awsconfig

package
v2.142.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2024 License: Apache-2.0 Imports: 11 Imported by: 3

README

AWS Config Construct Library

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

This module is part of the AWS Cloud Development Kit project.

Initial Setup

Before using the constructs provided in this module, you need to set up AWS Config in the region in which it will be used. This setup includes the one-time creation of the following resources per region:

  • ConfigurationRecorder: Configure which resources will be recorded for config changes.
  • DeliveryChannel: Configure where to store the recorded data.

The following guides provide the steps for getting started with AWS Config:

Rules

AWS Config can evaluate the configuration settings of your AWS resources by creating AWS Config rules, which represent your ideal configuration settings.

See Evaluating Resources with AWS Config Rules to learn more about AWS Config rules.

AWS Managed Rules

AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.

For example, you could create a managed rule that checks whether active access keys are rotated within the number of days specified.

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	InputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})

Identifiers for AWS managed rules are available through static constants in the ManagedRuleIdentifiers class. You can find supported input parameters in the List of AWS Config Managed Rules.

The following higher level constructs for AWS managed rules are available.

Access Key rotation

Checks whether your active access keys are rotated within the number of days specified.

// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))
CloudFormation Stack drift detection

Checks whether your CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration.

// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &CloudFormationStackDriftDetectionCheckProps{
	OwnStackOnly: jsii.Boolean(true),
})
CloudFormation Stack notifications

Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
	Topics: []iTopic{
		topic1,
		topic2,
	},
})
Custom rules

You can develop custom rules and add them to AWS Config. You associate each custom rule with an AWS Lambda function and Guard.

Custom Lambda Rules

Lambda function which contains the logic that evaluates whether your AWS resources comply with the rule.

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})
Custom Policy Rules

Guard which contains the logic that evaluates whether your AWS resources comply with the rule.

samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']

rule tableisactive when
    resourceType == "AWS::DynamoDB::Table" {
    configuration.tableStatus == %status
}

rule checkcompliance when
    resourceType == "AWS::DynamoDB::Table"
    tableisactive {
        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
        %pitr == "ENABLED"
}
`

config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
	PolicyText: samplePolicyText,
	EnableDebugLog: jsii.Boolean(true),
	RuleScope: config.RuleScope_FromResources([]resourceType{
		config.*resourceType_DYNAMODB_TABLE(),
	}),
})
Triggers

AWS Lambda executes functions in response to events that are published by AWS Services. The function for a custom Config rule receives an event that is published by AWS Config, and is responsible for evaluating the compliance of the rule.

Evaluations can be triggered by configuration changes, periodically, or both. To create a custom rule, define a CustomRule and specify the Lambda Function to run and the trigger types.

var evalComplianceFn function


config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
	LambdaFunction: evalComplianceFn,
	ConfigurationChanges: jsii.Boolean(true),
	Periodic: jsii.Boolean(true),

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_SIX_HOURS,
})

When the trigger for a rule occurs, the Lambda function is invoked by publishing an event. See example events for AWS Config Rules

The AWS documentation has examples of Lambda functions for evaluations that are triggered by configuration changes and triggered periodically

Scope

By default rules are triggered by changes to all resources.

Use the RuleScope APIs (fromResource(), fromResources() or fromTag()) to restrict the scope of both managed and custom rules:

var evalComplianceFn function
sshRule := config.NewManagedRule(this, jsii.String("SSH"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED(),
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_SECURITY_GROUP(), jsii.String("sg-1234567890abcdefgh")),
})
customRule := config.NewCustomRule(this, jsii.String("Lambda"), &CustomRuleProps{
	LambdaFunction: evalComplianceFn,
	ConfigurationChanges: jsii.Boolean(true),
	RuleScope: config.RuleScope_FromResources([]resourceType{
		config.*resourceType_CLOUDFORMATION_STACK(),
		config.*resourceType_S3_BUCKET(),
	}),
})

tagRule := config.NewCustomRule(this, jsii.String("CostCenterTagRule"), &CustomRuleProps{
	LambdaFunction: evalComplianceFn,
	ConfigurationChanges: jsii.Boolean(true),
	RuleScope: config.RuleScope_FromTag(jsii.String("Cost Center"), jsii.String("MyApp")),
})
Events

You can define Amazon EventBridge event rules which trigger when a compliance check fails or when a rule is re-evaluated.

Use the onComplianceChange() APIs to trigger an EventBridge event when a compliance check of your AWS Config Rule fails:

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &OnEventOptions{
	Target: targets.NewSnsTopic(complianceTopic),
})

Use the onReEvaluationStatus() status to trigger an EventBridge event when an AWS Config rule is re-evaluated.

// Topic to which re-evaluation notification events will be published
reEvaluationTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onReEvaluationStatus(jsii.String("ReEvaluationEvent"), &OnEventOptions{
	Target: targets.NewSnsTopic(reEvaluationTopic),
})
Example

The following example creates a custom rule that evaluates whether EC2 instances are compliant. Compliance events are published to an SNS topic.

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})

// A rule to detect stack drifts
driftRule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

// Send notification on compliance change events
driftRule.onComplianceChange(jsii.String("ComplianceChange"), &OnEventOptions{
	Target: targets.NewSnsTopic(complianceTopic),
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessKeysRotated_IsConstruct

func AccessKeysRotated_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func AccessKeysRotated_IsOwnedResource added in v2.32.0

func AccessKeysRotated_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func AccessKeysRotated_IsResource

func AccessKeysRotated_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME

func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME() *string

func CfnAggregationAuthorization_IsCfnElement

func CfnAggregationAuthorization_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAggregationAuthorization_IsCfnResource

func CfnAggregationAuthorization_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnAggregationAuthorization_IsConstruct

func CfnAggregationAuthorization_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnConfigRule_CFN_RESOURCE_TYPE_NAME

func CfnConfigRule_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigRule_IsCfnElement

func CfnConfigRule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnConfigRule_IsCfnResource

func CfnConfigRule_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnConfigRule_IsConstruct

func CfnConfigRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME

func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigurationAggregator_IsCfnElement

func CfnConfigurationAggregator_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnConfigurationAggregator_IsCfnResource

func CfnConfigurationAggregator_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnConfigurationAggregator_IsConstruct

func CfnConfigurationAggregator_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME

func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigurationRecorder_IsCfnElement

func CfnConfigurationRecorder_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnConfigurationRecorder_IsCfnResource

func CfnConfigurationRecorder_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnConfigurationRecorder_IsConstruct

func CfnConfigurationRecorder_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnConformancePack_CFN_RESOURCE_TYPE_NAME

func CfnConformancePack_CFN_RESOURCE_TYPE_NAME() *string

func CfnConformancePack_IsCfnElement

func CfnConformancePack_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnConformancePack_IsCfnResource

func CfnConformancePack_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnConformancePack_IsConstruct

func CfnConformancePack_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME

func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME() *string

func CfnDeliveryChannel_IsCfnElement

func CfnDeliveryChannel_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnDeliveryChannel_IsCfnResource

func CfnDeliveryChannel_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnDeliveryChannel_IsConstruct

func CfnDeliveryChannel_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME

func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME() *string

func CfnOrganizationConfigRule_IsCfnElement

func CfnOrganizationConfigRule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnOrganizationConfigRule_IsCfnResource

func CfnOrganizationConfigRule_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnOrganizationConfigRule_IsConstruct

func CfnOrganizationConfigRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME

func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME() *string

func CfnOrganizationConformancePack_IsCfnElement

func CfnOrganizationConformancePack_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnOrganizationConformancePack_IsCfnResource

func CfnOrganizationConformancePack_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnOrganizationConformancePack_IsConstruct

func CfnOrganizationConformancePack_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME

func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME() *string

func CfnRemediationConfiguration_IsCfnElement

func CfnRemediationConfiguration_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnRemediationConfiguration_IsCfnResource

func CfnRemediationConfiguration_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnRemediationConfiguration_IsConstruct

func CfnRemediationConfiguration_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME

func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME() *string

func CfnStoredQuery_IsCfnElement

func CfnStoredQuery_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnStoredQuery_IsCfnResource

func CfnStoredQuery_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnStoredQuery_IsConstruct

func CfnStoredQuery_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CloudFormationStackDriftDetectionCheck_IsConstruct

func CloudFormationStackDriftDetectionCheck_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CloudFormationStackDriftDetectionCheck_IsOwnedResource added in v2.32.0

func CloudFormationStackDriftDetectionCheck_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func CloudFormationStackDriftDetectionCheck_IsResource

func CloudFormationStackDriftDetectionCheck_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CloudFormationStackNotificationCheck_IsConstruct

func CloudFormationStackNotificationCheck_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CloudFormationStackNotificationCheck_IsOwnedResource added in v2.32.0

func CloudFormationStackNotificationCheck_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func CloudFormationStackNotificationCheck_IsResource

func CloudFormationStackNotificationCheck_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CustomPolicy_IsConstruct added in v2.47.0

func CustomPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CustomPolicy_IsOwnedResource added in v2.47.0

func CustomPolicy_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func CustomPolicy_IsResource added in v2.47.0

func CustomPolicy_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CustomRule_IsConstruct

func CustomRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CustomRule_IsOwnedResource added in v2.32.0

func CustomRule_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func CustomRule_IsResource

func CustomRule_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED

func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED() *string

func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS

func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS() *string

func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK

func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK() *string

func ManagedRuleIdentifiers_ALB_DESYNC_MODE_CHECK added in v2.67.0

func ManagedRuleIdentifiers_ALB_DESYNC_MODE_CHECK() *string

func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED

func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED() *string

func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK

func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK() *string

func ManagedRuleIdentifiers_ALB_WAF_ENABLED

func ManagedRuleIdentifiers_ALB_WAF_ENABLED() *string

func ManagedRuleIdentifiers_API_GWV2_ACCESS_LOGS_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_API_GWV2_ACCESS_LOGS_ENABLED() *string

func ManagedRuleIdentifiers_API_GWV2_AUTHORIZATION_TYPE_CONFIGURED added in v2.67.0

func ManagedRuleIdentifiers_API_GWV2_AUTHORIZATION_TYPE_CONFIGURED() *string

func ManagedRuleIdentifiers_API_GW_ASSOCIATED_WITH_WAF added in v2.67.0

func ManagedRuleIdentifiers_API_GW_ASSOCIATED_WITH_WAF() *string

func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED

func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED() *string

func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK

func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK() *string

func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED

func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_API_GW_SSL_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_API_GW_SSL_ENABLED() *string

func ManagedRuleIdentifiers_API_GW_XRAY_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_API_GW_XRAY_ENABLED() *string

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID() *string

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG() *string

func ManagedRuleIdentifiers_AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_AURORA_MYSQL_BACKTRACKING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_AURORA_MYSQL_BACKTRACKING_ENABLED() *string

func ManagedRuleIdentifiers_AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_AUTOSCALING_CAPACITY_REBALANCING added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_CAPACITY_REBALANCING() *string

func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED

func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED() *string

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2() *string

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT() *string

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED() *string

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_TEMPLATE added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_TEMPLATE() *string

func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_AZ added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_AZ() *string

func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_INSTANCE_TYPES added in v2.67.0

func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_INSTANCE_TYPES() *string

func ManagedRuleIdentifiers_BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK added in v2.67.0

func ManagedRuleIdentifiers_BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK() *string

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_ENCRYPTED added in v2.67.0

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_ENCRYPTED() *string

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED added in v2.67.0

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED() *string

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK added in v2.67.0

func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK() *string

func ManagedRuleIdentifiers_BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED() *string

func ManagedRuleIdentifiers_CLB_DESYNC_MODE_CHECK added in v2.67.0

func ManagedRuleIdentifiers_CLB_DESYNC_MODE_CHECK() *string

func ManagedRuleIdentifiers_CLB_MULTIPLE_AZ added in v2.67.0

func ManagedRuleIdentifiers_CLB_MULTIPLE_AZ() *string

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ACCESSLOGS_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_ACCESSLOGS_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ASSOCIATED_WITH_WAF added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_ASSOCIATED_WITH_WAF() *string

func ManagedRuleIdentifiers_CLOUDFRONT_CUSTOM_SSL_CERTIFICATE added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_CUSTOM_SSL_CERTIFICATE() *string

func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED

func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_SECURITY_POLICY_CHECK added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_SECURITY_POLICY_CHECK() *string

func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED

func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED added in v2.67.0

func ManagedRuleIdentifiers_CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS

func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED

func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED

func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED

func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK added in v2.67.0

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED

func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED

func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED

func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED() *string

func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED

func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION added in v2.67.0

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK added in v2.67.0

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_LOGGING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED added in v2.67.0

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK() *string

func ManagedRuleIdentifiers_CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED() *string

func ManagedRuleIdentifiers_CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED added in v2.67.0

func ManagedRuleIdentifiers_CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED() *string

func ManagedRuleIdentifiers_CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED added in v2.67.0

func ManagedRuleIdentifiers_CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED() *string

func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK

func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK() *string

func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK

func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK() *string

func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK

func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK() *string

func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED

func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC

func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC() *string

func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED

func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN

func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED

func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS() *string

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK

func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK() *string

func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES

func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES() *string

func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN

func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE

func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE() *string

func ManagedRuleIdentifiers_EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK

func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK() *string

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY() *string

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE() *string

func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT

func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT() *string

func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK

func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK() *string

func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC

func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED

func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM

func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_MULTIPLE_ENI_CHECK added in v2.67.0

func ManagedRuleIdentifiers_EC2_INSTANCE_MULTIPLE_ENI_CHECK() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP

func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED

func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED() *string

func ManagedRuleIdentifiers_EC2_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_EC2_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK() *string

func ManagedRuleIdentifiers_EC2_NO_AMAZON_KEY_PAIR added in v2.67.0

func ManagedRuleIdentifiers_EC2_NO_AMAZON_KEY_PAIR() *string

func ManagedRuleIdentifiers_EC2_PARAVIRTUAL_INSTANCE_CHECK added in v2.67.0

func ManagedRuleIdentifiers_EC2_PARAVIRTUAL_INSTANCE_CHECK() *string

func ManagedRuleIdentifiers_EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC added in v2.67.0

