Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.cfg.OrganizationCustomPolicyRule
Explore with Pulumi AI
Manages a Config Organization Custom Policy Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule resource.
NOTE: This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the
excluded_accountsargument.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cfg.OrganizationCustomPolicyRule("example", {
name: "example_rule_name",
policyRuntime: "guard-2.x.x",
policyText: `let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`,
resourceTypesScopes: ["AWS::DynamoDB::Table"],
});
import pulumi
import pulumi_aws as aws
example = aws.cfg.OrganizationCustomPolicyRule("example",
name="example_rule_name",
policy_runtime="guard-2.x.x",
policy_text="""let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
""",
resource_types_scopes=["AWS::DynamoDB::Table"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cfg.NewOrganizationCustomPolicyRule(ctx, "example", &cfg.OrganizationCustomPolicyRuleArgs{
Name: pulumi.String("example_rule_name"),
PolicyRuntime: pulumi.String("guard-2.x.x"),
PolicyText: pulumi.String(`let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`),
ResourceTypesScopes: pulumi.StringArray{
pulumi.String("AWS::DynamoDB::Table"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Cfg.OrganizationCustomPolicyRule("example", new()
{
Name = "example_rule_name",
PolicyRuntime = "guard-2.x.x",
PolicyText = @"let status = ['ACTIVE']
rule tableisactive when
resourceType == ""AWS::DynamoDB::Table"" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == ""AWS::DynamoDB::Table""
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == ""ENABLED""
}
",
ResourceTypesScopes = new[]
{
"AWS::DynamoDB::Table",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.OrganizationCustomPolicyRule;
import com.pulumi.aws.cfg.OrganizationCustomPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new OrganizationCustomPolicyRule("example", OrganizationCustomPolicyRuleArgs.builder()
.name("example_rule_name")
.policyRuntime("guard-2.x.x")
.policyText("""
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
""")
.resourceTypesScopes("AWS::DynamoDB::Table")
.build());
}
}
resources:
example:
type: aws:cfg:OrganizationCustomPolicyRule
properties:
name: example_rule_name
policyRuntime: guard-2.x.x
policyText: |
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
resourceTypesScopes:
- AWS::DynamoDB::Table
Create OrganizationCustomPolicyRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationCustomPolicyRule(name: string, args: OrganizationCustomPolicyRuleArgs, opts?: CustomResourceOptions);@overload
def OrganizationCustomPolicyRule(resource_name: str,
args: OrganizationCustomPolicyRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationCustomPolicyRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_runtime: Optional[str] = None,
trigger_types: Optional[Sequence[str]] = None,
policy_text: Optional[str] = None,
input_parameters: Optional[str] = None,
maximum_execution_frequency: Optional[str] = None,
name: Optional[str] = None,
debug_log_delivery_accounts: Optional[Sequence[str]] = None,
excluded_accounts: Optional[Sequence[str]] = None,
resource_id_scope: Optional[str] = None,
resource_types_scopes: Optional[Sequence[str]] = None,
tag_key_scope: Optional[str] = None,
tag_value_scope: Optional[str] = None,
description: Optional[str] = None)func NewOrganizationCustomPolicyRule(ctx *Context, name string, args OrganizationCustomPolicyRuleArgs, opts ...ResourceOption) (*OrganizationCustomPolicyRule, error)public OrganizationCustomPolicyRule(string name, OrganizationCustomPolicyRuleArgs args, CustomResourceOptions? opts = null)
public OrganizationCustomPolicyRule(String name, OrganizationCustomPolicyRuleArgs args)
public OrganizationCustomPolicyRule(String name, OrganizationCustomPolicyRuleArgs args, CustomResourceOptions options)
type: aws:cfg:OrganizationCustomPolicyRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationCustomPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationCustomPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationCustomPolicyRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationCustomPolicyRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationCustomPolicyRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationCustomPolicyRuleResource = new Aws.Cfg.OrganizationCustomPolicyRule("organizationCustomPolicyRuleResource", new()
{
PolicyRuntime = "string",
TriggerTypes = new[]
{
"string",
},
PolicyText = "string",
InputParameters = "string",
MaximumExecutionFrequency = "string",
