Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.cfg.OrganizationConformancePack
Explore with Pulumi AI
Manages a Config Organization Conformance Pack. More information can be found in the Managing Conformance Packs Across all Accounts in Your Organization and AWS Config Managed Rules documentation. Example conformance pack templates may be found in the AWS Config Rules Repository.
NOTE: This resource must be created in the Organization master account or a delegated administrator account, and the Organization must have all features enabled. Every Organization account except those configured in the
excluded_accountsargument must have a Configuration Recorder with proper IAM permissions before the Organization Conformance Pack will successfully create or update. See also theaws.cfg.Recorderresource.
Example Usage
Using Template Body
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleOrganization = new aws.organizations.Organization("example", {
awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
featureSet: "ALL",
});
const example = new aws.cfg.OrganizationConformancePack("example", {
name: "example",
inputParameters: [{
parameterName: "AccessKeysRotatedParameterMaxAccessKeyAge",
parameterValue: "90",
}],
templateBody: `Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
`,
}, {
dependsOn: [
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
],
});
import pulumi
import pulumi_aws as aws
example_organization = aws.organizations.Organization("example",
aws_service_access_principals=["config-multiaccountsetup.amazonaws.com"],
feature_set="ALL")
example = aws.cfg.OrganizationConformancePack("example",
name="example",
input_parameters=[{
"parameter_name": "AccessKeysRotatedParameterMaxAccessKeyAge",
"parameter_value": "90",
}],
template_body="""Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""",
opts = pulumi.ResourceOptions(depends_on=[
example_aws_config_configuration_recorder,
example_organization,
]))
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleOrganization, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("config-multiaccountsetup.amazonaws.com"),
},
FeatureSet: pulumi.String("ALL"),
})
if err != nil {
return err
}
_, err = cfg.NewOrganizationConformancePack(ctx, "example", &cfg.OrganizationConformancePackArgs{
Name: pulumi.String("example"),
InputParameters: cfg.OrganizationConformancePackInputParameterArray{
&cfg.OrganizationConformancePackInputParameterArgs{
ParameterName: pulumi.String("AccessKeysRotatedParameterMaxAccessKeyAge"),
ParameterValue: pulumi.String("90"),
},
},
TemplateBody: pulumi.String(`Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
`),
}, pulumi.DependsOn([]pulumi.Resource{
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleOrganization = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"config-multiaccountsetup.amazonaws.com",
},
FeatureSet = "ALL",
});
var example = new Aws.Cfg.OrganizationConformancePack("example", new()
{
Name = "example",
InputParameters = new[]
{
new Aws.Cfg.Inputs.OrganizationConformancePackInputParameterArgs
{
ParameterName = "AccessKeysRotatedParameterMaxAccessKeyAge",
ParameterValue = "90",
},
},
TemplateBody = @"Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
",
}, new CustomResourceOptions
{
DependsOn =
{
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.cfg.OrganizationConformancePack;
import com.pulumi.aws.cfg.OrganizationConformancePackArgs;
import com.pulumi.aws.cfg.inputs.OrganizationConformancePackInputParameterArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var example = new OrganizationConformancePack("example", OrganizationConformancePackArgs.builder()
.name("example")
.inputParameters(OrganizationConformancePackInputParameterArgs.builder()
.parameterName("AccessKeysRotatedParameterMaxAccessKeyAge")
.parameterValue("90")
.build())
.templateBody("""
Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""")
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleAwsConfigConfigurationRecorder,
exampleOrganization)
.build());
}
}
resources:
example:
type: aws:cfg:OrganizationConformancePack
properties:
name: example
inputParameters:
- parameterName: AccessKeysRotatedParameterMaxAccessKeyAge
parameterValue: '90'
templateBody: |
Parameters:
AccessKeysRotatedParameterMaxAccessKeyAge:
Type: String
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
options:
dependsOn:
- ${exampleAwsConfigConfigurationRecorder}
- ${exampleOrganization}
exampleOrganization:
type: aws:organizations:Organization
name: example
properties:
awsServiceAccessPrincipals:
- config-multiaccountsetup.amazonaws.com
featureSet: ALL
Using Template S3 URI
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleOrganization = new aws.organizations.Organization("example", {
awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"],
featureSet: "ALL",
});
const exampleBucketV2 = new aws.s3.BucketV2("example", {bucket: "example"});
const exampleBucketObjectv2 = new aws.s3.BucketObjectv2("example", {
bucket: exampleBucketV2.id,
key: "example-key",
content: `Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
`,
});
const example = new aws.cfg.OrganizationConformancePack("example", {
name: "example",
templateS3Uri: pulumi.interpolate`s3://${exampleBucketV2.bucket}/${exampleBucketObjectv2.key}`,
}, {
dependsOn: [
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
],
});
import pulumi
import pulumi_aws as aws
example_organization = aws.organizations.Organization("example",
aws_service_access_principals=["config-multiaccountsetup.amazonaws.com"],
feature_set="ALL")
example_bucket_v2 = aws.s3.BucketV2("example", bucket="example")
example_bucket_objectv2 = aws.s3.BucketObjectv2("example",
bucket=example_bucket_v2.id,
key="example-key",
content="""Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""")
example = aws.cfg.OrganizationConformancePack("example",
name="example",