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC() *string

func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE

func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE() *string

func ManagedRuleIdentifiers_EC2_TOKEN_HOP_LIMIT_CHECK added in v2.67.0

func ManagedRuleIdentifiers_EC2_TOKEN_HOP_LIMIT_CHECK() *string

func ManagedRuleIdentifiers_EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED added in v2.67.0

func ManagedRuleIdentifiers_EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED() *string

func ManagedRuleIdentifiers_EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK added in v2.67.0

func ManagedRuleIdentifiers_EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK() *string

func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK

func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK() *string

func ManagedRuleIdentifiers_ECR_PRIVATE_IMAGE_SCANNING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_ECR_PRIVATE_IMAGE_SCANNING_ENABLED() *string

func ManagedRuleIdentifiers_ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED added in v2.67.0

func ManagedRuleIdentifiers_ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED() *string

func ManagedRuleIdentifiers_ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED() *string

func ManagedRuleIdentifiers_ECS_AWSVPC_NETWORKING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_ECS_AWSVPC_NETWORKING_ENABLED() *string

func ManagedRuleIdentifiers_ECS_CONTAINERS_NONPRIVILEGED added in v2.67.0

func ManagedRuleIdentifiers_ECS_CONTAINERS_NONPRIVILEGED() *string

func ManagedRuleIdentifiers_ECS_CONTAINERS_READONLY_ACCESS added in v2.67.0

func ManagedRuleIdentifiers_ECS_CONTAINERS_READONLY_ACCESS() *string

func ManagedRuleIdentifiers_ECS_CONTAINER_INSIGHTS_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_ECS_CONTAINER_INSIGHTS_ENABLED() *string

func ManagedRuleIdentifiers_ECS_FARGATE_LATEST_PLATFORM_VERSION added in v2.67.0

func ManagedRuleIdentifiers_ECS_FARGATE_LATEST_PLATFORM_VERSION() *string

func ManagedRuleIdentifiers_ECS_NO_ENVIRONMENT_SECRETS added in v2.67.0

func ManagedRuleIdentifiers_ECS_NO_ENVIRONMENT_SECRETS() *string

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_LOG_CONFIGURATION added in v2.67.0

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_LOG_CONFIGURATION() *string

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT added in v2.67.0

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT() *string

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_NONROOT_USER added in v2.67.0

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_NONROOT_USER() *string

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_PID_MODE_CHECK added in v2.67.0

func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_PID_MODE_CHECK() *string

func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY added in v2.67.0

func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY() *string

func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY added in v2.67.0

func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY() *string

func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK

func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK() *string

func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN

func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EFS_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_EFS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EIP_ATTACHED

func ManagedRuleIdentifiers_EIP_ATTACHED() *string

func ManagedRuleIdentifiers_EKS_CLUSTER_OLDEST_SUPPORTED_VERSION added in v2.35.0

func ManagedRuleIdentifiers_EKS_CLUSTER_OLDEST_SUPPORTED_VERSION() *string

func ManagedRuleIdentifiers_EKS_CLUSTER_SUPPORTED_VERSION added in v2.35.0

func ManagedRuleIdentifiers_EKS_CLUSTER_SUPPORTED_VERSION() *string

func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS

func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS() *string

func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED

func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED() *string

func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK

func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST

func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY

func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK

func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string

func ManagedRuleIdentifiers_ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED() *string

func ManagedRuleIdentifiers_ELBV2_ACM_CERTIFICATE_REQUIRED added in v2.67.0

func ManagedRuleIdentifiers_ELBV2_ACM_CERTIFICATE_REQUIRED() *string

func ManagedRuleIdentifiers_ELBV2_MULTIPLE_AZ added in v2.67.0

func ManagedRuleIdentifiers_ELBV2_MULTIPLE_AZ() *string

func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED

func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED() *string

func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED

func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string

func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK

func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK() *string

func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED

func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED

func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK

func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK() *string

func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY

func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY() *string

func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED

func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED() *string

func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP

func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK() *string

func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK

func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK

func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK

func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK() *string

func ManagedRuleIdentifiers_FSX_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_FSX_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED

func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED() *string

func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS

func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS() *string

func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS

func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS() *string

func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK

func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK() *string

func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS

func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS() *string

func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK

func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY

func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY() *string

func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK

func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK() *string

func ManagedRuleIdentifiers_IAM_POLICY_IN_USE

func ManagedRuleIdentifiers_IAM_POLICY_IN_USE() *string

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS() *string

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS added in v2.67.0

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS() *string

func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK

func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK() *string

func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK

func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK

func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED

func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED() *string

func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK

func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK

func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK() *string

func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY

func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY() *string

func ManagedRuleIdentifiers_KINESIS_STREAM_ENCRYPTED added in v2.67.0

func ManagedRuleIdentifiers_KINESIS_STREAM_ENCRYPTED() *string

func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION

func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION() *string

func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK

func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK

func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED() *string

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC

func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC() *string

func ManagedRuleIdentifiers_LAMBDA_VPC_MULTI_AZ_CHECK added in v2.67.0

func ManagedRuleIdentifiers_LAMBDA_VPC_MULTI_AZ_CHECK() *string

func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS

func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS() *string

func ManagedRuleIdentifiers_NACL_NO_UNRESTRICTED_SSH_RDP added in v2.67.0

func ManagedRuleIdentifiers_NACL_NO_UNRESTRICTED_SSH_RDP() *string

func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS added in v2.67.0

func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS() *string

func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS added in v2.67.0

func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS() *string

func ManagedRuleIdentifiers_NETFW_POLICY_RULE_GROUP_ASSOCIATED added in v2.67.0

func ManagedRuleIdentifiers_NETFW_POLICY_RULE_GROUP_ASSOCIATED() *string

func ManagedRuleIdentifiers_NETFW_STATELESS_RULE_GROUP_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_NETFW_STATELESS_RULE_GROUP_NOT_EMPTY() *string

func ManagedRuleIdentifiers_NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string

func ManagedRuleIdentifiers_OPENSEARCH_ACCESS_CONTROL_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_ACCESS_CONTROL_ENABLED() *string

func ManagedRuleIdentifiers_OPENSEARCH_AUDIT_LOGGING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_AUDIT_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_OPENSEARCH_DATA_NODE_FAULT_TOLERANCE added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_DATA_NODE_FAULT_TOLERANCE() *string

func ManagedRuleIdentifiers_OPENSEARCH_ENCRYPTED_AT_REST added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_ENCRYPTED_AT_REST() *string

func ManagedRuleIdentifiers_OPENSEARCH_HTTPS_REQUIRED added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_HTTPS_REQUIRED() *string

func ManagedRuleIdentifiers_OPENSEARCH_IN_VPC_ONLY added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_IN_VPC_ONLY() *string

func ManagedRuleIdentifiers_OPENSEARCH_LOGS_TO_CLOUDWATCH added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_LOGS_TO_CLOUDWATCH() *string

func ManagedRuleIdentifiers_OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK added in v2.67.0

func ManagedRuleIdentifiers_OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string

func ManagedRuleIdentifiers_RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED() *string

func ManagedRuleIdentifiers_RDS_CLUSTER_DEFAULT_ADMIN_CHECK added in v2.67.0

func ManagedRuleIdentifiers_RDS_CLUSTER_DEFAULT_ADMIN_CHECK() *string

func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED

func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_CLUSTER_MULTI_AZ_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_RDS_CLUSTER_MULTI_AZ_ENABLED() *string

func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED

func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED() *string

func ManagedRuleIdentifiers_RDS_DB_SECURITY_GROUP_NOT_ALLOWED added in v2.67.0

func ManagedRuleIdentifiers_RDS_DB_SECURITY_GROUP_NOT_ALLOWED() *string

func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED

func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_DEFAULT_ADMIN_CHECK added in v2.67.0

func ManagedRuleIdentifiers_RDS_INSTANCE_DEFAULT_ADMIN_CHECK() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED

func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED

func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK

func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK() *string

func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN

func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_RDS_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_RDS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED

func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT

func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT() *string

func ManagedRuleIdentifiers_RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED

func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED() *string

func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED

func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED() *string

func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED

func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED() *string

func ManagedRuleIdentifiers_REDSHIFT_AUDIT_LOGGING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_REDSHIFT_AUDIT_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED

func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_KMS_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_KMS_ENABLED() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_ADMIN_CHECK added in v2.67.0

func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_ADMIN_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_DB_NAME_CHECK added in v2.67.0

func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_DB_NAME_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED() *string

func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL

func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL() *string

func ManagedRuleIdentifiers_REQUIRED_TAGS

func ManagedRuleIdentifiers_REQUIRED_TAGS() *string

func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED

func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED() *string

func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED

func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED() *string

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS() *string

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC added in v2.67.0

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC() *string

func ManagedRuleIdentifiers_S3_BUCKET_ACL_PROHIBITED added in v2.67.0

func ManagedRuleIdentifiers_S3_BUCKET_ACL_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED

func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED

func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED added in v2.13.0

func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED

func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK() *string

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE() *string

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED

func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED

func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY

func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY() *string

func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED

func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED() *string

func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS

func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS() *string

func ManagedRuleIdentifiers_S3_EVENT_NOTIFICATIONS_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_S3_EVENT_NOTIFICATIONS_ENABLED() *string

func ManagedRuleIdentifiers_S3_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_S3_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_S3_LIFECYCLE_POLICY_CHECK added in v2.67.0

func ManagedRuleIdentifiers_S3_LIFECYCLE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_S3_VERSION_LIFECYCLE_POLICY_CHECK added in v2.67.0

func ManagedRuleIdentifiers_S3_VERSION_LIFECYCLE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED

func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED() *string

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED() *string

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK

func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK

func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_PERIODIC_ROTATION added in v2.67.0

func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_PERIODIC_ROTATION() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_UNUSED added in v2.67.0

func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_UNUSED() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_USING_CMK added in v2.67.0

func ManagedRuleIdentifiers_SECRETSMANAGER_USING_CMK() *string

func ManagedRuleIdentifiers_SECURITYHUB_ENABLED

func ManagedRuleIdentifiers_SECURITYHUB_ENABLED() *string

func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED

func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED() *string

func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW

func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW() *string

func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS

func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS() *string

func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS

func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS() *string

func ManagedRuleIdentifiers_SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED added in v2.67.0

func ManagedRuleIdentifiers_SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED() *string

func ManagedRuleIdentifiers_SSM_DOCUMENT_NOT_PUBLIC added in v2.67.0

func ManagedRuleIdentifiers_SSM_DOCUMENT_NOT_PUBLIC() *string

func ManagedRuleIdentifiers_STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED added in v2.67.0

func ManagedRuleIdentifiers_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED() *string

func ManagedRuleIdentifiers_VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED added in v2.67.0

func ManagedRuleIdentifiers_VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED() *string

func ManagedRuleIdentifiers_VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN added in v2.67.0

func ManagedRuleIdentifiers_VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED

func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED() *string

func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED

func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED() *string

func ManagedRuleIdentifiers_VPC_NETWORK_ACL_UNUSED_CHECK added in v2.67.0

func ManagedRuleIdentifiers_VPC_NETWORK_ACL_UNUSED_CHECK() *string

func ManagedRuleIdentifiers_VPC_PEERING_DNS_RESOLUTION_CHECK added in v2.67.0

func ManagedRuleIdentifiers_VPC_PEERING_DNS_RESOLUTION_CHECK() *string

func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS

func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS() *string

func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP

func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP() *string

func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED

func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED

func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_WAF_GLOBAL_RULEGROUP_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_GLOBAL_RULEGROUP_NOT_EMPTY() *string

func ManagedRuleIdentifiers_WAF_GLOBAL_RULE_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_GLOBAL_RULE_NOT_EMPTY() *string

func ManagedRuleIdentifiers_WAF_GLOBAL_WEBACL_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_GLOBAL_WEBACL_NOT_EMPTY() *string

func ManagedRuleIdentifiers_WAF_REGIONAL_RULEGROUP_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_REGIONAL_RULEGROUP_NOT_EMPTY() *string

func ManagedRuleIdentifiers_WAF_REGIONAL_RULE_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_REGIONAL_RULE_NOT_EMPTY() *string

func ManagedRuleIdentifiers_WAF_REGIONAL_WEBACL_NOT_EMPTY added in v2.67.0

func ManagedRuleIdentifiers_WAF_REGIONAL_WEBACL_NOT_EMPTY() *string

func ManagedRule_IsConstruct

func ManagedRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ManagedRule_IsOwnedResource added in v2.32.0

func ManagedRule_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ManagedRule_IsResource

func ManagedRule_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewAccessKeysRotated_Override

func NewAccessKeysRotated_Override(a AccessKeysRotated, scope constructs.Construct, id *string, props *AccessKeysRotatedProps)

func NewCfnAggregationAuthorization_Override

func NewCfnAggregationAuthorization_Override(c CfnAggregationAuthorization, scope constructs.Construct, id *string, props *CfnAggregationAuthorizationProps)

func NewCfnConfigRule_Override

func NewCfnConfigRule_Override(c CfnConfigRule, scope constructs.Construct, id *string, props *CfnConfigRuleProps)

func NewCfnConfigurationAggregator_Override

func NewCfnConfigurationAggregator_Override(c CfnConfigurationAggregator, scope constructs.Construct, id *string, props *CfnConfigurationAggregatorProps)

func NewCfnConfigurationRecorder_Override

func NewCfnConfigurationRecorder_Override(c CfnConfigurationRecorder, scope constructs.Construct, id *string, props *CfnConfigurationRecorderProps)

func NewCfnConformancePack_Override

func NewCfnConformancePack_Override(c CfnConformancePack, scope constructs.Construct, id *string, props *CfnConformancePackProps)

func NewCfnDeliveryChannel_Override

func NewCfnDeliveryChannel_Override(c CfnDeliveryChannel, scope constructs.Construct, id *string, props *CfnDeliveryChannelProps)

func NewCfnOrganizationConfigRule_Override

func NewCfnOrganizationConfigRule_Override(c CfnOrganizationConfigRule, scope constructs.Construct, id *string, props *CfnOrganizationConfigRuleProps)

func NewCfnOrganizationConformancePack_Override

func NewCfnOrganizationConformancePack_Override(c CfnOrganizationConformancePack, scope constructs.Construct, id *string, props *CfnOrganizationConformancePackProps)

func NewCfnRemediationConfiguration_Override

func NewCfnRemediationConfiguration_Override(c CfnRemediationConfiguration, scope constructs.Construct, id *string, props *CfnRemediationConfigurationProps)

func NewCfnStoredQuery_Override

func NewCfnStoredQuery_Override(c CfnStoredQuery, scope constructs.Construct, id *string, props *CfnStoredQueryProps)

func NewCloudFormationStackDriftDetectionCheck_Override

func NewCloudFormationStackDriftDetectionCheck_Override(c CloudFormationStackDriftDetectionCheck, scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps)

func NewCloudFormationStackNotificationCheck_Override

func NewCloudFormationStackNotificationCheck_Override(c CloudFormationStackNotificationCheck, scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps)

func NewCustomPolicy_Override added in v2.47.0

func NewCustomPolicy_Override(c CustomPolicy, scope constructs.Construct, id *string, props *CustomPolicyProps)

func NewCustomRule_Override

func NewCustomRule_Override(c CustomRule, scope constructs.Construct, id *string, props *CustomRuleProps)

func NewManagedRule_Override

func NewManagedRule_Override(m ManagedRule, scope constructs.Construct, id *string, props *ManagedRuleProps)

Types

type AccessKeysRotated

type AccessKeysRotated interface {
	ManagedRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

Checks whether the active access keys are rotated within the number of days specified in `maxAge`.

