AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.cloudformation.GuardHook

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Create GuardHook Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GuardHook(name: string, args: GuardHookArgs, opts?: CustomResourceOptions);

@overload
def GuardHook(resource_name: str,
              args: GuardHookArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def GuardHook(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              alias: Optional[str] = None,
              execution_role: Optional[str] = None,
              failure_mode: Optional[GuardHookFailureMode] = None,
              hook_status: Optional[GuardHookHookStatus] = None,
              rule_location: Optional[GuardHookS3LocationArgs] = None,
              target_operations: Optional[Sequence[GuardHookTargetOperation]] = None,
              log_bucket: Optional[str] = None,
              options: Optional[OptionsPropertiesArgs] = None,
              stack_filters: Optional[StackFiltersPropertiesArgs] = None,
              target_filters: Optional[Union[TargetFilters0PropertiesArgs, TargetFilters1PropertiesArgs]] = None)

func NewGuardHook(ctx *Context, name string, args GuardHookArgs, opts ...ResourceOption) (*GuardHook, error)

public GuardHook(string name, GuardHookArgs args, CustomResourceOptions? opts = null)

public GuardHook(String name, GuardHookArgs args)
public GuardHook(String name, GuardHookArgs args, CustomResourceOptions options)

type: aws-native:cloudformation:GuardHook
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GuardHookArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GuardHookArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GuardHookArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GuardHookArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GuardHookArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

GuardHook Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GuardHook resource accepts the following input properties:

Alias string: The typename alias for the hook.
ExecutionRole string: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
FailureMode Pulumi.AwsNative.CloudFormation.GuardHookFailureMode: Attribute to specify CloudFormation behavior on hook failure.
HookStatus Pulumi.AwsNative.CloudFormation.GuardHookHookStatus: Attribute to specify which stacks this hook applies to or should get invoked for
RuleLocation Pulumi.AwsNative.CloudFormation.Inputs.GuardHookS3Location: Specifies the S3 location of your Guard rules.
TargetOperations List<Pulumi.AwsNative.CloudFormation.GuardHookTargetOperation>: Which operations should this Hook run against? Resource changes, stacks or change sets.
LogBucket string: S3 Bucket where the guard validate report will be uploaded to
Options Pulumi.AwsNative.CloudFormation.Inputs.OptionsProperties: Specifies the S3 location of your input parameters.
StackFilters Pulumi.AwsNative.CloudFormation.Inputs.StackFiltersProperties: Filters to allow hooks to target specific stack attributes
TargetFilters Pulumi.AwsNative.CloudFormation.Inputs.TargetFilters0Properties | Pulumi.AwsNative.CloudFormation.Inputs.TargetFilters1Properties: Attribute to specify which targets should invoke the hook

Alias string: The typename alias for the hook.
ExecutionRole string: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
FailureMode GuardHookFailureMode: Attribute to specify CloudFormation behavior on hook failure.
HookStatus GuardHookHookStatus: Attribute to specify which stacks this hook applies to or should get invoked for
RuleLocation GuardHookS3LocationArgs: Specifies the S3 location of your Guard rules.
TargetOperations []GuardHookTargetOperation: Which operations should this Hook run against? Resource changes, stacks or change sets.
LogBucket string: S3 Bucket where the guard validate report will be uploaded to
Options OptionsPropertiesArgs: Specifies the S3 location of your input parameters.
StackFilters StackFiltersPropertiesArgs: Filters to allow hooks to target specific stack attributes
TargetFilters TargetFilters0PropertiesArgs | TargetFilters1PropertiesArgs: Attribute to specify which targets should invoke the hook

alias String: The typename alias for the hook.
executionRole String: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
failureMode GuardHookFailureMode: Attribute to specify CloudFormation behavior on hook failure.
hookStatus GuardHookHookStatus: Attribute to specify which stacks this hook applies to or should get invoked for
ruleLocation GuardHookS3Location: Specifies the S3 location of your Guard rules.
targetOperations List<GuardHookTargetOperation>: Which operations should this Hook run against? Resource changes, stacks or change sets.
logBucket String: S3 Bucket where the guard validate report will be uploaded to
options OptionsProperties: Specifies the S3 location of your input parameters.
stackFilters StackFiltersProperties: Filters to allow hooks to target specific stack attributes
targetFilters TargetFilters0Properties | TargetFilters1Properties: Attribute to specify which targets should invoke the hook