template_s3_uri=pulumi.Output.all(
bucket=example_bucket_v2.bucket,
key=example_bucket_objectv2.key
).apply(lambda resolved_outputs: f"s3://{resolved_outputs['bucket']}/{resolved_outputs['key']}")
,
opts = pulumi.ResourceOptions(depends_on=[
example_aws_config_configuration_recorder,
example_organization,
]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleOrganization, err := organizations.NewOrganization(ctx, "example", &organizations.OrganizationArgs{
AwsServiceAccessPrincipals: pulumi.StringArray{
pulumi.String("config-multiaccountsetup.amazonaws.com"),
},
FeatureSet: pulumi.String("ALL"),
})
if err != nil {
return err
}
exampleBucketV2, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
Bucket: pulumi.String("example"),
})
if err != nil {
return err
}
exampleBucketObjectv2, err := s3.NewBucketObjectv2(ctx, "example", &s3.BucketObjectv2Args{
Bucket: exampleBucketV2.ID(),
Key: pulumi.String("example-key"),
Content: pulumi.String(`Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
`),
})
if err != nil {
return err
}
_, err = cfg.NewOrganizationConformancePack(ctx, "example", &cfg.OrganizationConformancePackArgs{
Name: pulumi.String("example"),
TemplateS3Uri: pulumi.All(exampleBucketV2.Bucket, exampleBucketObjectv2.Key).ApplyT(func(_args []interface{}) (string, error) {
bucket := _args[0].(string)
key := _args[1].(string)
return fmt.Sprintf("s3://%v/%v", bucket, key), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleOrganization = new Aws.Organizations.Organization("example", new()
{
AwsServiceAccessPrincipals = new[]
{
"config-multiaccountsetup.amazonaws.com",
},
FeatureSet = "ALL",
});
var exampleBucketV2 = new Aws.S3.BucketV2("example", new()
{
Bucket = "example",
});
var exampleBucketObjectv2 = new Aws.S3.BucketObjectv2("example", new()
{
Bucket = exampleBucketV2.Id,
Key = "example-key",
Content = @"Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
",
});
var example = new Aws.Cfg.OrganizationConformancePack("example", new()
{
Name = "example",
TemplateS3Uri = Output.Tuple(exampleBucketV2.Bucket, exampleBucketObjectv2.Key).Apply(values =>
{
var bucket = values.Item1;
var key = values.Item2;
return $"s3://{bucket}/{key}";
}),
}, new CustomResourceOptions
{
DependsOn =
{
exampleAwsConfigConfigurationRecorder,
exampleOrganization,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.organizations.Organization;
import com.pulumi.aws.organizations.OrganizationArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketObjectv2;
import com.pulumi.aws.s3.BucketObjectv2Args;
import com.pulumi.aws.cfg.OrganizationConformancePack;
import com.pulumi.aws.cfg.OrganizationConformancePackArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleOrganization = new Organization("exampleOrganization", OrganizationArgs.builder()
.awsServiceAccessPrincipals("config-multiaccountsetup.amazonaws.com")
.featureSet("ALL")
.build());
var exampleBucketV2 = new BucketV2("exampleBucketV2", BucketV2Args.builder()
.bucket("example")
.build());
var exampleBucketObjectv2 = new BucketObjectv2("exampleBucketObjectv2", BucketObjectv2Args.builder()
.bucket(exampleBucketV2.id())
.key("example-key")
.content("""
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
""")
.build());
var example = new OrganizationConformancePack("example", OrganizationConformancePackArgs.builder()
.name("example")
.templateS3Uri(Output.tuple(exampleBucketV2.bucket(), exampleBucketObjectv2.key()).applyValue(values -> {
var bucket = values.t1;
var key = values.t2;
return String.format("s3://%s/%s", bucket,key);
}))
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleAwsConfigConfigurationRecorder,
exampleOrganization)
.build());
}
}
resources:
example:
type: aws:cfg:OrganizationConformancePack
properties:
name: example
templateS3Uri: s3://${exampleBucketV2.bucket}/${exampleBucketObjectv2.key}
options:
dependsOn:
- ${exampleAwsConfigConfigurationRecorder}
- ${exampleOrganization}
exampleOrganization:
type: aws:organizations:Organization
name: example
properties:
awsServiceAccessPrincipals:
- config-multiaccountsetup.amazonaws.com
featureSet: ALL
exampleBucketV2:
type: aws:s3:BucketV2
name: example
properties:
bucket: example
exampleBucketObjectv2:
type: aws:s3:BucketObjectv2
name: example
properties:
bucket: ${exampleBucketV2.id}
key: example-key
content: |
Resources:
IAMPasswordPolicy:
Properties:
ConfigRuleName: IAMPasswordPolicy
Source:
Owner: AWS
SourceIdentifier: IAM_PASSWORD_POLICY
Type: AWS::Config::ConfigRule
Create OrganizationConformancePack Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationConformancePack(name: string, args?: OrganizationConformancePackArgs, opts?: CustomResourceOptions);@overload
def OrganizationConformancePack(resource_name: str,
args: Optional[OrganizationConformancePackArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationConformancePack(resource_name: str,
opts: Optional[ResourceOptions] = None,
delivery_s3_bucket: Optional[str] = None,
delivery_s3_key_prefix: Optional[str] = None,
excluded_accounts: Optional[Sequence[str]] = None,
input_parameters: Optional[Sequence[OrganizationConformancePackInputParameterArgs]] = None,
name: Optional[str] = None,
template_body: Optional[str] = None,
template_s3_uri: Optional[str] = None)func NewOrganizationConformancePack(ctx *Context, name string, args *OrganizationConformancePackArgs, opts ...ResourceOption) (*OrganizationConformancePack, error)public OrganizationConformancePack(string name, OrganizationConformancePackArgs? args = null, CustomResourceOptions? opts = null)
public OrganizationConformancePack(String name, OrganizationConformancePackArgs args)
public OrganizationConformancePack(String name, OrganizationConformancePackArgs args, CustomResourceOptions options)
type: aws:cfg:OrganizationConformancePack