Example:

// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))

See: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html

func NewAccessKeysRotated

func NewAccessKeysRotated(scope constructs.Construct, id *string, props *AccessKeysRotatedProps) AccessKeysRotated

type AccessKeysRotatedProps

type AccessKeysRotatedProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The maximum number of days within which the access keys must be rotated.
	// Default: Duration.days(90)
	//
	MaxAge awscdk.Duration `field:"optional" json:"maxAge" yaml:"maxAge"`
}

Construction properties for a AccessKeysRotated.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}
var ruleScope ruleScope

accessKeysRotatedProps := &AccessKeysRotatedProps{
	ConfigRuleName: jsii.String("configRuleName"),
	Description: jsii.String("description"),
	InputParameters: map[string]interface{}{
		"inputParametersKey": inputParameters,
	},
	MaxAge: cdk.Duration_Minutes(jsii.Number(30)),
	MaximumExecutionFrequency: awscdk.Aws_config.MaximumExecutionFrequency_ONE_HOUR,
	RuleScope: ruleScope,
}

type CfnAggregationAuthorization

type CfnAggregationAuthorization interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// The Amazon Resource Name (ARN) of the aggregation object.
	AttrAggregationAuthorizationArn() *string
	// The 12-digit account ID of the account authorized to aggregate data.
	AuthorizedAccountId() *string
	SetAuthorizedAccountId(val *string)
	// The region authorized to collect aggregated data.
	AuthorizedAwsRegion() *string
	SetAuthorizedAwsRegion(val *string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An array of tag object.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

An object that represents the authorizations granted to aggregator accounts and regions.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAggregationAuthorization := awscdk.Aws_config.NewCfnAggregationAuthorization(this, jsii.String("MyCfnAggregationAuthorization"), &CfnAggregationAuthorizationProps{
	AuthorizedAccountId: jsii.String("authorizedAccountId"),
	AuthorizedAwsRegion: jsii.String("authorizedAwsRegion"),

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html

func NewCfnAggregationAuthorization

func NewCfnAggregationAuthorization(scope constructs.Construct, id *string, props *CfnAggregationAuthorizationProps) CfnAggregationAuthorization

type CfnAggregationAuthorizationProps

type CfnAggregationAuthorizationProps struct {
	// The 12-digit account ID of the account authorized to aggregate data.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedaccountid
	//
	AuthorizedAccountId *string `field:"required" json:"authorizedAccountId" yaml:"authorizedAccountId"`
	// The region authorized to collect aggregated data.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedawsregion
	//
	AuthorizedAwsRegion *string `field:"required" json:"authorizedAwsRegion" yaml:"authorizedAwsRegion"`
	// An array of tag object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnAggregationAuthorization`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAggregationAuthorizationProps := &CfnAggregationAuthorizationProps{
	AuthorizedAccountId: jsii.String("authorizedAccountId"),
	AuthorizedAwsRegion: jsii.String("authorizedAwsRegion"),

	// the properties below are optional
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html

type CfnConfigRule

type CfnConfigRule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The Amazon Resource Name (ARN) of the AWS Config rule, such as `arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi` .
	AttrArn() *string
	// Compliance type determined by the Config rule.
	AttrComplianceType() *string
	// The ID of the AWS Config rule, such as `config-rule-a1bzhi` .
	AttrConfigRuleId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
	Compliance() interface{}
	SetCompliance(val interface{})
	// A name for the AWS Config rule.
	ConfigRuleName() *string
	SetConfigRuleName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The description that you provide for the AWS Config rule.
	Description() *string
	SetDescription(val *string)
	// The modes the AWS Config rule can be evaluated in.
	EvaluationModes() interface{}
	SetEvaluationModes(val interface{})
	// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
	InputParameters() interface{}
	SetInputParameters(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	MaximumExecutionFrequency() *string
	SetMaximumExecutionFrequency(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Defines which resources can trigger an evaluation for the rule.
	Scope() interface{}
	SetScope(val interface{})
	// Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
	Source() interface{}
	SetSource(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

> You must first create and start the AWS Config configuration recorder in order to create AWS Config managed rules with AWS CloudFormation .

For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) .

Adds or updates an AWS Config rule to evaluate if your AWS resources comply with your desired configurations. For information on how many AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .

There are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use the `ConfigRule` resource to create both AWS Config Managed Rules and AWS Config Custom Rules.

AWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `SourceIdentifier` key.

AWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .

If you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function that the rule invokes to evaluate your resources. When you use the `ConfigRule` resource to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. You specify the ARN in the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.

For any new AWS Config rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.

If you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.

For more information about developing and using AWS Config rules, see [Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}

cfnConfigRule := awscdk.Aws_config.NewCfnConfigRule(this, jsii.String("MyCfnConfigRule"), &CfnConfigRuleProps{
	Source: &SourceProperty{
		Owner: jsii.String("owner"),

		// the properties below are optional
		CustomPolicyDetails: &CustomPolicyDetailsProperty{
			EnableDebugLogDelivery: jsii.Boolean(false),
			PolicyRuntime: jsii.String("policyRuntime"),
			PolicyText: jsii.String("policyText"),
		},
		SourceDetails: []interface{}{
			&SourceDetailProperty{
				EventSource: jsii.String("eventSource"),
				MessageType: jsii.String("messageType"),

				// the properties below are optional
				MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
			},
		},
		SourceIdentifier: jsii.String("sourceIdentifier"),
	},

	// the properties below are optional
	Compliance: &ComplianceProperty{
		Type: jsii.String("type"),
	},
	ConfigRuleName: jsii.String("configRuleName"),
	Description: jsii.String("description"),
	EvaluationModes: []interface{}{
		&EvaluationModeConfigurationProperty{
			Mode: jsii.String("mode"),
		},
	},
	InputParameters: inputParameters,
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	Scope: &ScopeProperty{
		ComplianceResourceId: jsii.String("complianceResourceId"),
		ComplianceResourceTypes: []*string{
			jsii.String("complianceResourceTypes"),
		},
		TagKey: jsii.String("tagKey"),
		TagValue: jsii.String("tagValue"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html

func NewCfnConfigRule

func NewCfnConfigRule(scope constructs.Construct, id *string, props *CfnConfigRuleProps) CfnConfigRule

type CfnConfigRuleProps

type CfnConfigRuleProps struct {
	// Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-source
	//
	Source interface{} `field:"required" json:"source" yaml:"source"`
	// Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-compliance
	//
	Compliance interface{} `field:"optional" json:"compliance" yaml:"compliance"`
	// A name for the AWS Config rule.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-configrulename
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// The description that you provide for the AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// The modes the AWS Config rule can be evaluated in.
	//
	// The valid values are distinct objects. By default, the value is Detective evaluation mode only.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-evaluationmodes
	//
	EvaluationModes interface{} `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
	// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-inputparameters
	//
	InputParameters interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// You can specify a value for `MaximumExecutionFrequency` when:
	//
	// - You are using an AWS managed rule that is triggered at a periodic frequency.
	// - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-maximumexecutionfrequency
	//
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources can trigger an evaluation for the rule.
	//
	// The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
	//
	// > The scope can be empty.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope
	//
	Scope interface{} `field:"optional" json:"scope" yaml:"scope"`
}

Properties for defining a `CfnConfigRule`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}

cfnConfigRuleProps := &CfnConfigRuleProps{
	Source: &SourceProperty{
		Owner: jsii.String("owner"),

		// the properties below are optional
		CustomPolicyDetails: &CustomPolicyDetailsProperty{
			EnableDebugLogDelivery: jsii.Boolean(false),
			PolicyRuntime: jsii.String("policyRuntime"),
			PolicyText: jsii.String("policyText"),
		},
		SourceDetails: []interface{}{
			&SourceDetailProperty{
				EventSource: jsii.String("eventSource"),
				MessageType: jsii.String("messageType"),

				// the properties below are optional
				MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
			},
		},
		SourceIdentifier: jsii.String("sourceIdentifier"),
	},

	// the properties below are optional
	Compliance: &ComplianceProperty{
		Type: jsii.String("type"),
	},
	ConfigRuleName: jsii.String("configRuleName"),
	Description: jsii.String("description"),
	EvaluationModes: []interface{}{
		&EvaluationModeConfigurationProperty{
			Mode: jsii.String("mode"),
		},
	},
	InputParameters: inputParameters,
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	Scope: &ScopeProperty{
		ComplianceResourceId: jsii.String("complianceResourceId"),
		ComplianceResourceTypes: []*string{
			jsii.String("complianceResourceTypes"),
		},
		TagKey: jsii.String("tagKey"),
		TagValue: jsii.String("tagValue"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html

type CfnConfigRule_ComplianceProperty added in v2.91.0

type CfnConfigRule_ComplianceProperty struct {
	// Indicates whether an AWS resource or AWS Config rule is compliant.
	//
	// A resource is compliant if it complies with all of the AWS Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
	//
	// A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.
	//
	// AWS Config returns the `INSUFFICIENT_DATA` value when no evaluation results are available for the AWS resource or AWS Config rule.
	//
	// For the `Compliance` data type, AWS Config supports only `COMPLIANT` , `NON_COMPLIANT` , and `INSUFFICIENT_DATA` values. AWS Config does not support the `NOT_APPLICABLE` value for the `Compliance` data type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-compliance.html#cfn-config-configrule-compliance-type
	//
	Type *string `field:"optional" json:"type" yaml:"type"`
}

Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

complianceProperty := &ComplianceProperty{
	Type: jsii.String("type"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-compliance.html

type CfnConfigRule_CustomPolicyDetailsProperty added in v2.33.0

type CfnConfigRule_CustomPolicyDetailsProperty struct {
	// The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
	//
	// The default value is `false` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-enabledebuglogdelivery
	//
	EnableDebugLogDelivery interface{} `field:"optional" json:"enableDebugLogDelivery" yaml:"enableDebugLogDelivery"`
	// The runtime system for your AWS Config Custom Policy rule.
	//
	// Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policyruntime
	//
	PolicyRuntime *string `field:"optional" json:"policyRuntime" yaml:"policyRuntime"`
	// The policy definition containing the logic for your AWS Config Custom Policy rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policytext
	//
	PolicyText *string `field:"optional" json:"policyText" yaml:"policyText"`
}

Provides the CustomPolicyDetails, the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customPolicyDetailsProperty := &CustomPolicyDetailsProperty{
	EnableDebugLogDelivery: jsii.Boolean(false),
	PolicyRuntime: jsii.String("policyRuntime"),
	PolicyText: jsii.String("policyText"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html

type CfnConfigRule_EvaluationModeConfigurationProperty added in v2.91.0

type CfnConfigRule_EvaluationModeConfigurationProperty struct {
	// The mode of an evaluation.
	//
	// The valid values are Detective or Proactive.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-evaluationmodeconfiguration.html#cfn-config-configrule-evaluationmodeconfiguration-mode
	//
	Mode *string `field:"optional" json:"mode" yaml:"mode"`
}

The configuration object for AWS Config rule evaluation mode.

The supported valid values are Detective or Proactive.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

evaluationModeConfigurationProperty := &EvaluationModeConfigurationProperty{
	Mode: jsii.String("mode"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-evaluationmodeconfiguration.html

type CfnConfigRule_ScopeProperty

type CfnConfigRule_ScopeProperty struct {
	// The ID of the only AWS resource that you want to trigger an evaluation for the rule.
	//
	// If you specify a resource ID, you must specify one resource type for `ComplianceResourceTypes` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourceid
	//
	ComplianceResourceId *string `field:"optional" json:"complianceResourceId" yaml:"complianceResourceId"`
	// The resource types of only those AWS resources that you want to trigger an evaluation for the rule.
	//
	// You can only specify one type if you also specify a resource ID for `ComplianceResourceId` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourcetypes
	//
	ComplianceResourceTypes *[]*string `field:"optional" json:"complianceResourceTypes" yaml:"complianceResourceTypes"`
	// The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagkey
	//
	TagKey *string `field:"optional" json:"tagKey" yaml:"tagKey"`
	// The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
	//
	// If you specify a value for `TagValue` , you must also specify a value for `TagKey` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagvalue
	//
	TagValue *string `field:"optional" json:"tagValue" yaml:"tagValue"`
}

Defines which resources trigger an evaluation for an AWS Config rule.

The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

scopeProperty := &ScopeProperty{
	ComplianceResourceId: jsii.String("complianceResourceId"),
	ComplianceResourceTypes: []*string{
		jsii.String("complianceResourceTypes"),
	},
	TagKey: jsii.String("tagKey"),
	TagValue: jsii.String("tagValue"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html

type CfnConfigRule_SourceDetailProperty

type CfnConfigRule_SourceDetailProperty struct {
	// The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-eventsource
	//
	EventSource *string `field:"required" json:"eventSource" yaml:"eventSource"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule.
	//
	// You can specify the following notification types:
	//
	// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
	// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
	// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
	// - `ConfigurationSnapshotDeliveryCompleted` - Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.
	//
	// If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for `ConfigurationItemChangeNotification` and one for `OversizedConfigurationItemChangeNotification` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-messagetype
	//
	MessageType *string `field:"required" json:"messageType" yaml:"messageType"`
	// The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger.
	//
	// If you specify a value for `MaximumExecutionFrequency` , then `MessageType` must use the `ScheduledNotification` value.
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	// >
	// > Based on the valid value you choose, AWS Config runs evaluations once for each valid value. For example, if you choose `Three_Hours` , AWS Config runs evaluations once every three hours. In this case, `Three_Hours` is the frequency of this rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-maximumexecutionfrequency
	//
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
}

Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for `SourceDetail` only for custom rules.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceDetailProperty := &SourceDetailProperty{
	EventSource: jsii.String("eventSource"),
	MessageType: jsii.String("messageType"),

	// the properties below are optional
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html

type CfnConfigRule_SourceProperty

type CfnConfigRule_SourceProperty struct {
	// Indicates whether AWS or the customer owns and manages the AWS Config rule.
	//
	// AWS Config Managed Rules are predefined rules owned by AWS . For more information, see [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the *AWS Config developer guide* .
	//
	// AWS Config Custom Rules are rules that you can develop either with Guard ( `CUSTOM_POLICY` ) or AWS Lambda ( `CUSTOM_LAMBDA` ). For more information, see [AWS Config Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the *AWS Config developer guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-owner
	//
	Owner *string `field:"required" json:"owner" yaml:"owner"`
	// Provides the runtime system, policy definition, and whether debug logging is enabled.
	//
	// Required when owner is set to `CUSTOM_POLICY` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-custompolicydetails
	//
	CustomPolicyDetails interface{} `field:"optional" json:"customPolicyDetails" yaml:"customPolicyDetails"`
	// Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.
	//
	// It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
	//
	// If the owner is set to `CUSTOM_POLICY` , the only acceptable values for the AWS Config rule trigger message type are `ConfigurationItemChangeNotification` and `OversizedConfigurationItemChangeNotification` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourcedetails
	//
	SourceDetails interface{} `field:"optional" json:"sourceDetails" yaml:"sourceDetails"`
	// For AWS Config Managed rules, a predefined identifier from a list.
	//
	// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) .
	//
	// For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as `arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name` .
	//
	// For AWS Config Custom Policy rules, this field will be ignored.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourceidentifier
	//
	SourceIdentifier *string `field:"optional" json:"sourceIdentifier" yaml:"sourceIdentifier"`
}