alias string: The typename alias for the hook.
executionRole string: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
failureMode GuardHookFailureMode: Attribute to specify CloudFormation behavior on hook failure.
hookStatus GuardHookHookStatus: Attribute to specify which stacks this hook applies to or should get invoked for
ruleLocation GuardHookS3Location: Specifies the S3 location of your Guard rules.
targetOperations GuardHookTargetOperation[]: Which operations should this Hook run against? Resource changes, stacks or change sets.
logBucket string: S3 Bucket where the guard validate report will be uploaded to
options OptionsProperties: Specifies the S3 location of your input parameters.
stackFilters StackFiltersProperties: Filters to allow hooks to target specific stack attributes
targetFilters TargetFilters0Properties | TargetFilters1Properties: Attribute to specify which targets should invoke the hook

alias str: The typename alias for the hook.
execution_role str: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
failure_mode GuardHookFailureMode: Attribute to specify CloudFormation behavior on hook failure.
hook_status GuardHookHookStatus: Attribute to specify which stacks this hook applies to or should get invoked for
rule_location GuardHookS3LocationArgs: Specifies the S3 location of your Guard rules.
target_operations Sequence[GuardHookTargetOperation]: Which operations should this Hook run against? Resource changes, stacks or change sets.
log_bucket str: S3 Bucket where the guard validate report will be uploaded to
options OptionsPropertiesArgs: Specifies the S3 location of your input parameters.
stack_filters StackFiltersPropertiesArgs: Filters to allow hooks to target specific stack attributes
target_filters TargetFilters0PropertiesArgs | TargetFilters1PropertiesArgs: Attribute to specify which targets should invoke the hook

alias String: The typename alias for the hook.
executionRole String: The execution role ARN assumed by hooks to read Guard rules from S3 and write Guard outputs to S3.
failureMode "FAIL" | "WARN": Attribute to specify CloudFormation behavior on hook failure.
hookStatus "ENABLED" | "DISABLED": Attribute to specify which stacks this hook applies to or should get invoked for
ruleLocation Property Map: Specifies the S3 location of your Guard rules.
targetOperations List<"RESOURCE" | "STACK" | "CHANGE_SET" | "CLOUD_CONTROL">: Which operations should this Hook run against? Resource changes, stacks or change sets.
logBucket String: S3 Bucket where the guard validate report will be uploaded to
options Property Map: Specifies the S3 location of your input parameters.
stackFilters Property Map: Filters to allow hooks to target specific stack attributes
targetFilters Property Map | Property Map: Attribute to specify which targets should invoke the hook

Outputs

All input properties are implicitly available as output properties. Additionally, the GuardHook resource produces the following output properties:

HookArn string: The Amazon Resource Name (ARN) of the activated hook
Id string: The provider-assigned unique ID for this managed resource.

HookArn string: The Amazon Resource Name (ARN) of the activated hook
Id string: The provider-assigned unique ID for this managed resource.

hookArn String: The Amazon Resource Name (ARN) of the activated hook
id String: The provider-assigned unique ID for this managed resource.

hookArn string: The Amazon Resource Name (ARN) of the activated hook
id string: The provider-assigned unique ID for this managed resource.

hook_arn str: The Amazon Resource Name (ARN) of the activated hook
id str: The provider-assigned unique ID for this managed resource.

hookArn String: The Amazon Resource Name (ARN) of the activated hook
id String: The provider-assigned unique ID for this managed resource.

Supporting Types

GuardHookFailureMode, GuardHookFailureModeArgs

Fail: FAIL
Warn: WARN

GuardHookFailureModeFail: FAIL
GuardHookFailureModeWarn: WARN

Fail: FAIL
Warn: WARN

Fail: FAIL
Warn: WARN

FAIL: FAIL
WARN: WARN

"FAIL": FAIL
"WARN": WARN

GuardHookHookStatus, GuardHookHookStatusArgs

Enabled: ENABLED
Disabled: DISABLED

GuardHookHookStatusEnabled: ENABLED
GuardHookHookStatusDisabled: DISABLED

Enabled: ENABLED
Disabled: DISABLED

Enabled: ENABLED
Disabled: DISABLED

ENABLED: ENABLED
DISABLED: DISABLED

"ENABLED": ENABLED
"DISABLED": DISABLED

GuardHookS3Location, GuardHookS3LocationArgs

Uri string: S3 uri of Guard files.
VersionId string: S3 object version

Uri string: S3 uri of Guard files.
VersionId string: S3 object version

uri String: S3 uri of Guard files.
versionId String: S3 object version

uri string: S3 uri of Guard files.
versionId string: S3 object version

uri str: S3 uri of Guard files.
version_id str: S3 object version

uri String: S3 uri of Guard files.
versionId String: S3 object version

GuardHookTargetOperation, GuardHookTargetOperationArgs

Resource: RESOURCE
Stack: STACK
ChangeSet: CHANGE_SET
CloudControl: CLOUD_CONTROL