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationConformancePackArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationConformancePackArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationConformancePackArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationConformancePackArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationConformancePackArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationConformancePackResource = new Aws.Cfg.OrganizationConformancePack("organizationConformancePackResource", new()
{
DeliveryS3Bucket = "string",
DeliveryS3KeyPrefix = "string",
ExcludedAccounts = new[]
{
"string",
},
InputParameters = new[]
{
new Aws.Cfg.Inputs.OrganizationConformancePackInputParameterArgs
{
ParameterName = "string",
ParameterValue = "string",
},
},
Name = "string",
TemplateBody = "string",
TemplateS3Uri = "string",
});
example, err := cfg.NewOrganizationConformancePack(ctx, "organizationConformancePackResource", &cfg.OrganizationConformancePackArgs{
DeliveryS3Bucket: pulumi.String("string"),
DeliveryS3KeyPrefix: pulumi.String("string"),
ExcludedAccounts: pulumi.StringArray{
pulumi.String("string"),
},
InputParameters: cfg.OrganizationConformancePackInputParameterArray{
&cfg.OrganizationConformancePackInputParameterArgs{
ParameterName: pulumi.String("string"),
ParameterValue: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
TemplateBody: pulumi.String("string"),
TemplateS3Uri: pulumi.String("string"),
})
var organizationConformancePackResource = new OrganizationConformancePack("organizationConformancePackResource", OrganizationConformancePackArgs.builder()
.deliveryS3Bucket("string")
.deliveryS3KeyPrefix("string")
.excludedAccounts("string")
.inputParameters(OrganizationConformancePackInputParameterArgs.builder()
.parameterName("string")
.parameterValue("string")
.build())
.name("string")
.templateBody("string")
.templateS3Uri("string")
.build());
organization_conformance_pack_resource = aws.cfg.OrganizationConformancePack("organizationConformancePackResource",
delivery_s3_bucket="string",
delivery_s3_key_prefix="string",
excluded_accounts=["string"],
input_parameters=[{
"parameter_name": "string",
"parameter_value": "string",
}],
name="string",
template_body="string",
template_s3_uri="string")
const organizationConformancePackResource = new aws.cfg.OrganizationConformancePack("organizationConformancePackResource", {
deliveryS3Bucket: "string",
deliveryS3KeyPrefix: "string",
excludedAccounts: ["string"],
inputParameters: [{
parameterName: "string",
parameterValue: "string",
}],
name: "string",
templateBody: "string",
templateS3Uri: "string",
});
type: aws:cfg:OrganizationConformancePack
properties:
deliveryS3Bucket: string
deliveryS3KeyPrefix: string
excludedAccounts:
- string
inputParameters:
- parameterName: string
parameterValue: string
name: string
templateBody: string
templateS3Uri: string
OrganizationConformancePack Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationConformancePack resource accepts the following input properties:
- Delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - Delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- Excluded
Accounts List<string> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- Input
Parameters List<OrganizationConformance Pack Input Parameter> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - Name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- Template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- Template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- Delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - Delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- Excluded
Accounts []string - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- Input
Parameters []OrganizationConformance Pack Input Parameter Args - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - Name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- Template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- Template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- delivery
S3Bucket String - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key StringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts List<String> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters List<OrganizationConformance Pack Input Parameter> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name String
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body String - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri String - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts string[] - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters OrganizationConformance Pack Input Parameter[] - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- delivery_
s3_ strbucket - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery_
s3_ strkey_ prefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded_
accounts Sequence[str] - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input_
parameters Sequence[OrganizationConformance Pack Input Parameter Args] - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name str
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template_
body str - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template_
s3_ struri - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- delivery
S3Bucket String - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key StringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts List<String> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters List<Property Map> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name String
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body String - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri String - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationConformancePack resource produces the following output properties:
Look up Existing OrganizationConformancePack Resource