Name = "string",
DebugLogDeliveryAccounts = new[]
{
"string",
},
ExcludedAccounts = new[]
{
"string",
},
ResourceIdScope = "string",
ResourceTypesScopes = new[]
{
"string",
},
TagKeyScope = "string",
TagValueScope = "string",
Description = "string",
});
example, err := cfg.NewOrganizationCustomPolicyRule(ctx, "organizationCustomPolicyRuleResource", &cfg.OrganizationCustomPolicyRuleArgs{
PolicyRuntime: pulumi.String("string"),
TriggerTypes: pulumi.StringArray{
pulumi.String("string"),
},
PolicyText: pulumi.String("string"),
InputParameters: pulumi.String("string"),
MaximumExecutionFrequency: pulumi.String("string"),
Name: pulumi.String("string"),
DebugLogDeliveryAccounts: pulumi.StringArray{
pulumi.String("string"),
},
ExcludedAccounts: pulumi.StringArray{
pulumi.String("string"),
},
ResourceIdScope: pulumi.String("string"),
ResourceTypesScopes: pulumi.StringArray{
pulumi.String("string"),
},
TagKeyScope: pulumi.String("string"),
TagValueScope: pulumi.String("string"),
Description: pulumi.String("string"),
})
var organizationCustomPolicyRuleResource = new OrganizationCustomPolicyRule("organizationCustomPolicyRuleResource", OrganizationCustomPolicyRuleArgs.builder()
.policyRuntime("string")
.triggerTypes("string")
.policyText("string")
.inputParameters("string")
.maximumExecutionFrequency("string")
.name("string")
.debugLogDeliveryAccounts("string")
.excludedAccounts("string")
.resourceIdScope("string")
.resourceTypesScopes("string")
.tagKeyScope("string")
.tagValueScope("string")
.description("string")
.build());
organization_custom_policy_rule_resource = aws.cfg.OrganizationCustomPolicyRule("organizationCustomPolicyRuleResource",
policy_runtime="string",
trigger_types=["string"],
policy_text="string",
input_parameters="string",
maximum_execution_frequency="string",
name="string",
debug_log_delivery_accounts=["string"],
excluded_accounts=["string"],
resource_id_scope="string",
resource_types_scopes=["string"],
tag_key_scope="string",
tag_value_scope="string",
description="string")
const organizationCustomPolicyRuleResource = new aws.cfg.OrganizationCustomPolicyRule("organizationCustomPolicyRuleResource", {
policyRuntime: "string",
triggerTypes: ["string"],
policyText: "string",
inputParameters: "string",
maximumExecutionFrequency: "string",
name: "string",
debugLogDeliveryAccounts: ["string"],
excludedAccounts: ["string"],
resourceIdScope: "string",
resourceTypesScopes: ["string"],
tagKeyScope: "string",
tagValueScope: "string",
description: "string",
});
type: aws:cfg:OrganizationCustomPolicyRule
properties:
debugLogDeliveryAccounts:
- string
description: string
excludedAccounts:
- string
inputParameters: string
maximumExecutionFrequency: string
name: string
policyRuntime: string
policyText: string
resourceIdScope: string
resourceTypesScopes:
- string
tagKeyScope: string
tagValueScope: string
triggerTypes:
- string
OrganizationCustomPolicyRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationCustomPolicyRule resource accepts the following input properties:
- Policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- Policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- Trigger
Types List<string> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- Debug
Log List<string>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- Description string
- Description of the rule
- Excluded
Accounts List<string> - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - Name string
- name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types List<string>Scopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- Policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- Trigger
Types []string List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- Debug
Log []stringDelivery Accounts - List of AWS account identifiers to exclude from the rule
- Description string
- Description of the rule
- Excluded
Accounts []string - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - Name string
- name of the rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types []stringScopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- policy
Runtime String - runtime system for your organization AWS Config Custom Policy rules
- policy
Text String - policy definition containing the logic for your organization AWS Config Custom Policy rule
- trigger
Types List<String> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- debug
Log List<String>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name String
- name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- trigger
Types string[] List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- debug