Provides the CustomPolicyDetails, the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceProperty := &SourceProperty{
	Owner: jsii.String("owner"),

	// the properties below are optional
	CustomPolicyDetails: &CustomPolicyDetailsProperty{
		EnableDebugLogDelivery: jsii.Boolean(false),
		PolicyRuntime: jsii.String("policyRuntime"),
		PolicyText: jsii.String("policyText"),
	},
	SourceDetails: []interface{}{
		&SourceDetailProperty{
			EventSource: jsii.String("eventSource"),
			MessageType: jsii.String("messageType"),

			// the properties below are optional
			MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		},
	},
	SourceIdentifier: jsii.String("sourceIdentifier"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html

type CfnConfigurationAggregator

type CfnConfigurationAggregator interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// Provides a list of source accounts and regions to be aggregated.
	AccountAggregationSources() interface{}
	SetAccountAggregationSources(val interface{})
	// The Amazon Resource Name (ARN) of the aggregator.
	AttrConfigurationAggregatorArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The name of the aggregator.
	ConfigurationAggregatorName() *string
	SetConfigurationAggregatorName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Provides an organization and list of regions to be aggregated.
	OrganizationAggregationSource() interface{}
	SetOrganizationAggregationSource(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An array of tag object.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationAggregator := awscdk.Aws_config.NewCfnConfigurationAggregator(this, jsii.String("MyCfnConfigurationAggregator"), &CfnConfigurationAggregatorProps{
	AccountAggregationSources: []interface{}{
		&AccountAggregationSourceProperty{
			AccountIds: []*string{
				jsii.String("accountIds"),
			},

			// the properties below are optional
			AllAwsRegions: jsii.Boolean(false),
			AwsRegions: []*string{
				jsii.String("awsRegions"),
			},
		},
	},
	ConfigurationAggregatorName: jsii.String("configurationAggregatorName"),
	OrganizationAggregationSource: &OrganizationAggregationSourceProperty{
		RoleArn: jsii.String("roleArn"),

		// the properties below are optional
		AllAwsRegions: jsii.Boolean(false),
		AwsRegions: []*string{
			jsii.String("awsRegions"),
		},
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html

func NewCfnConfigurationAggregator

func NewCfnConfigurationAggregator(scope constructs.Construct, id *string, props *CfnConfigurationAggregatorProps) CfnConfigurationAggregator

type CfnConfigurationAggregatorProps

type CfnConfigurationAggregatorProps struct {
	// Provides a list of source accounts and regions to be aggregated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-accountaggregationsources
	//
	AccountAggregationSources interface{} `field:"optional" json:"accountAggregationSources" yaml:"accountAggregationSources"`
	// The name of the aggregator.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-configurationaggregatorname
	//
	ConfigurationAggregatorName *string `field:"optional" json:"configurationAggregatorName" yaml:"configurationAggregatorName"`
	// Provides an organization and list of regions to be aggregated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-organizationaggregationsource
	//
	OrganizationAggregationSource interface{} `field:"optional" json:"organizationAggregationSource" yaml:"organizationAggregationSource"`
	// An array of tag object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnConfigurationAggregator`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationAggregatorProps := &CfnConfigurationAggregatorProps{
	AccountAggregationSources: []interface{}{
		&AccountAggregationSourceProperty{
			AccountIds: []*string{
				jsii.String("accountIds"),
			},

			// the properties below are optional
			AllAwsRegions: jsii.Boolean(false),
			AwsRegions: []*string{
				jsii.String("awsRegions"),
			},
		},
	},
	ConfigurationAggregatorName: jsii.String("configurationAggregatorName"),
	OrganizationAggregationSource: &OrganizationAggregationSourceProperty{
		RoleArn: jsii.String("roleArn"),

		// the properties below are optional
		AllAwsRegions: jsii.Boolean(false),
		AwsRegions: []*string{
			jsii.String("awsRegions"),
		},
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html

type CfnConfigurationAggregator_AccountAggregationSourceProperty

type CfnConfigurationAggregator_AccountAggregationSourceProperty struct {
	// The 12-digit account ID of the account being aggregated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-accountids
	//
	AccountIds *[]*string `field:"required" json:"accountIds" yaml:"accountIds"`
	// If true, aggregate existing AWS Config regions and future regions.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-allawsregions
	//
	AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
	// The source regions being aggregated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-awsregions
	//
	AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}

A collection of accounts and regions.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountAggregationSourceProperty := &AccountAggregationSourceProperty{
	AccountIds: []*string{
		jsii.String("accountIds"),
	},

	// the properties below are optional
	AllAwsRegions: jsii.Boolean(false),
	AwsRegions: []*string{
		jsii.String("awsRegions"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html

type CfnConfigurationAggregator_OrganizationAggregationSourceProperty

type CfnConfigurationAggregator_OrganizationAggregationSourceProperty struct {
	// ARN of the IAM role used to retrieve AWS Organizations details associated with the aggregator account.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-rolearn
	//
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// If true, aggregate existing AWS Config regions and future regions.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-allawsregions
	//
	AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
	// The source regions being aggregated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-awsregions
	//
	AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}

This object contains regions to set up the aggregator and an IAM role to retrieve organization details.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationAggregationSourceProperty := &OrganizationAggregationSourceProperty{
	RoleArn: jsii.String("roleArn"),

	// the properties below are optional
	AllAwsRegions: jsii.Boolean(false),
	AwsRegions: []*string{
		jsii.String("awsRegions"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html

type CfnConfigurationRecorder

type CfnConfigurationRecorder interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of the configuration recorder.
	//
	// AWS Config automatically assigns the name of "default" when creating the configuration recorder.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Specifies which resource types AWS Config records for configuration changes.
	RecordingGroup() interface{}
	SetRecordingGroup(val interface{})
	// Specifies the default recording frequency that AWS Config uses to record configuration changes.
	RecordingMode() interface{}
	SetRecordingMode(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder.
	RoleArn() *string
	SetRoleArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Config::ConfigurationRecorder` resource type describes the AWS resource types that AWS Config records for configuration changes.

The configuration recorder stores the configuration changes of the specified resources in your account as configuration items.

> To enable AWS Config , you must create a configuration recorder and a delivery channel. > > AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see [AWS::Config::DeliveryChannel](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html) .

AWS CloudFormation starts the recorder as soon as the delivery channel is available.

To stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the [StopConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html) action of the AWS Config API directly.

For more information, see [Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-recorder) in the AWS Config Developer Guide.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationRecorder := awscdk.Aws_config.NewCfnConfigurationRecorder(this, jsii.String("MyCfnConfigurationRecorder"), &CfnConfigurationRecorderProps{
	RoleArn: jsii.String("roleArn"),

	// the properties below are optional
	Name: jsii.String("name"),
	RecordingGroup: &RecordingGroupProperty{
		AllSupported: jsii.Boolean(false),
		ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
			ResourceTypes: []*string{
				jsii.String("resourceTypes"),
			},
		},
		IncludeGlobalResourceTypes: jsii.Boolean(false),
		RecordingStrategy: &RecordingStrategyProperty{
			UseOnly: jsii.String("useOnly"),
		},
		ResourceTypes: []*string{
			jsii.String("resourceTypes"),
		},
	},
	RecordingMode: &RecordingModeProperty{
		RecordingFrequency: jsii.String("recordingFrequency"),

		// the properties below are optional
		RecordingModeOverrides: []interface{}{
			&RecordingModeOverrideProperty{
				RecordingFrequency: jsii.String("recordingFrequency"),
				ResourceTypes: []*string{
					jsii.String("resourceTypes"),
				},

				// the properties below are optional
				Description: jsii.String("description"),
			},
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html

func NewCfnConfigurationRecorder

func NewCfnConfigurationRecorder(scope constructs.Construct, id *string, props *CfnConfigurationRecorderProps) CfnConfigurationRecorder

type CfnConfigurationRecorderProps

type CfnConfigurationRecorderProps struct {
	// Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder.
	//
	// For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.
	//
	// > *Pre-existing AWS Config role*
	// >
	// > If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.
	// >
	// > For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-rolearn
	//
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// The name of the configuration recorder. AWS Config automatically assigns the name of "default" when creating the configuration recorder.
	//
	// You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Specifies which resource types AWS Config records for configuration changes.
	//
	// > *High Number of AWS Config Evaluations*
	// >
	// > You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.
	// >
	// > If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordinggroup
	//
	RecordingGroup interface{} `field:"optional" json:"recordingGroup" yaml:"recordingGroup"`
	// Specifies the default recording frequency that AWS Config uses to record configuration changes.
	//
	// AWS Config supports *Continuous recording* and *Daily recording* .
	//
	// - Continuous recording allows you to record configuration changes continuously whenever a change occurs.
	// - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
	//
	// > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
	//
	// You can also override the recording frequency for specific resource types.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordingmode
	//
	RecordingMode interface{} `field:"optional" json:"recordingMode" yaml:"recordingMode"`
}

Properties for defining a `CfnConfigurationRecorder`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationRecorderProps := &CfnConfigurationRecorderProps{
	RoleArn: jsii.String("roleArn"),

	// the properties below are optional
	Name: jsii.String("name"),
	RecordingGroup: &RecordingGroupProperty{
		AllSupported: jsii.Boolean(false),
		ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
			ResourceTypes: []*string{
				jsii.String("resourceTypes"),
			},
		},
		IncludeGlobalResourceTypes: jsii.Boolean(false),
		RecordingStrategy: &RecordingStrategyProperty{
			UseOnly: jsii.String("useOnly"),
		},
		ResourceTypes: []*string{
			jsii.String("resourceTypes"),
		},
	},
	RecordingMode: &RecordingModeProperty{
		RecordingFrequency: jsii.String("recordingFrequency"),

		// the properties below are optional
		RecordingModeOverrides: []interface{}{
			&RecordingModeOverrideProperty{
				RecordingFrequency: jsii.String("recordingFrequency"),
				ResourceTypes: []*string{
					jsii.String("resourceTypes"),
				},

				// the properties below are optional
				Description: jsii.String("description"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html

type CfnConfigurationRecorder_ExclusionByResourceTypesProperty added in v2.93.0

type CfnConfigurationRecorder_ExclusionByResourceTypesProperty struct {
	// A comma-separated list of resource types to exclude from recording by the configuration recorder.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html#cfn-config-configurationrecorder-exclusionbyresourcetypes-resourcetypes
	//
	ResourceTypes *[]*string `field:"required" json:"resourceTypes" yaml:"resourceTypes"`
}

Specifies whether the configuration recorder excludes certain resource types from being recorded.

Use the `ResourceTypes` field to enter a comma-separated list of resource types you want to exclude from recording.

By default, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.

> *How to use the exclusion recording strategy* > > To use this option, you must set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` . > > AWS Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded. > > *Global resource types and the exclusion recording strategy* > > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. > > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions: > > - Asia Pacific (Hyderabad) > - Asia Pacific (Melbourne) > - Canada West (Calgary) > - Europe (Spain) > - Europe (Zurich) > - Israel (Tel Aviv) > - Middle East (UAE).

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

exclusionByResourceTypesProperty := &ExclusionByResourceTypesProperty{
	ResourceTypes: []*string{
		jsii.String("resourceTypes"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html

type CfnConfigurationRecorder_RecordingGroupProperty

type CfnConfigurationRecorder_RecordingGroupProperty struct {
	// Specifies whether AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types.
	//
	// If you set this field to `true` , when AWS Config adds support for a new resource type, AWS Config starts recording resources of that type automatically.
	//
	// If you set this field to `true` , you cannot enumerate specific resource types to record in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) , or to exclude in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
	//
	// > *Region availability*
	// >
	// > Check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if a resource type is supported in the AWS Region where you set up AWS Config .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-allsupported
	//
	AllSupported interface{} `field:"optional" json:"allSupported" yaml:"allSupported"`
	// An object that specifies how AWS Config excludes resource types from being recorded by the configuration recorder.
	//
	// To use this option, you must set the `useOnly` field of [AWS::Config::ConfigurationRecorder RecordingStrategy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-exclusionbyresourcetypes
	//
	ExclusionByResourceTypes interface{} `field:"optional" json:"exclusionByResourceTypes" yaml:"exclusionByResourceTypes"`
	// This option is a bundle which only applies to the global IAM resource types: IAM users, groups, roles, and customer managed policies.
	//
	// These global IAM resource types can only be recorded by AWS Config in Regions where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
	//
	// - Asia Pacific (Hyderabad)
	// - Asia Pacific (Melbourne)
	// - Canada West (Calgary)
	// - Europe (Spain)
	// - Europe (Zurich)
	// - Israel (Tel Aviv)
	// - Middle East (UAE)
	//
	// > *Aurora global clusters are recorded in all enabled Regions*
	// >
	// > The `AWS::RDS::GlobalCluster` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled, even if `IncludeGlobalResourceTypes` is set to `false` . The `IncludeGlobalResourceTypes` option is a bundle which only applies to IAM users, groups, roles, and customer managed policies.
	// >
	// > If you do not want to record `AWS::RDS::GlobalCluster` in all enabled Regions, use one of the following recording strategies:
	// >
	// > - *Record all current and future resource types with exclusions* ( `EXCLUSION_BY_RESOURCE_TYPES` ), or
	// > - *Record specific resource types* ( `INCLUSION_BY_RESOURCE_TYPES` ).
	// >
	// > For more information, see [Selecting Which Resources are Recorded](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all) in the *AWS Config developer guide* . > *IncludeGlobalResourceTypes and the exclusion recording strategy*
	// >
	// > The `IncludeGlobalResourceTypes` field has no impact on the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy. This means that the global IAM resource types ( IAM users, groups, roles, and customer managed policies) will not be automatically added as exclusions for `ExclusionByResourceTypes` when `IncludeGlobalResourceTypes` is set to `false` .
	// >
	// > The `IncludeGlobalResourceTypes` field should only be used to modify the `AllSupported` field, as the default for the `AllSupported` field is to record configuration changes for all supported resource types excluding the global IAM resource types. To include the global IAM resource types when `AllSupported` is set to `true` , make sure to set `IncludeGlobalResourceTypes` to `true` .
	// >
	// > To exclude the global IAM resource types for the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, you need to manually add them to the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Required and optional fields*
	// >
	// > Before you set this field to `true` , set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` . > *Overriding fields*
	// >
	// > If you set this field to `false` but list global IAM resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the `IncludeGlobalResourceTypes` field to false.
	// >
	// > If you do not want to record configuration changes to the global IAM resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the `ResourceTypes` field in addition to setting the `IncludeGlobalResourceTypes` field to false.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-includeglobalresourcetypes
	//
	IncludeGlobalResourceTypes interface{} `field:"optional" json:"includeGlobalResourceTypes" yaml:"includeGlobalResourceTypes"`
	// An object that specifies the recording strategy for the configuration recorder.
	//
	// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type.
	// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types you specify in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
	// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
	//
	// > *Required and optional fields*
	// >
	// > The `recordingStrategy` field is optional when you set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .
	// >
	// > The `recordingStrategy` field is optional when you list resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
	// >
	// > The `recordingStrategy` field is required if you list resource types to exclude from recording in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*
	// >
	// > If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `ExclusionByResourceTypes` field will override other properties in the request.
	// >
	// > For example, even if you set `IncludeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Global resources types and the resource exclusion recording strategy*
	// >
	// > By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.
	// >
	// > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.
	// >
	// > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
	// >
	// > - Asia Pacific (Hyderabad)
	// > - Asia Pacific (Melbourne)
	// > - Canada West (Calgary)
	// > - Europe (Spain)
	// > - Europe (Zurich)
	// > - Israel (Tel Aviv)
	// > - Middle East (UAE).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-recordingstrategy
	//
	RecordingStrategy interface{} `field:"optional" json:"recordingStrategy" yaml:"recordingStrategy"`
	// A comma-separated list that specifies which resource types AWS Config records.
	//
	// For a list of valid `ResourceTypes` values, see the *Resource Type Value* column in [Supported AWS resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .
	//
	// > *Required and optional fields*
	// >
	// > Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` .
	// >
	// > To record all configuration changes, set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` , and either omit this field or don't specify any resource types in this field. If you set the `AllSupported` field to `false` and specify values for `ResourceTypes` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. > *Region availability*
	// >
	// > Before specifying a resource type for AWS Config to track, check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-resourcetypes
	//
	ResourceTypes *[]*string `field:"optional" json:"resourceTypes" yaml:"resourceTypes"`
}