Get an existing OrganizationConformancePack resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationConformancePackState, opts?: CustomResourceOptions): OrganizationConformancePack@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
delivery_s3_bucket: Optional[str] = None,
delivery_s3_key_prefix: Optional[str] = None,
excluded_accounts: Optional[Sequence[str]] = None,
input_parameters: Optional[Sequence[OrganizationConformancePackInputParameterArgs]] = None,
name: Optional[str] = None,
template_body: Optional[str] = None,
template_s3_uri: Optional[str] = None) -> OrganizationConformancePackfunc GetOrganizationConformancePack(ctx *Context, name string, id IDInput, state *OrganizationConformancePackState, opts ...ResourceOption) (*OrganizationConformancePack, error)public static OrganizationConformancePack Get(string name, Input<string> id, OrganizationConformancePackState? state, CustomResourceOptions? opts = null)public static OrganizationConformancePack get(String name, Output<String> id, OrganizationConformancePackState state, CustomResourceOptions options)resources: _: type: aws:cfg:OrganizationConformancePack get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Amazon Resource Name (ARN) of the organization conformance pack.
- Delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - Delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- Excluded
Accounts List<string> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- Input
Parameters List<OrganizationConformance Pack Input Parameter> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - Name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- Template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- Template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- Arn string
- Amazon Resource Name (ARN) of the organization conformance pack.
- Delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - Delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- Excluded
Accounts []string - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- Input
Parameters []OrganizationConformance Pack Input Parameter Args - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - Name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- Template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- Template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- arn String
- Amazon Resource Name (ARN) of the organization conformance pack.
- delivery
S3Bucket String - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key StringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts List<String> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters List<OrganizationConformance Pack Input Parameter> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name String
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body String - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri String - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- arn string
- Amazon Resource Name (ARN) of the organization conformance pack.
- delivery
S3Bucket string - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key stringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts string[] - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters OrganizationConformance Pack Input Parameter[] - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name string
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body string - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri string - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- arn str
- Amazon Resource Name (ARN) of the organization conformance pack.
- delivery_
s3_ strbucket - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery_
s3_ strkey_ prefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded_
accounts Sequence[str] - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input_
parameters Sequence[OrganizationConformance Pack Input Parameter Args] - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name str
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template_
body str - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template_
s3_ struri - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
- arn String
- Amazon Resource Name (ARN) of the organization conformance pack.
- delivery
S3Bucket String - Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with
awsconfigconformsprefix. Maximum length of 63. - delivery
S3Key StringPrefix - The prefix for the Amazon S3 bucket. Maximum length of 1024.
- excluded
Accounts List<String> - Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.
- input
Parameters List<Property Map> - Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the
template_bodyor in the template stored in Amazon S3 if usingtemplate_s3_uri. - name String
- The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.
- template
Body String - A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.
- template
S3Uri String - Location of file, e.g.,
s3://bucketname/prefix, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.
Supporting Types
OrganizationConformancePackInputParameter, OrganizationConformancePackInputParameterArgs
- Parameter
Name string - The input key.
- Parameter
Value string - The input value.
- Parameter
Name string - The input key.
- Parameter
Value string - The input value.
- parameter
Name String - The input key.
- parameter
Value String - The input value.
- parameter
Name string - The input key.
- parameter
Value string - The input value.
- parameter_
name str - The input key.
- parameter_
value str - The input value.
- parameter
Name String - The input key.
- parameter
Value String - The input value.
Import
Using pulumi import, import Config Organization Conformance Packs using the name. For example:
$ pulumi import aws:cfg/organizationConformancePack:OrganizationConformancePack example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.