GuardHookTargetOperationResource: RESOURCE
GuardHookTargetOperationStack: STACK
GuardHookTargetOperationChangeSet: CHANGE_SET
GuardHookTargetOperationCloudControl: CLOUD_CONTROL

Resource: RESOURCE
Stack: STACK
ChangeSet: CHANGE_SET
CloudControl: CLOUD_CONTROL

Resource: RESOURCE
Stack: STACK
ChangeSet: CHANGE_SET
CloudControl: CLOUD_CONTROL

RESOURCE: RESOURCE
STACK: STACK
CHANGE_SET: CHANGE_SET
CLOUD_CONTROL: CLOUD_CONTROL

"RESOURCE": RESOURCE
"STACK": STACK
"CHANGE_SET": CHANGE_SET
"CLOUD_CONTROL": CLOUD_CONTROL

LambdaHookAction, LambdaHookActionArgs

Create: CREATE
Update: UPDATE
Delete: DELETE

LambdaHookActionCreate: CREATE
LambdaHookActionUpdate: UPDATE
LambdaHookActionDelete: DELETE

Create: CREATE
Update: UPDATE
Delete: DELETE

Create: CREATE
Update: UPDATE
Delete: DELETE

CREATE: CREATE
UPDATE: UPDATE
DELETE: DELETE

"CREATE": CREATE
"UPDATE": UPDATE
"DELETE": DELETE

LambdaHookHookTarget, LambdaHookHookTargetArgs

Action Pulumi.AwsNative.CloudFormation.LambdaHookAction
InvocationPoint Pulumi.AwsNative.CloudFormation.LambdaHookInvocationPoint
TargetName string

Action LambdaHookAction
InvocationPoint LambdaHookInvocationPoint
TargetName string

action LambdaHookAction
invocationPoint LambdaHookInvocationPoint
targetName String

action LambdaHookAction
invocationPoint LambdaHookInvocationPoint
targetName string

action LambdaHookAction
invocation_point LambdaHookInvocationPoint
target_name str

action "CREATE" | "UPDATE" | "DELETE"
invocationPoint "PRE_PROVISION"
targetName String

LambdaHookInvocationPoint, LambdaHookInvocationPointArgs

PreProvision: PRE_PROVISION

LambdaHookInvocationPointPreProvision: PRE_PROVISION

PreProvision: PRE_PROVISION

PreProvision: PRE_PROVISION

PRE_PROVISION: PRE_PROVISION

"PRE_PROVISION": PRE_PROVISION

LambdaHookStackFiltersPropertiesFilteringCriteria, LambdaHookStackFiltersPropertiesFilteringCriteriaArgs

All: ALL
Any: ANY

LambdaHookStackFiltersPropertiesFilteringCriteriaAll: ALL
LambdaHookStackFiltersPropertiesFilteringCriteriaAny: ANY

All: ALL
Any: ANY

All: ALL
Any: ANY

ALL: ALL
ANY: ANY

"ALL": ALL
"ANY": ANY

OptionsProperties, OptionsPropertiesArgs

InputParams Pulumi.AwsNative.CloudFormation.Inputs.GuardHookS3Location: Specifies the S3 location where your input parameters are located.

InputParams GuardHookS3Location: Specifies the S3 location where your input parameters are located.

inputParams GuardHookS3Location: Specifies the S3 location where your input parameters are located.

inputParams GuardHookS3Location: Specifies the S3 location where your input parameters are located.

input_params GuardHookS3Location: Specifies the S3 location where your input parameters are located.

inputParams Property Map: Specifies the S3 location where your input parameters are located.

StackFiltersProperties, StackFiltersPropertiesArgs

FilteringCriteria Pulumi.AwsNative.CloudFormation.LambdaHookStackFiltersPropertiesFilteringCriteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
StackNames Pulumi.AwsNative.CloudFormation.Inputs.StackFiltersPropertiesStackNamesProperties: List of stack names as filters
StackRoles Pulumi.AwsNative.CloudFormation.Inputs.StackFiltersPropertiesStackRolesProperties: List of stack roles that are performing the stack operations.