Specifies which resource types AWS Config records for configuration changes.

By default, AWS Config records configuration changes for all current and future supported resource types in the AWS Region where you have enabled AWS Config , excluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.

In the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .

If you don't want AWS Config to record all current and future supported resource types (excluding the global IAM resource types), use one of the following recording strategies:

- *Record all current and future resource types with exclusions* ( `EXCLUSION_BY_RESOURCE_TYPES` ), or - *Record specific resource types* ( `INCLUSION_BY_RESOURCE_TYPES` ).

If you use the recording strategy to *Record all current and future resource types* ( `ALL_SUPPORTED_RESOURCE_TYPES` ), you can use the flag `IncludeGlobalResourceTypes` to include the global IAM resource types in your recording.

> *Aurora global clusters are recorded in all enabled Regions* > > The `AWS::RDS::GlobalCluster` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled. > > If you do not want to record `AWS::RDS::GlobalCluster` in all enabled Regions, use the `EXCLUSION_BY_RESOURCE_TYPES` or `INCLUSION_BY_RESOURCE_TYPES` recording strategy.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recordingGroupProperty := &RecordingGroupProperty{
	AllSupported: jsii.Boolean(false),
	ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
		ResourceTypes: []*string{
			jsii.String("resourceTypes"),
		},
	},
	IncludeGlobalResourceTypes: jsii.Boolean(false),
	RecordingStrategy: &RecordingStrategyProperty{
		UseOnly: jsii.String("useOnly"),
	},
	ResourceTypes: []*string{
		jsii.String("resourceTypes"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html

type CfnConfigurationRecorder_RecordingModeOverrideProperty added in v2.116.0

type CfnConfigurationRecorder_RecordingModeOverrideProperty struct {
	// The recording frequency that will be applied to all the resource types specified in the override.
	//
	// - Continuous recording allows you to record configuration changes continuously whenever a change occurs.
	// - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
	//
	// > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-recordingfrequency
	//
	RecordingFrequency *string `field:"required" json:"recordingFrequency" yaml:"recordingFrequency"`
	// A comma-separated list that specifies which resource types AWS Config includes in the override.
	//
	// > Daily recording is not supported for the following resource types:
	// >
	// > - `AWS::Config::ResourceCompliance`
	// > - `AWS::Config::ConformancePackCompliance`
	// > - `AWS::Config::ConfigurationRecorder`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-resourcetypes
	//
	ResourceTypes *[]*string `field:"required" json:"resourceTypes" yaml:"resourceTypes"`
	// A description that you provide for the override.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
}

An object for you to specify your overrides for the recording mode.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recordingModeOverrideProperty := &RecordingModeOverrideProperty{
	RecordingFrequency: jsii.String("recordingFrequency"),
	ResourceTypes: []*string{
		jsii.String("resourceTypes"),
	},

	// the properties below are optional
	Description: jsii.String("description"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html

type CfnConfigurationRecorder_RecordingModeProperty added in v2.116.0

type CfnConfigurationRecorder_RecordingModeProperty struct {
	// The default recording frequency that AWS Config uses to record configuration changes.
	//
	// > Daily recording is not supported for the following resource types:
	// >
	// > - `AWS::Config::ResourceCompliance`
	// > - `AWS::Config::ConformancePackCompliance`
	// > - `AWS::Config::ConfigurationRecorder`
	// >
	// > For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmode.html#cfn-config-configurationrecorder-recordingmode-recordingfrequency
	//
	RecordingFrequency *string `field:"required" json:"recordingFrequency" yaml:"recordingFrequency"`
	// An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode.
	//
	// The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmode.html#cfn-config-configurationrecorder-recordingmode-recordingmodeoverrides
	//
	RecordingModeOverrides interface{} `field:"optional" json:"recordingModeOverrides" yaml:"recordingModeOverrides"`
}

Specifies the default recording frequency that AWS Config uses to record configuration changes.

AWS Config supports *Continuous recording* and *Daily recording* .

- Continuous recording allows you to record configuration changes continuously whenever a change occurs. - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.

> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.

You can also override the recording frequency for specific resource types.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recordingModeProperty := &RecordingModeProperty{
	RecordingFrequency: jsii.String("recordingFrequency"),

	// the properties below are optional
	RecordingModeOverrides: []interface{}{
		&RecordingModeOverrideProperty{
			RecordingFrequency: jsii.String("recordingFrequency"),
			ResourceTypes: []*string{
				jsii.String("resourceTypes"),
			},

			// the properties below are optional
			Description: jsii.String("description"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmode.html

type CfnConfigurationRecorder_RecordingStrategyProperty added in v2.93.0

type CfnConfigurationRecorder_RecordingStrategyProperty struct {
	// The recording strategy for the configuration recorder.
	//
	// - If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .
	// - If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
	// - If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
	//
	// > *Required and optional fields*
	// >
	// > The `recordingStrategy` field is optional when you set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .
	// >
	// > The `recordingStrategy` field is optional when you list resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
	// >
	// > The `recordingStrategy` field is required if you list resource types to exclude from recording in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*
	// >
	// > If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `ExclusionByResourceTypes` field will override other properties in the request.
	// >
	// > For example, even if you set `IncludeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*
	// >
	// > By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.
	// >
	// > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.
	// >
	// > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
	// >
	// > - Asia Pacific (Hyderabad)
	// > - Asia Pacific (Melbourne)
	// > - Canada West (Calgary)
	// > - Europe (Spain)
	// > - Europe (Zurich)
	// > - Israel (Tel Aviv)
	// > - Middle East (UAE).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html#cfn-config-configurationrecorder-recordingstrategy-useonly
	//
	UseOnly *string `field:"required" json:"useOnly" yaml:"useOnly"`
}

Specifies the recording strategy of the configuration recorder.

Valid values include: `ALL_SUPPORTED_RESOURCE_TYPES` , `INCLUSION_BY_RESOURCE_TYPES` , and `EXCLUSION_BY_RESOURCE_TYPES` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recordingStrategyProperty := &RecordingStrategyProperty{
	UseOnly: jsii.String("useOnly"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html

type CfnConformancePack

type CfnConformancePack interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// A list of ConformancePackInputParameter objects.
	ConformancePackInputParameters() interface{}
	SetConformancePackInputParameters(val interface{})
	// Name of the conformance pack you want to create.
	ConformancePackName() *string
	SetConformancePackName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	DeliveryS3Bucket() *string
	SetDeliveryS3Bucket(val *string)
	// The prefix for the Amazon S3 bucket.
	DeliveryS3KeyPrefix() *string
	SetDeliveryS3KeyPrefix(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// A string containing full conformance pack template body.
	TemplateBody() *string
	SetTemplateBody(val *string)
	// Location of file containing the template body (s3://bucketname/prefix).
	TemplateS3Uri() *string
	SetTemplateS3Uri(val *string)
	// An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
	TemplateSsmDocumentDetails() interface{}
	SetTemplateSsmDocumentDetails(val interface{})
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region.

ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var templateSsmDocumentDetails interface{}

cfnConformancePack := awscdk.Aws_config.NewCfnConformancePack(this, jsii.String("MyCfnConformancePack"), &CfnConformancePackProps{
	ConformancePackName: jsii.String("conformancePackName"),

	// the properties below are optional
	ConformancePackInputParameters: []interface{}{
		&ConformancePackInputParameterProperty{
			ParameterName: jsii.String("parameterName"),
			ParameterValue: jsii.String("parameterValue"),
		},
	},
	DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	TemplateBody: jsii.String("templateBody"),
	TemplateS3Uri: jsii.String("templateS3Uri"),
	TemplateSsmDocumentDetails: templateSsmDocumentDetails,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html

func NewCfnConformancePack

func NewCfnConformancePack(scope constructs.Construct, id *string, props *CfnConformancePackProps) CfnConformancePack

type CfnConformancePackProps

type CfnConformancePackProps struct {
	// Name of the conformance pack you want to create.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackname
	//
	ConformancePackName *string `field:"required" json:"conformancePackName" yaml:"conformancePackName"`
	// A list of ConformancePackInputParameter objects.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackinputparameters
	//
	ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3bucket
	//
	DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
	// The prefix for the Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3keyprefix
	//
	DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	//
	// > You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatebody
	//
	TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
	// Location of file containing the template body (s3://bucketname/prefix).
	//
	// The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.
	//
	// > You must have access to read Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templates3uri
	//
	TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
	// An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatessmdocumentdetails
	//
	TemplateSsmDocumentDetails interface{} `field:"optional" json:"templateSsmDocumentDetails" yaml:"templateSsmDocumentDetails"`
}

Properties for defining a `CfnConformancePack`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var templateSsmDocumentDetails interface{}

cfnConformancePackProps := &CfnConformancePackProps{
	ConformancePackName: jsii.String("conformancePackName"),

	// the properties below are optional
	ConformancePackInputParameters: []interface{}{
		&ConformancePackInputParameterProperty{
			ParameterName: jsii.String("parameterName"),
			ParameterValue: jsii.String("parameterValue"),
		},
	},
	DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	TemplateBody: jsii.String("templateBody"),
	TemplateS3Uri: jsii.String("templateS3Uri"),
	TemplateSsmDocumentDetails: templateSsmDocumentDetails,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html

type CfnConformancePack_ConformancePackInputParameterProperty

type CfnConformancePack_ConformancePackInputParameterProperty struct {
	// One part of a key-value pair.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametername
	//
	ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
	// Another part of the key-value pair.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametervalue
	//
	ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}

Input parameters in the form of key-value pairs for the conformance pack, both of which you define.

Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

conformancePackInputParameterProperty := &ConformancePackInputParameterProperty{
	ParameterName: jsii.String("parameterName"),
	ParameterValue: jsii.String("parameterValue"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html

type CfnConformancePack_TemplateSSMDocumentDetailsProperty added in v2.55.0

type CfnConformancePack_TemplateSSMDocumentDetailsProperty struct {
	// The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.
	//
	// If you use the document name, AWS Config checks only your account and AWS Region for the SSM document.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentname
	//
	DocumentName *string `field:"optional" json:"documentName" yaml:"documentName"`
	// The version of the SSM document to use to create a conformance pack.
	//
	// By default, AWS Config uses the latest version.
	//
	// > This field is optional.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentversion
	//
	DocumentVersion *string `field:"optional" json:"documentVersion" yaml:"documentVersion"`
}

This API allows you to create a conformance pack template with an AWS Systems Manager document (SSM document).

To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the `DocumentName` in the [PutConformancePack API](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html) . You can also provide the `DocumentVersion` .

The `TemplateSSMDocumentDetails` object contains the name of the SSM document and the version of the SSM document.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

templateSSMDocumentDetailsProperty := &TemplateSSMDocumentDetailsProperty{
	DocumentName: jsii.String("documentName"),
	DocumentVersion: jsii.String("documentVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html

type CfnDeliveryChannel

type CfnDeliveryChannel interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
	ConfigSnapshotDeliveryProperties() interface{}
	SetConfigSnapshotDeliveryProperties(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// A name for the delivery channel.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
	S3BucketName() *string
	SetS3BucketName(val *string)
	// The prefix for the specified Amazon S3 bucket.
	S3KeyPrefix() *string
	SetS3KeyPrefix(val *string)
	// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
	S3KmsKeyArn() *string
	SetS3KmsKeyArn(val *string)
	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
	SnsTopicArn() *string
	SetSnsTopicArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.

Before you can create a delivery channel, you must create a configuration recorder. You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

> In the China (Beijing) Region, when you call this action, the Amazon S3 bucket must also be in the China (Beijing) Region. In all the other regions, AWS Config supports cross-region and cross-account delivery channels.

You can have only one delivery channel per region per AWS account, and the delivery channel is required to use AWS Config .

> AWS Config does not support the delivery channel to an Amazon S3 bucket bucket where object lock is enabled. For more information, see [How S3 Object Lock works](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html) .

When you create the delivery channel, you can specify; how often AWS Config delivers configuration snapshots to your Amazon S3 bucket (for example, 24 hours), the S3 bucket to which AWS Config sends configuration snapshots and configuration history files, and the Amazon SNS topic to which AWS Config sends notifications about configuration changes, such as updated resources, AWS Config rule evaluations, and when AWS Config delivers the configuration snapshot to your S3 bucket. For more information, see [Deliver Configuration Items](https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html#delivery-channel) in the AWS Config Developer Guide.

> To enable AWS Config , you must create a configuration recorder and a delivery channel. If you want to create the resources separately, you must create a configuration recorder before you can create a delivery channel. AWS Config uses the configuration recorder to capture configuration changes to your resources. For more information, see [AWS::Config::ConfigurationRecorder](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html) .

