers to exclude from the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

name?: pulumi.Input<string>;

The name of the rule

property resourceIdScope

resourceIdScope?: pulumi.Input<string>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

resourceTypesScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of types of AWS resources to evaluate

property ruleIdentifier

ruleIdentifier: pulumi.Input<string>;

Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation

property tagKeyScope

tagKeyScope?: pulumi.Input<string>;

Tag key of AWS resources to evaluate

property tagValueScope

tagValueScope?: pulumi.Input<string>;

Tag value of AWS resources to evaluate

interface OrganizationManagedRuleState

interface OrganizationManagedRuleState

Input properties used for looking up and filtering OrganizationManagedRule resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the rule

property description

description?: pulumi.Input<string>;

Description of the rule

property excludedAccounts

excludedAccounts?: pulumi.Input<pulumi.Input<string>[]>;

List of AWS account identifiers to exclude from the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config Rule Lambda Function

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours for periodic frequency triggered rules. Valid values: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours.

property name

name?: pulumi.Input<string>;

The name of the rule

property resourceIdScope

resourceIdScope?: pulumi.Input<string>;

Identifier of the AWS resource to evaluate

property resourceTypesScopes

resourceTypesScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of types of AWS resources to evaluate

property ruleIdentifier

ruleIdentifier?: pulumi.Input<string>;

Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentation

property tagKeyScope

tagKeyScope?: pulumi.Input<string>;

Tag key of AWS resources to evaluate

property tagValueScope

tagValueScope?: pulumi.Input<string>;

Tag value of AWS resources to evaluate

interface RecorderArgs

interface RecorderArgs

The set of arguments for constructing a Recorder resource.

property name

name?: pulumi.Input<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

recordingGroup?: pulumi.Input<RecorderRecordingGroup>;

Recording group - see below.

property roleArn

roleArn: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

interface RecorderState

interface RecorderState

Input properties used for looking up and filtering Recorder resources.

property name

name?: pulumi.Input<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

recordingGroup?: pulumi.Input<RecorderRecordingGroup>;

Recording group - see below.

property roleArn

roleArn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

interface RecorderStatusArgs

interface RecorderStatusArgs

The set of arguments for constructing a RecorderStatus resource.

property isEnabled

isEnabled: pulumi.Input<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

name?: pulumi.Input<string>;

The name of the recorder

interface RecorderStatusState

interface RecorderStatusState

Input properties used for looking up and filtering RecorderStatus resources.

property isEnabled

isEnabled?: pulumi.Input<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

name?: pulumi.Input<string>;

The name of the recorder

interface RuleArgs

interface RuleArgs

The set of arguments for constructing a Rule resource.

property description

description?: pulumi.Input<string>;

Description of the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

name?: pulumi.Input<string>;

The name of the rule

property scope

scope?: pulumi.Input<RuleScope>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

source: pulumi.Input<RuleSource>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface RuleState

interface RuleState

Input properties used for looking up and filtering Rule resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the config rule

property description

description?: pulumi.Input<string>;

Description of the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

name?: pulumi.Input<string>;

The name of the rule

property ruleId

ruleId?: pulumi.Input<string>;

The ID of the config rule

property scope

scope?: pulumi.Input<RuleScope>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

source?: pulumi.Input<RuleSource>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.