FilteringCriteria LambdaHookStackFiltersPropertiesFilteringCriteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
StackNames StackFiltersPropertiesStackNamesProperties: List of stack names as filters
StackRoles StackFiltersPropertiesStackRolesProperties: List of stack roles that are performing the stack operations.

filteringCriteria LambdaHookStackFiltersPropertiesFilteringCriteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
stackNames StackFiltersPropertiesStackNamesProperties: List of stack names as filters
stackRoles StackFiltersPropertiesStackRolesProperties: List of stack roles that are performing the stack operations.

filteringCriteria LambdaHookStackFiltersPropertiesFilteringCriteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
stackNames StackFiltersPropertiesStackNamesProperties: List of stack names as filters
stackRoles StackFiltersPropertiesStackRolesProperties: List of stack roles that are performing the stack operations.

filtering_criteria LambdaHookStackFiltersPropertiesFilteringCriteria: Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
stack_names StackFiltersPropertiesStackNamesProperties: List of stack names as filters
stack_roles StackFiltersPropertiesStackRolesProperties: List of stack roles that are performing the stack operations.

filteringCriteria "ALL" | "ANY": Attribute to specify the filtering behavior. ANY will make the Hook pass if one filter matches. ALL will make the Hook pass if all filters match
stackNames Property Map: List of stack names as filters
stackRoles Property Map: List of stack roles that are performing the stack operations.

StackFiltersPropertiesStackNamesProperties, StackFiltersPropertiesStackNamesPropertiesArgs

Exclude List<string>: List of stack names that the hook is going to be excluded from
Include List<string>: List of stack names that the hook is going to target

Exclude []string: List of stack names that the hook is going to be excluded from
Include []string: List of stack names that the hook is going to target

exclude List<String>: List of stack names that the hook is going to be excluded from
include List<String>: List of stack names that the hook is going to target

exclude string[]: List of stack names that the hook is going to be excluded from
include string[]: List of stack names that the hook is going to target

exclude Sequence[str]: List of stack names that the hook is going to be excluded from
include Sequence[str]: List of stack names that the hook is going to target

exclude List<String>: List of stack names that the hook is going to be excluded from
include List<String>: List of stack names that the hook is going to target

StackFiltersPropertiesStackRolesProperties, StackFiltersPropertiesStackRolesPropertiesArgs

Exclude List<string>: List of stack roles that the hook is going to be excluded from
Include List<string>: List of stack roles that the hook is going to target

Exclude []string: List of stack roles that the hook is going to be excluded from
Include []string: List of stack roles that the hook is going to target

exclude List<String>: List of stack roles that the hook is going to be excluded from
include List<String>: List of stack roles that the hook is going to target

exclude string[]: List of stack roles that the hook is going to be excluded from
include string[]: List of stack roles that the hook is going to target

exclude Sequence[str]: List of stack roles that the hook is going to be excluded from
include Sequence[str]: List of stack roles that the hook is going to target

exclude List<String>: List of stack roles that the hook is going to be excluded from
include List<String>: List of stack roles that the hook is going to target

TargetFilters0Properties, TargetFilters0PropertiesArgs

Actions List<Pulumi.AwsNative.CloudFormation.LambdaHookAction>: List of actions that the hook is going to target
InvocationPoints List<Pulumi.AwsNative.CloudFormation.LambdaHookInvocationPoint>: List of invocation points that the hook is going to target
TargetNames List<string>: List of type names that the hook is going to target

Actions []LambdaHookAction: List of actions that the hook is going to target
InvocationPoints []LambdaHookInvocationPoint: List of invocation points that the hook is going to target
TargetNames []string: List of type names that the hook is going to target

actions List<LambdaHookAction>: List of actions that the hook is going to target
invocationPoints List<LambdaHookInvocationPoint>: List of invocation points that the hook is going to target
targetNames List<String>: List of type names that the hook is going to target

actions LambdaHookAction[]: List of actions that the hook is going to target
invocationPoints LambdaHookInvocationPoint[]: List of invocation points that the hook is going to target
targetNames string[]: List of type names that the hook is going to target

actions Sequence[LambdaHookAction]: List of actions that the hook is going to target
invocation_points Sequence[LambdaHookInvocationPoint]: List of invocation points that the hook is going to target
target_names Sequence[str]: List of type names that the hook is going to target

actions List<"CREATE" | "UPDATE" | "DELETE">: List of actions that the hook is going to target
invocationPoints List<"PRE_PROVISION">: List of invocation points that the hook is going to target
targetNames List<String>: List of type names that the hook is going to target