For more information, see [Managing the Delivery Channel](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html) in the AWS Config Developer Guide.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDeliveryChannel := awscdk.Aws_config.NewCfnDeliveryChannel(this, jsii.String("MyCfnDeliveryChannel"), &CfnDeliveryChannelProps{
	S3BucketName: jsii.String("s3BucketName"),

	// the properties below are optional
	ConfigSnapshotDeliveryProperties: &ConfigSnapshotDeliveryPropertiesProperty{
		DeliveryFrequency: jsii.String("deliveryFrequency"),
	},
	Name: jsii.String("name"),
	S3KeyPrefix: jsii.String("s3KeyPrefix"),
	S3KmsKeyArn: jsii.String("s3KmsKeyArn"),
	SnsTopicArn: jsii.String("snsTopicArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html

func NewCfnDeliveryChannel

func NewCfnDeliveryChannel(scope constructs.Construct, id *string, props *CfnDeliveryChannelProps) CfnDeliveryChannel

type CfnDeliveryChannelProps

type CfnDeliveryChannelProps struct {
	// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
	//
	// If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the *AWS Config Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3bucketname
	//
	S3BucketName *string `field:"required" json:"s3BucketName" yaml:"s3BucketName"`
	// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties
	//
	ConfigSnapshotDeliveryProperties interface{} `field:"optional" json:"configSnapshotDeliveryProperties" yaml:"configSnapshotDeliveryProperties"`
	// A name for the delivery channel.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Updates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The prefix for the specified Amazon S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3keyprefix
	//
	S3KeyPrefix *string `field:"optional" json:"s3KeyPrefix" yaml:"s3KeyPrefix"`
	// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
	//
	// Must belong to the same Region as the destination S3 bucket.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3kmskeyarn
	//
	S3KmsKeyArn *string `field:"optional" json:"s3KmsKeyArn" yaml:"s3KmsKeyArn"`
	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
	//
	// If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the *AWS Config Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-snstopicarn
	//
	SnsTopicArn *string `field:"optional" json:"snsTopicArn" yaml:"snsTopicArn"`
}

Properties for defining a `CfnDeliveryChannel`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDeliveryChannelProps := &CfnDeliveryChannelProps{
	S3BucketName: jsii.String("s3BucketName"),

	// the properties below are optional
	ConfigSnapshotDeliveryProperties: &ConfigSnapshotDeliveryPropertiesProperty{
		DeliveryFrequency: jsii.String("deliveryFrequency"),
	},
	Name: jsii.String("name"),
	S3KeyPrefix: jsii.String("s3KeyPrefix"),
	S3KmsKeyArn: jsii.String("s3KmsKeyArn"),
	SnsTopicArn: jsii.String("snsTopicArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html

type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty

type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty struct {
	// The frequency with which AWS Config delivers configuration snapshots.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-deliverychannel-configsnapshotdeliveryproperties.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties-deliveryfrequency
	//
	DeliveryFrequency *string `field:"optional" json:"deliveryFrequency" yaml:"deliveryFrequency"`
}

Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.

> If you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot, see the following:

The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:

- The value for the `deliveryFrequency` parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules. - The value for the `MaximumExecutionFrequency` parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see [ConfigRule](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html) .

If the `deliveryFrequency` value is less frequent than the `MaximumExecutionFrequency` value for a rule, AWS Config invokes the rule only as often as the `deliveryFrequency` value.

- For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot. - You specify the `MaximumExecutionFrequency` value for `Six_Hours` . - You then specify the delivery channel `deliveryFrequency` value for `TwentyFour_Hours` . - Because the value for `deliveryFrequency` is less frequent than `MaximumExecutionFrequency` , AWS Config invokes evaluations for the rule every 24 hours.

You should set the `MaximumExecutionFrequency` value to be at least as frequent as the `deliveryFrequency` value. You can view the `deliveryFrequency` value by using the `DescribeDeliveryChannnels` action.

To update the `deliveryFrequency` with which AWS Config delivers your configuration snapshots, use the `PutDeliveryChannel` action.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

configSnapshotDeliveryPropertiesProperty := &ConfigSnapshotDeliveryPropertiesProperty{
	DeliveryFrequency: jsii.String("deliveryFrequency"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-deliverychannel-configsnapshotdeliveryproperties.html

type CfnOrganizationConfigRule

type CfnOrganizationConfigRule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// A comma-separated list of accounts excluded from organization AWS Config rule.
	ExcludedAccounts() *[]*string
	SetExcludedAccounts(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The name that you assign to organization AWS Config rule.
	OrganizationConfigRuleName() *string
	SetOrganizationConfigRuleName(val *string)
	// An object that specifies metadata for your organization's AWS Config Custom Policy rule.
	OrganizationCustomPolicyRuleMetadata() interface{}
	SetOrganizationCustomPolicyRuleMetadata(val interface{})
	// An `OrganizationCustomRuleMetadata` object.
	OrganizationCustomRuleMetadata() interface{}
	SetOrganizationCustomRuleMetadata(val interface{})
	// An `OrganizationManagedRuleMetadata` object.
	OrganizationManagedRuleMetadata() interface{}
	SetOrganizationManagedRuleMetadata(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Adds or updates an AWS Config rule for your entire organization to evaluate if your AWS resources comply with your desired configurations.

For information on how many organization AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .

Only a management account and a delegated administrator can create or update an organization AWS Config rule. When calling the `OrganizationConfigRule` resource with a delegated administrator, you must ensure AWS Organizations `ListDelegatedAdministrator` permissions are added. An organization can have up to 3 delegated administrators.

The `OrganizationConfigRule` resource enables organization service access through the `EnableAWSServiceAccess` action and creates a service-linked role `AWSServiceRoleForConfigMultiAccountSetup` in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. AWS Config verifies the existence of role with `GetRole` action.

To use the `OrganizationConfigRule` resource with delegated administrator, register a delegated administrator by calling AWS Organization `register-delegated-administrator` for `config-multiaccountsetup.amazonaws.com` .

There are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use `PutOrganizationConfigRule` to create both AWS Config Managed Rules and AWS Config Custom Rules.

AWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `RuleIdentifier` key.

AWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .

If you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function in the management account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed account that can be assumed by the Lambda function. When you use `PutOrganizationConfigRule` to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConfigRule := awscdk.Aws_config.NewCfnOrganizationConfigRule(this, jsii.String("MyCfnOrganizationConfigRule"), &CfnOrganizationConfigRuleProps{
	OrganizationConfigRuleName: jsii.String("organizationConfigRuleName"),

	// the properties below are optional
	ExcludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	OrganizationCustomPolicyRuleMetadata: &OrganizationCustomPolicyRuleMetadataProperty{
		PolicyText: jsii.String("policyText"),
		Runtime: jsii.String("runtime"),

		// the properties below are optional
		DebugLogDeliveryAccounts: []*string{
			jsii.String("debugLogDeliveryAccounts"),
		},
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		OrganizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
	OrganizationCustomRuleMetadata: &OrganizationCustomRuleMetadataProperty{
		LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
		OrganizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},

		// the properties below are optional
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
	OrganizationManagedRuleMetadata: &OrganizationManagedRuleMetadataProperty{
		RuleIdentifier: jsii.String("ruleIdentifier"),

		// the properties below are optional
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html

func NewCfnOrganizationConfigRule

func NewCfnOrganizationConfigRule(scope constructs.Construct, id *string, props *CfnOrganizationConfigRuleProps) CfnOrganizationConfigRule

type CfnOrganizationConfigRuleProps

type CfnOrganizationConfigRuleProps struct {
	// The name that you assign to organization AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationconfigrulename
	//
	OrganizationConfigRuleName *string `field:"required" json:"organizationConfigRuleName" yaml:"organizationConfigRuleName"`
	// A comma-separated list of accounts excluded from organization AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-excludedaccounts
	//
	ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
	// An object that specifies metadata for your organization's AWS Config Custom Policy rule.
	//
	// The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of AWS resource, and organization trigger types that initiate AWS Config to evaluate AWS resources against a rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata
	//
	OrganizationCustomPolicyRuleMetadata interface{} `field:"optional" json:"organizationCustomPolicyRuleMetadata" yaml:"organizationCustomPolicyRuleMetadata"`
	// An `OrganizationCustomRuleMetadata` object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata
	//
	OrganizationCustomRuleMetadata interface{} `field:"optional" json:"organizationCustomRuleMetadata" yaml:"organizationCustomRuleMetadata"`
	// An `OrganizationManagedRuleMetadata` object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata
	//
	OrganizationManagedRuleMetadata interface{} `field:"optional" json:"organizationManagedRuleMetadata" yaml:"organizationManagedRuleMetadata"`
}

Properties for defining a `CfnOrganizationConfigRule`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConfigRuleProps := &CfnOrganizationConfigRuleProps{
	OrganizationConfigRuleName: jsii.String("organizationConfigRuleName"),

	// the properties below are optional
	ExcludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	OrganizationCustomPolicyRuleMetadata: &OrganizationCustomPolicyRuleMetadataProperty{
		PolicyText: jsii.String("policyText"),
		Runtime: jsii.String("runtime"),

		// the properties below are optional
		DebugLogDeliveryAccounts: []*string{
			jsii.String("debugLogDeliveryAccounts"),
		},
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		OrganizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
	OrganizationCustomRuleMetadata: &OrganizationCustomRuleMetadataProperty{
		LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
		OrganizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},

		// the properties below are optional
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
	OrganizationManagedRuleMetadata: &OrganizationManagedRuleMetadataProperty{
		RuleIdentifier: jsii.String("ruleIdentifier"),

		// the properties below are optional
		Description: jsii.String("description"),
		InputParameters: jsii.String("inputParameters"),
		MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		ResourceIdScope: jsii.String("resourceIdScope"),
		ResourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		TagKeyScope: jsii.String("tagKeyScope"),
		TagValueScope: jsii.String("tagValueScope"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html

type CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty added in v2.70.0

type CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty struct {
	// The policy definition containing the logic for your organization AWS Config Custom Policy rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-policytext
	//
	PolicyText *string `field:"required" json:"policyText" yaml:"policyText"`
	// The runtime system for your organization AWS Config Custom Policy rules.
	//
	// Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-runtime
	//
	Runtime *string `field:"required" json:"runtime" yaml:"runtime"`
	// A list of accounts that you can enable debug logging for your organization AWS Config Custom Policy rule.
	//
	// List is null when debug logging is enabled for all accounts.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-debuglogdeliveryaccounts
	//
	DebugLogDeliveryAccounts *[]*string `field:"optional" json:"debugLogDeliveryAccounts" yaml:"debugLogDeliveryAccounts"`
	// The description that you provide for your organization AWS Config Custom Policy rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to your organization AWS Config Custom Policy rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-inputparameters
	//
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// Your AWS Config Custom Policy rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-maximumexecutionfrequency
	//
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// The type of notification that initiates AWS Config to run an evaluation for a rule.
	//
	// For AWS Config Custom Policy rules, AWS Config supports change-initiated notification types:
	//
	// - `ConfigurationItemChangeNotification` - Initiates an evaluation when AWS Config delivers a configuration item as a result of a resource change.
	// - `OversizedConfigurationItemChangeNotification` - Initiates an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-organizationconfigruletriggertypes
	//
	OrganizationConfigRuleTriggerTypes *[]*string `field:"optional" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
	// The ID of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourceidscope
	//
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// The type of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourcetypesscope
	//
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// One part of a key-value pair that make up a tag.
	//
	// A key is a general label that acts like a category for more specific tag values.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagkeyscope
	//
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// The optional part of a key-value pair that make up a tag.
	//
	// A value acts as a descriptor within a tag category (key).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagvaluescope
	//
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

An object that specifies metadata for your organization's AWS Config Custom Policy rule.

The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of AWS resource, and organization trigger types that initiate AWS Config to evaluate AWS resources against a rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationCustomPolicyRuleMetadataProperty := &OrganizationCustomPolicyRuleMetadataProperty{
	PolicyText: jsii.String("policyText"),
	Runtime: jsii.String("runtime"),

	// the properties below are optional
	DebugLogDeliveryAccounts: []*string{
		jsii.String("debugLogDeliveryAccounts"),
	},
	Description: jsii.String("description"),
	InputParameters: jsii.String("inputParameters"),
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	OrganizationConfigRuleTriggerTypes: []*string{
		jsii.String("organizationConfigRuleTriggerTypes"),
	},
	ResourceIdScope: jsii.String("resourceIdScope"),
	ResourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	TagKeyScope: jsii.String("tagKeyScope"),
	TagValueScope: jsii.String("tagValueScope"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html

type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty

type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty struct {
	// The lambda function ARN.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-lambdafunctionarn
	//
	LambdaFunctionArn *string `field:"required" json:"lambdaFunctionArn" yaml:"lambdaFunctionArn"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule.
	//
	// You can specify the following notification types:
	//
	// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
	// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
	// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-organizationconfigruletriggertypes
	//
	OrganizationConfigRuleTriggerTypes *[]*string `field:"required" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
	// The description that you provide for your organization AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-inputparameters
	//
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-maximumexecutionfrequency
	//
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// The ID of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourceidscope
	//
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// The type of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourcetypesscope
	//
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// One part of a key-value pair that make up a tag.
	//
	// A key is a general label that acts like a category for more specific tag values.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagkeyscope
	//
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// The optional part of a key-value pair that make up a tag.
	//
	// A value acts as a descriptor within a tag category (key).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagvaluescope
	//
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationCustomRuleMetadataProperty := &OrganizationCustomRuleMetadataProperty{
	LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
	OrganizationConfigRuleTriggerTypes: []*string{
		jsii.String("organizationConfigRuleTriggerTypes"),
	},

	// the properties below are optional
	Description: jsii.String("description"),
	InputParameters: jsii.String("inputParameters"),
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	ResourceIdScope: jsii.String("resourceIdScope"),
	ResourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	TagKeyScope: jsii.String("tagKeyScope"),
	TagValueScope: jsii.String("tagValueScope"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html

type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty

type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty struct {
	// For organization config managed rules, a predefined identifier from a list.
	//
	// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [Using AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-ruleidentifier
	//
	RuleIdentifier *string `field:"required" json:"ruleIdentifier" yaml:"ruleIdentifier"`
	// The description that you provide for your organization AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-inputparameters
	//
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// This is for an AWS Config managed rule that is triggered at a periodic frequency.
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-maximumexecutionfrequency
	//
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// The ID of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourceidscope
	//
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// The type of the AWS resource that was evaluated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourcetypesscope
	//
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// One part of a key-value pair that make up a tag.
	//
	// A key is a general label that acts like a category for more specific tag values.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagkeyscope
	//
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// The optional part of a key-value pair that make up a tag.
	//
	// A value acts as a descriptor within a tag category (key).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagvaluescope
	//
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationManagedRuleMetadataProperty := &OrganizationManagedRuleMetadataProperty{
	RuleIdentifier: jsii.String("ruleIdentifier"),

	// the properties below are optional
	Description: jsii.String("description"),
	InputParameters: jsii.String("inputParameters"),
	MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	ResourceIdScope: jsii.String("resourceIdScope"),
	ResourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	TagKeyScope: jsii.String("tagKeyScope"),
	TagValueScope: jsii.String("tagValueScope"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html

type CfnOrganizationConformancePack

type CfnOrganizationConformancePack interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// A list of `ConformancePackInputParameter` objects.
	ConformancePackInputParameters() interface{}
	SetConformancePackInputParameters(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	DeliveryS3Bucket() *string
	SetDeliveryS3Bucket(val *string)
	// Any folder structure you want to add to an Amazon S3 bucket.
	DeliveryS3KeyPrefix() *string
	SetDeliveryS3KeyPrefix(val *string)
	// A comma-separated list of accounts excluded from organization conformance pack.
	ExcludedAccounts() *[]*string
	SetExcludedAccounts(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The name you assign to an organization conformance pack.
	OrganizationConformancePackName() *string
	SetOrganizationConformancePackName(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// A string containing full conformance pack template body.
	TemplateBody() *string
	SetTemplateBody(val *string)
	// Location of file containing the template body.
	TemplateS3Uri() *string
	SetTemplateS3Uri(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations .

OrganizationConformancePack enables organization service access for `config-multiaccountsetup.amazonaws.com` through the `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConformancePack := awscdk.Aws_config.NewCfnOrganizationConformancePack(this, jsii.String("MyCfnOrganizationConformancePack"), &CfnOrganizationConformancePackProps{
	OrganizationConformancePackName: jsii.String("organizationConformancePackName"),

	// the properties below are optional
	ConformancePackInputParameters: []interface{}{
		&ConformancePackInputParameterProperty{
			ParameterName: jsii.String("parameterName"),
			ParameterValue: jsii.String("parameterValue"),
		},
	},
	DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	ExcludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	TemplateBody: jsii.String("templateBody"),
	TemplateS3Uri: jsii.String("templateS3Uri"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html

func NewCfnOrganizationConformancePack

func NewCfnOrganizationConformancePack(scope constructs.Construct, id *string, props *CfnOrganizationConformancePackProps) CfnOrganizationConformancePack

type CfnOrganizationConformancePackProps

type CfnOrganizationConformancePackProps struct {
	// The name you assign to an organization conformance pack.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-organizationconformancepackname
	//
	OrganizationConformancePackName *string `field:"required" json:"organizationConformancePackName" yaml:"organizationConformancePackName"`
	// A list of `ConformancePackInputParameter` objects.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-conformancepackinputparameters
	//
	ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	//
	// > This field is optional.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3bucket
	//
	DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
	// Any folder structure you want to add to an Amazon S3 bucket.
	//
	// > This field is optional.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3keyprefix
	//
	DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
	// A comma-separated list of accounts excluded from organization conformance pack.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-excludedaccounts
	//
	ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templatebody
	//
	TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
	// Location of file containing the template body.
	//
	// The uri must point to the conformance pack template (max size: 300 KB).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templates3uri
	//
	TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
}

Properties for defining a `CfnOrganizationConformancePack`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConformancePackProps := &CfnOrganizationConformancePackProps{
	OrganizationConformancePackName: jsii.String("organizationConformancePackName"),

	// the properties below are optional
	ConformancePackInputParameters: []interface{}{
		&ConformancePackInputParameterProperty{
			ParameterName: jsii.String("parameterName"),
			ParameterValue: jsii.String("parameterValue"),
		},
	},
	DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	ExcludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	TemplateBody: jsii.String("templateBody"),
	TemplateS3Uri: jsii.String("templateS3Uri"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html

type CfnOrganizationConformancePack_ConformancePackInputParameterProperty

type CfnOrganizationConformancePack_ConformancePackInputParameterProperty struct {
	// One part of a key-value pair.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametername
	//
	ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
	// One part of a key-value pair.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametervalue
	//
	ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}

Input parameters in the form of key-value pairs for the conformance pack, both of which you define.

Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

conformancePackInputParameterProperty := &ConformancePackInputParameterProperty{
	ParameterName: jsii.String("parameterName"),
	ParameterValue: jsii.String("parameterValue"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html

type CfnRemediationConfiguration

type CfnRemediationConfiguration interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrId() *string
	// The remediation is triggered automatically.
	Automatic() interface{}
	SetAutomatic(val interface{})
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The name of the AWS Config rule.
	ConfigRuleName() *string
	SetConfigRuleName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// An ExecutionControls object.
	ExecutionControls() interface{}
	SetExecutionControls(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The maximum number of failed attempts for auto-remediation.
	//
	// If you do not select a number, the default is 5.
	MaximumAutomaticAttempts() *float64
	SetMaximumAutomaticAttempts(val *float64)
	// The tree node.
	Node() constructs.Node
	// An object of the RemediationParameterValue.
	//
	// For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) .
	Parameters() interface{}
	SetParameters(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The type of a resource.
	ResourceType() *string
	SetResourceType(val *string)
	// Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts.
	RetryAttemptSeconds() *float64
	SetRetryAttemptSeconds(val *float64)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Target ID is the name of the SSM document.
	TargetId() *string
	SetTargetId(val *string)
	// The type of the target.
	TargetType() *string
	SetTargetType(val *string)
	// Version of the target.
	//
	// For example, version of the SSM document.
	TargetVersion() *string
	SetTargetVersion(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var parameters interface{}

cfnRemediationConfiguration := awscdk.Aws_config.NewCfnRemediationConfiguration(this, jsii.String("MyCfnRemediationConfiguration"), &CfnRemediationConfigurationProps{
	ConfigRuleName: jsii.String("configRuleName"),
	TargetId: jsii.String("targetId"),
	TargetType: jsii.String("targetType"),

	// the properties below are optional
	Automatic: jsii.Boolean(false),
	ExecutionControls: &ExecutionControlsProperty{
		SsmControls: &SsmControlsProperty{
			ConcurrentExecutionRatePercentage: jsii.Number(123),
			ErrorPercentage: jsii.Number(123),
		},
	},
	MaximumAutomaticAttempts: jsii.Number(123),
	Parameters: parameters,
	ResourceType: jsii.String("resourceType"),
	RetryAttemptSeconds: jsii.Number(123),
	TargetVersion: jsii.String("targetVersion"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html

func NewCfnRemediationConfiguration

func NewCfnRemediationConfiguration(scope constructs.Construct, id *string, props *CfnRemediationConfigurationProps) CfnRemediationConfiguration

type CfnRemediationConfigurationProps

type CfnRemediationConfigurationProps struct {
	// The name of the AWS Config rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-configrulename
	//
	ConfigRuleName *string `field:"required" json:"configRuleName" yaml:"configRuleName"`
	// Target ID is the name of the SSM document.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetid
	//
	TargetId *string `field:"required" json:"targetId" yaml:"targetId"`
	// The type of the target.
	//
	// Target executes remediation. For example, SSM document.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targettype
	//
	TargetType *string `field:"required" json:"targetType" yaml:"targetType"`
	// The remediation is triggered automatically.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-automatic
	//
	Automatic interface{} `field:"optional" json:"automatic" yaml:"automatic"`
	// An ExecutionControls object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-executioncontrols
	//
	ExecutionControls interface{} `field:"optional" json:"executionControls" yaml:"executionControls"`
	// The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
	//
	// For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-maximumautomaticattempts
	//
	MaximumAutomaticAttempts *float64 `field:"optional" json:"maximumAutomaticAttempts" yaml:"maximumAutomaticAttempts"`
	// An object of the RemediationParameterValue. For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) .
	//
	// > The type is a map of strings to RemediationParameterValue.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-parameters
	//
	Parameters interface{} `field:"optional" json:"parameters" yaml:"parameters"`
	// The type of a resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-resourcetype
	//
	ResourceType *string `field:"optional" json:"resourceType" yaml:"resourceType"`
	// Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts.
	//
	// If `MaximumAutomaticAttempts` remediation attempts have been made under `RetryAttemptSeconds` , a remediation exception will be added to the resource. If you do not select a number, the default is 60 seconds.
	//
	// For example, if you specify `RetryAttemptSeconds` as 50 seconds and `MaximumAutomaticAttempts` as 5, AWS Config will run auto-remediations 5 times within 50 seconds before adding a remediation exception to the resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-retryattemptseconds
	//
	RetryAttemptSeconds *float64 `field:"optional" json:"retryAttemptSeconds" yaml:"retryAttemptSeconds"`
	// Version of the target. For example, version of the SSM document.
	//
	// > If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetversion
	//
	TargetVersion *string `field:"optional" json:"targetVersion" yaml:"targetVersion"`
}

Properties for defining a `CfnRemediationConfiguration`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var parameters interface{}

cfnRemediationConfigurationProps := &CfnRemediationConfigurationProps{
	ConfigRuleName: jsii.String("configRuleName"),
	TargetId: jsii.String("targetId"),
	TargetType: jsii.String("targetType"),

	// the properties below are optional
	Automatic: jsii.Boolean(false),
	ExecutionControls: &ExecutionControlsProperty{
		SsmControls: &SsmControlsProperty{
			ConcurrentExecutionRatePercentage: jsii.Number(123),
			ErrorPercentage: jsii.Number(123),
		},
	},
	MaximumAutomaticAttempts: jsii.Number(123),
	Parameters: parameters,
	ResourceType: jsii.String("resourceType"),
	RetryAttemptSeconds: jsii.Number(123),
	TargetVersion: jsii.String("targetVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html

type CfnRemediationConfiguration_ExecutionControlsProperty

type CfnRemediationConfiguration_ExecutionControlsProperty struct {
	// A SsmControls object.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-executioncontrols.html#cfn-config-remediationconfiguration-executioncontrols-ssmcontrols
	//
	SsmControls interface{} `field:"optional" json:"ssmControls" yaml:"ssmControls"`
}

An ExecutionControls object.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

executionControlsProperty := &ExecutionControlsProperty{
	SsmControls: &SsmControlsProperty{
		ConcurrentExecutionRatePercentage: jsii.Number(123),
		ErrorPercentage: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-executioncontrols.html

type CfnRemediationConfiguration_RemediationParameterValueProperty

type CfnRemediationConfiguration_RemediationParameterValueProperty struct {
	// The value is dynamic and changes at run-time.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-resourcevalue
	//
	ResourceValue interface{} `field:"optional" json:"resourceValue" yaml:"resourceValue"`
	// The value is static and does not change at run-time.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-staticvalue
	//
	StaticValue interface{} `field:"optional" json:"staticValue" yaml:"staticValue"`
}

The value is either a dynamic (resource) value or a static value.

You must select either a dynamic value or a static value.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

remediationParameterValueProperty := &RemediationParameterValueProperty{
	ResourceValue: &ResourceValueProperty{
		Value: jsii.String("value"),
	},
	StaticValue: &StaticValueProperty{
		Value: []*string{
			jsii.String("value"),
		},
		Values: []*string{
			jsii.String("values"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html

type CfnRemediationConfiguration_ResourceValueProperty

type CfnRemediationConfiguration_ResourceValueProperty struct {
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-resourcevalue.html#cfn-config-remediationconfiguration-resourcevalue-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

resourceValueProperty := &ResourceValueProperty{
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-resourcevalue.html

type CfnRemediationConfiguration_SsmControlsProperty

type CfnRemediationConfiguration_SsmControlsProperty struct {
	// The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule.
	//
	// You can specify a percentage, such as 10%. The default value is 10.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-concurrentexecutionratepercentage
	//
	ConcurrentExecutionRatePercentage *float64 `field:"optional" json:"concurrentExecutionRatePercentage" yaml:"concurrentExecutionRatePercentage"`
	// The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule.
	//
	// You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-errorpercentage
	//
	ErrorPercentage *float64 `field:"optional" json:"errorPercentage" yaml:"errorPercentage"`
}

AWS Systems Manager (SSM) specific remediation controls.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ssmControlsProperty := &SsmControlsProperty{
	ConcurrentExecutionRatePercentage: jsii.Number(123),
	ErrorPercentage: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html

type CfnRemediationConfiguration_StaticValueProperty

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

staticValueProperty := &StaticValueProperty{
	Value: []*string{
		jsii.String("value"),
	},
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-staticvalue.html

type CfnStoredQuery

type CfnStoredQuery interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// Amazon Resource Name (ARN) of the query.
	//
	// For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
	AttrQueryArn() *string
	// The ID of the query.
	AttrQueryId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// A unique description for the query.
	QueryDescription() *string
	SetQueryDescription(val *string)
	// The expression of the query.
	QueryExpression() *string
	SetQueryExpression(val *string)
	// The name of the query.
	QueryName() *string
	SetQueryName(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An array of key-value pairs to apply to this resource.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Provides the details of a stored query.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStoredQuery := awscdk.Aws_config.NewCfnStoredQuery(this, jsii.String("MyCfnStoredQuery"), &CfnStoredQueryProps{
	QueryExpression: jsii.String("queryExpression"),
	QueryName: jsii.String("queryName"),

	// the properties below are optional
	QueryDescription: jsii.String("queryDescription"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html

func NewCfnStoredQuery

func NewCfnStoredQuery(scope constructs.Construct, id *string, props *CfnStoredQueryProps) CfnStoredQuery

type CfnStoredQueryProps

type CfnStoredQueryProps struct {
	// The expression of the query.
	//
	// For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryexpression
	//
	QueryExpression *string `field:"required" json:"queryExpression" yaml:"queryExpression"`
	// The name of the query.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryname
	//
	QueryName *string `field:"required" json:"queryName" yaml:"queryName"`
	// A unique description for the query.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-querydescription
	//
	QueryDescription *string `field:"optional" json:"queryDescription" yaml:"queryDescription"`
	// An array of key-value pairs to apply to this resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnStoredQuery`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStoredQueryProps := &CfnStoredQueryProps{
	QueryExpression: jsii.String("queryExpression"),
	QueryName: jsii.String("queryName"),

	// the properties below are optional
	QueryDescription: jsii.String("queryDescription"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html

type CloudFormationStackDriftDetectionCheck

type CloudFormationStackDriftDetectionCheck interface {
	ManagedRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.

Example:

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &OnEventOptions{
	Target: targets.NewSnsTopic(complianceTopic),
})

See: https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html

func NewCloudFormationStackDriftDetectionCheck

func NewCloudFormationStackDriftDetectionCheck(scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps) CloudFormationStackDriftDetectionCheck

type CloudFormationStackDriftDetectionCheckProps

type CloudFormationStackDriftDetectionCheckProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// Whether to check only the stack where this rule is deployed.
	// Default: false.
	//
	OwnStackOnly *bool `field:"optional" json:"ownStackOnly" yaml:"ownStackOnly"`
	// The IAM role to use for this rule.
	//
	// It must have permissions to detect drift
	// for AWS CloudFormation stacks. Ensure to attach `config.amazonaws.com` trusted
	// permissions and `ReadOnlyAccess` policy permissions. For specific policy permissions,
	// refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.
	// Default: - A role will be created.
	//
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
}

Construction properties for a CloudFormationStackDriftDetectionCheck.