Log string[]Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description string
- Description of the rule
- excluded
Accounts string[] - List of AWS account identifiers to exclude from the rule
- input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name string
- name of the rule
- resource
Id stringScope - Identifier of the AWS resource to evaluate
- resource
Types string[]Scopes - List of types of AWS resources to evaluate
- tag
Key stringScope - Tag key of AWS resources to evaluate
- tag
Value stringScope - Tag value of AWS resources to evaluate
- policy_
runtime str - runtime system for your organization AWS Config Custom Policy rules
- policy_
text str - policy definition containing the logic for your organization AWS Config Custom Policy rule
- trigger_
types Sequence[str] List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- debug_
log_ Sequence[str]delivery_ accounts - List of AWS account identifiers to exclude from the rule
- description str
- Description of the rule
- excluded_
accounts Sequence[str] - List of AWS account identifiers to exclude from the rule
- input_
parameters str - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum_
execution_ strfrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name str
- name of the rule
- resource_
id_ strscope - Identifier of the AWS resource to evaluate
- resource_
types_ Sequence[str]scopes - List of types of AWS resources to evaluate
- tag_
key_ strscope - Tag key of AWS resources to evaluate
- tag_
value_ strscope - Tag value of AWS resources to evaluate
- policy
Runtime String - runtime system for your organization AWS Config Custom Policy rules
- policy
Text String - policy definition containing the logic for your organization AWS Config Custom Policy rule
- trigger
Types List<String> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- debug
Log List<String>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name String
- name of the rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationCustomPolicyRule resource produces the following output properties:
Look up Existing OrganizationCustomPolicyRule Resource
Get an existing OrganizationCustomPolicyRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationCustomPolicyRuleState, opts?: CustomResourceOptions): OrganizationCustomPolicyRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
debug_log_delivery_accounts: Optional[Sequence[str]] = None,
description: Optional[str] = None,
excluded_accounts: Optional[Sequence[str]] = None,
input_parameters: Optional[str] = None,
maximum_execution_frequency: Optional[str] = None,
name: Optional[str] = None,
policy_runtime: Optional[str] = None,
policy_text: Optional[str] = None,
resource_id_scope: Optional[str] = None,
resource_types_scopes: Optional[Sequence[str]] = None,
tag_key_scope: Optional[str] = None,
tag_value_scope: Optional[str] = None,
trigger_types: Optional[Sequence[str]] = None) -> OrganizationCustomPolicyRulefunc GetOrganizationCustomPolicyRule(ctx *Context, name string, id IDInput, state *OrganizationCustomPolicyRuleState, opts ...ResourceOption) (*OrganizationCustomPolicyRule, error)public static OrganizationCustomPolicyRule Get(string name, Input<string> id, OrganizationCustomPolicyRuleState? state, CustomResourceOptions? opts = null)public static OrganizationCustomPolicyRule get(String name, Output<String> id, OrganizationCustomPolicyRuleState state, CustomResourceOptions options)resources: _: type: aws:cfg:OrganizationCustomPolicyRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Amazon Resource Name (ARN) of the rule
- Debug
Log List<string>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- Description string
- Description of the rule
- Excluded
Accounts List<string> - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - Name string
- name of the rule
- Policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- Policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types List<string>Scopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Trigger
Types List<string> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- Arn string
- Amazon Resource Name (ARN) of the rule
- Debug
Log []stringDelivery Accounts - List of AWS account identifiers to exclude from the rule
- Description string
- Description of the rule
- Excluded
Accounts []string - List of AWS account identifiers to exclude from the rule
- Input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- Maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - Name string
- name of the rule
- Policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- Policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- Resource
Id stringScope - Identifier of the AWS resource to evaluate
- Resource
Types []stringScopes - List of types of AWS resources to evaluate
- Tag
Key stringScope - Tag key of AWS resources to evaluate
- Tag
Value stringScope - Tag value of AWS resources to evaluate
- Trigger
Types []string List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- arn String
- Amazon Resource Name (ARN) of the rule
- debug
Log List<String>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name String
- name of the rule
- policy
Runtime String - runtime system for your organization AWS Config Custom Policy rules
- policy
Text String - policy definition containing the logic for your organization AWS Config Custom Policy rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- trigger
Types List<String> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- arn string
- Amazon Resource Name (ARN) of the rule
- debug
Log string[]Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description string
- Description of the rule
- excluded
Accounts string[] - List of AWS account identifiers to exclude from the rule
- input
Parameters string - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution stringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name string
- name of the rule
- policy
Runtime string - runtime system for your organization AWS Config Custom Policy rules
- policy
Text string - policy definition containing the logic for your organization AWS Config Custom Policy rule
- resource
Id stringScope - Identifier of the AWS resource to evaluate
- resource
Types string[]Scopes - List of types of AWS resources to evaluate
- tag
Key stringScope - Tag key of AWS resources to evaluate
- tag
Value stringScope - Tag value of AWS resources to evaluate
- trigger
Types string[] List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- arn str
- Amazon Resource Name (ARN) of the rule
- debug_
log_ Sequence[str]delivery_ accounts - List of AWS account identifiers to exclude from the rule
- description str
- Description of the rule
- excluded_
accounts Sequence[str] - List of AWS account identifiers to exclude from the rule
- input_
parameters str - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum_
execution_ strfrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name str
- name of the rule
- policy_
runtime str - runtime system for your organization AWS Config Custom Policy rules
- policy_
text str - policy definition containing the logic for your organization AWS Config Custom Policy rule
- resource_
id_ strscope - Identifier of the AWS resource to evaluate
- resource_
types_ Sequence[str]scopes - List of types of AWS resources to evaluate
- tag_
key_ strscope - Tag key of AWS resources to evaluate
- tag_
value_ strscope - Tag value of AWS resources to evaluate
- trigger_
types Sequence[str] List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
- arn String
- Amazon Resource Name (ARN) of the rule
- debug
Log List<String>Delivery Accounts - List of AWS account identifiers to exclude from the rule
- description String
- Description of the rule
- excluded
Accounts List<String> - List of AWS account identifiers to exclude from the rule
- input
Parameters String - A string in JSON format that is passed to the AWS Config Rule Lambda Function
- maximum
Execution StringFrequency - Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to
TwentyFour_Hoursfor periodic frequency triggered rules. Valid values:One_Hour,Three_Hours,Six_Hours,Twelve_Hours, orTwentyFour_Hours. - name String
- name of the rule
- policy
Runtime String - runtime system for your organization AWS Config Custom Policy rules
- policy
Text String - policy definition containing the logic for your organization AWS Config Custom Policy rule
- resource
Id StringScope - Identifier of the AWS resource to evaluate
- resource
Types List<String>Scopes - List of types of AWS resources to evaluate
- tag
Key StringScope - Tag key of AWS resources to evaluate
- tag
Value StringScope - Tag value of AWS resources to evaluate
- trigger
Types List<String> List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values:
ConfigurationItemChangeNotification,OversizedConfigurationItemChangeNotificationThe following arguments are optional:
Import
Using pulumi import, import a Config Organization Custom Policy Rule using the name argument. For example:
$ pulumi import aws:cfg/organizationCustomPolicyRule:OrganizationCustomPolicyRule example example_rule_name
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.