Example:

// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &CloudFormationStackDriftDetectionCheckProps{
	OwnStackOnly: jsii.Boolean(true),
})

type CloudFormationStackNotificationCheck

type CloudFormationStackNotificationCheck interface {
	ManagedRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.

Optionally checks whether specified SNS topics are used.

Example:

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
	Topics: []iTopic{
		topic1,
		topic2,
	},
})

See: https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html

func NewCloudFormationStackNotificationCheck

func NewCloudFormationStackNotificationCheck(scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps) CloudFormationStackNotificationCheck

type CloudFormationStackNotificationCheckProps

type CloudFormationStackNotificationCheckProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// A list of allowed topics.
	//
	// At most 5 topics.
	// Default: - No topics.
	//
	Topics *[]awssns.ITopic `field:"optional" json:"topics" yaml:"topics"`
}

Construction properties for a CloudFormationStackNotificationCheck.

Example:

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
	Topics: []iTopic{
		topic1,
		topic2,
	},
})

type CustomPolicy added in v2.47.0

type CustomPolicy interface {
	awscdk.Resource
	IRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

A new custom policy.

Example:

samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']

rule tableisactive when
    resourceType == "AWS::DynamoDB::Table" {
    configuration.tableStatus == %status
}

rule checkcompliance when
    resourceType == "AWS::DynamoDB::Table"
    tableisactive {
        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
        %pitr == "ENABLED"
}
`

config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
	PolicyText: samplePolicyText,
	EnableDebugLog: jsii.Boolean(true),
	RuleScope: config.RuleScope_FromResources([]resourceType{
		config.*resourceType_DYNAMODB_TABLE(),
	}),
})

func NewCustomPolicy added in v2.47.0

func NewCustomPolicy(scope constructs.Construct, id *string, props *CustomPolicyProps) CustomPolicy

type CustomPolicyProps added in v2.47.0

type CustomPolicyProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The policy definition containing the logic for your AWS Config Custom Policy rule.
	PolicyText *string `field:"required" json:"policyText" yaml:"policyText"`
	// The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
	// Default: false.
	//
	EnableDebugLog *bool `field:"optional" json:"enableDebugLog" yaml:"enableDebugLog"`
}

Construction properties for a CustomPolicy.

Example:

samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']

rule tableisactive when
    resourceType == "AWS::DynamoDB::Table" {
    configuration.tableStatus == %status
}

rule checkcompliance when
    resourceType == "AWS::DynamoDB::Table"
    tableisactive {
        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
        %pitr == "ENABLED"
}
`

config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
	PolicyText: samplePolicyText,
	EnableDebugLog: jsii.Boolean(true),
	RuleScope: config.RuleScope_FromResources([]resourceType{
		config.*resourceType_DYNAMODB_TABLE(),
	}),
})

type CustomRule

type CustomRule interface {
	awscdk.Resource
	IRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

A new custom rule.

Example:

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})

func NewCustomRule

func NewCustomRule(scope constructs.Construct, id *string, props *CustomRuleProps) CustomRule

type CustomRuleProps

type CustomRuleProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The Lambda function to run.
	LambdaFunction awslambda.IFunction `field:"required" json:"lambdaFunction" yaml:"lambdaFunction"`
	// Whether to run the rule on configuration changes.
	// Default: false.
	//
	ConfigurationChanges *bool `field:"optional" json:"configurationChanges" yaml:"configurationChanges"`
	// Whether to run the rule on a fixed frequency.
	// Default: false.
	//
	Periodic *bool `field:"optional" json:"periodic" yaml:"periodic"`
}

Construction properties for a CustomRule.

Example:

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})

type IRule

type IRule interface {
	awscdk.IResource
	// Defines a EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines a EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// The name of the rule.
	ConfigRuleName() *string
}

Interface representing an AWS Config rule.

func AccessKeysRotated_FromConfigRuleName

func AccessKeysRotated_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

func CloudFormationStackDriftDetectionCheck_FromConfigRuleName

func CloudFormationStackDriftDetectionCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

func CloudFormationStackNotificationCheck_FromConfigRuleName

func CloudFormationStackNotificationCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

func CustomPolicy_FromConfigRuleName added in v2.47.0

func CustomPolicy_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

func CustomRule_FromConfigRuleName

func CustomRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

func ManagedRule_FromConfigRuleName

func ManagedRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule.

type ManagedRule

type ManagedRule interface {
	awscdk.Resource
	IRule
	// The arn of the rule.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	ConfigRuleId() *string
	// The name of the rule.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	IsCustomWithChanges() *bool
	SetIsCustomWithChanges(val *bool)
	IsManaged() *bool
	SetIsManaged(val *bool)
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	RuleScope() RuleScope
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Returns a string representation of this construct.
	ToString() *string
}

A new managed rule.

Example:

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	InputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})

func NewManagedRule

func NewManagedRule(scope constructs.Construct, id *string, props *ManagedRuleProps) ManagedRule

type ManagedRuleIdentifiers

type ManagedRuleIdentifiers interface {
}

Managed rules that are supported by AWS Config.

Example:

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	InputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})

See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html

type ManagedRuleProps

type ManagedRuleProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The identifier of the AWS managed rule.
	// See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
	//
	Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
}

Construction properties for a ManagedRule.

Example:

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	InputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})

type MaximumExecutionFrequency

type MaximumExecutionFrequency string

The maximum frequency at which the AWS Config rule runs evaluations.

Example:

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
	Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	InputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})
const (
	// 1 hour.
	MaximumExecutionFrequency_ONE_HOUR MaximumExecutionFrequency = "ONE_HOUR"
	// 3 hours.
	MaximumExecutionFrequency_THREE_HOURS MaximumExecutionFrequency = "THREE_HOURS"
	// 6 hours.
	MaximumExecutionFrequency_SIX_HOURS MaximumExecutionFrequency = "SIX_HOURS"
	// 12 hours.
	MaximumExecutionFrequency_TWELVE_HOURS MaximumExecutionFrequency = "TWELVE_HOURS"
	// 24 hours.
	MaximumExecutionFrequency_TWENTY_FOUR_HOURS MaximumExecutionFrequency = "TWENTY_FOUR_HOURS"
)

type ResourceType

type ResourceType interface {
	// Valid value of resource type.
	ComplianceResourceType() *string
}

Resources types that are supported by AWS Config.

Example:

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})

See: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html

func ResourceType_ACM_CERTIFICATE

func ResourceType_ACM_CERTIFICATE() ResourceType

func ResourceType_AMAZON_MQ_BROKER added in v2.63.0

func ResourceType_AMAZON_MQ_BROKER() ResourceType

func ResourceType_APIGATEWAYV2_API

func ResourceType_APIGATEWAYV2_API() ResourceType

func ResourceType_APIGATEWAYV2_STAGE

func ResourceType_APIGATEWAYV2_STAGE() ResourceType

func ResourceType_APIGATEWAY_REST_API

func ResourceType_APIGATEWAY_REST_API() ResourceType

func ResourceType_APIGATEWAY_STAGE

func ResourceType_APIGATEWAY_STAGE() ResourceType

func ResourceType_APPCONFIG_APPLICATION added in v2.46.0

func ResourceType_APPCONFIG_APPLICATION() ResourceType

func ResourceType_APPCONFIG_CONFIGURATION_PROFILE added in v2.63.0

func ResourceType_APPCONFIG_CONFIGURATION_PROFILE() ResourceType

func ResourceType_APPCONFIG_ENVIRONMENT added in v2.63.0

func ResourceType_APPCONFIG_ENVIRONMENT() ResourceType

func ResourceType_APPSYNC_GRAPHQL_API added in v2.46.0

func ResourceType_APPSYNC_GRAPHQL_API() ResourceType

func ResourceType_AUTO_SCALING_GROUP

func ResourceType_AUTO_SCALING_GROUP() ResourceType

func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION

func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION() ResourceType

func ResourceType_AUTO_SCALING_POLICY

func ResourceType_AUTO_SCALING_POLICY() ResourceType

func ResourceType_AUTO_SCALING_SCHEDULED_ACTION

func ResourceType_AUTO_SCALING_SCHEDULED_ACTION() ResourceType

func ResourceType_BACKUP_BACKUP_PLAN added in v2.37.0

func ResourceType_BACKUP_BACKUP_PLAN() ResourceType

func ResourceType_BACKUP_BACKUP_SELECTION added in v2.37.0

func ResourceType_BACKUP_BACKUP_SELECTION() ResourceType

func ResourceType_BACKUP_BACKUP_VAULT added in v2.37.0

func ResourceType_BACKUP_BACKUP_VAULT() ResourceType

func ResourceType_BACKUP_RECOVERY_POINT added in v2.37.0

func ResourceType_BACKUP_RECOVERY_POINT() ResourceType

func ResourceType_BACKUP_REPORT_PLAN added in v2.60.0

func ResourceType_BACKUP_REPORT_PLAN() ResourceType

func ResourceType_BATCH_COMPUTE_ENVIRONMENT added in v2.37.0

func ResourceType_BATCH_COMPUTE_ENVIRONMENT() ResourceType

func ResourceType_BATCH_JOB_QUEUE added in v2.37.0

func ResourceType_BATCH_JOB_QUEUE() ResourceType

func ResourceType_CLOUD9_ENVIRONMENT_EC2 added in v2.63.0

func ResourceType_CLOUD9_ENVIRONMENT_EC2() ResourceType

func ResourceType_CLOUDFORMATION_STACK

func ResourceType_CLOUDFORMATION_STACK() ResourceType

func ResourceType_CLOUDFRONT_DISTRIBUTION

func ResourceType_CLOUDFRONT_DISTRIBUTION() ResourceType

func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION

func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION() ResourceType

func ResourceType_CLOUDTRAIL_TRAIL

func ResourceType_CLOUDTRAIL_TRAIL() ResourceType

func ResourceType_CLOUDWATCH_ALARM

func ResourceType_CLOUDWATCH_ALARM() ResourceType

func ResourceType_CLOUDWATCH_RUM_APP_MONITOR added in v2.60.0

func ResourceType_CLOUDWATCH_RUM_APP_MONITOR() ResourceType

func ResourceType_CODEBUILD_PROJECT

func ResourceType_CODEBUILD_PROJECT() ResourceType

func ResourceType_CODEDEPLOY_APPLICATION added in v2.37.0

func ResourceType_CODEDEPLOY_APPLICATION() ResourceType

func ResourceType_CODEDEPLOY_DEPLOYMENT_CONFIG added in v2.37.0

func ResourceType_CODEDEPLOY_DEPLOYMENT_CONFIG() ResourceType

func ResourceType_CODEDEPLOY_DEPLOYMENT_GROUP added in v2.37.0

func ResourceType_CODEDEPLOY_DEPLOYMENT_GROUP() ResourceType

func ResourceType_CODEPIPELINE_PIPELINE

func ResourceType_CODEPIPELINE_PIPELINE() ResourceType

func ResourceType_CONFIG_CONFORMANCE_PACK_COMPLIANCE added in v2.37.0

func ResourceType_CONFIG_CONFORMANCE_PACK_COMPLIANCE() ResourceType

func ResourceType_CONFIG_RESOURCE_COMPLIANCE added in v2.37.0

func ResourceType_CONFIG_RESOURCE_COMPLIANCE() ResourceType

func ResourceType_DATASYNC_LOCATION_EFS added in v2.46.0

func ResourceType_DATASYNC_LOCATION_EFS() ResourceType

func ResourceType_DATASYNC_LOCATION_FSX_LUSTRE added in v2.46.0

func ResourceType_DATASYNC_LOCATION_FSX_LUSTRE() ResourceType

func ResourceType_DATASYNC_LOCATION_FSX_WINDOWS added in v2.60.0

func ResourceType_DATASYNC_LOCATION_FSX_WINDOWS() ResourceType

func ResourceType_DATASYNC_LOCATION_HDFS added in v2.51.0

func ResourceType_DATASYNC_LOCATION_HDFS() ResourceType

func ResourceType_DATASYNC_LOCATION_NFS added in v2.46.0

func ResourceType_DATASYNC_LOCATION_NFS() ResourceType

func ResourceType_DATASYNC_LOCATION_OBJECT_STORAGE added in v2.51.0

func ResourceType_DATASYNC_LOCATION_OBJECT_STORAGE() ResourceType

func ResourceType_DATASYNC_LOCATION_S3 added in v2.46.0

func ResourceType_DATASYNC_LOCATION_S3() ResourceType

func ResourceType_DATASYNC_LOCATION_SMB added in v2.46.0

func ResourceType_DATASYNC_LOCATION_SMB() ResourceType

func ResourceType_DATASYNC_TASK added in v2.46.0

func ResourceType_DATASYNC_TASK() ResourceType

func ResourceType_DMS_EVENT_SUBSCRIPTION added in v2.37.0

func ResourceType_DMS_EVENT_SUBSCRIPTION() ResourceType

func ResourceType_DMS_REPLICATION_SUBNET_GROUP added in v2.37.0

func ResourceType_DMS_REPLICATION_SUBNET_GROUP() ResourceType

func ResourceType_DYNAMODB_TABLE

func ResourceType_DYNAMODB_TABLE() ResourceType

func ResourceType_EBS_VOLUME

func ResourceType_EBS_VOLUME() ResourceType

func ResourceType_EC2_CUSTOMER_GATEWAY

func ResourceType_EC2_CUSTOMER_GATEWAY() ResourceType

func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY

func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY() ResourceType

func ResourceType_EC2_EIP

func ResourceType_EC2_EIP() ResourceType

func ResourceType_EC2_FLOW_LOG

func ResourceType_EC2_FLOW_LOG() ResourceType

func ResourceType_EC2_HOST

func ResourceType_EC2_HOST() ResourceType

func ResourceType_EC2_INSTANCE

func ResourceType_EC2_INSTANCE() ResourceType

func ResourceType_EC2_INTERNET_GATEWAY

func ResourceType_EC2_INTERNET_GATEWAY() ResourceType

func ResourceType_EC2_LAUNCH_TEMPLATE added in v2.37.0

func ResourceType_EC2_LAUNCH_TEMPLATE() ResourceType

func ResourceType_EC2_NAT_GATEWAY

func ResourceType_EC2_NAT_GATEWAY() ResourceType

func ResourceType_EC2_NETWORK_ACL

func ResourceType_EC2_NETWORK_ACL() ResourceType

func ResourceType_EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS added in v2.46.0

func ResourceType_EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS() ResourceType

func ResourceType_EC2_NETWORK_INTERFACE added in v2.37.0

func ResourceType_EC2_NETWORK_INTERFACE() ResourceType

func ResourceType_EC2_REGISTERED_HA_INSTANCE added in v2.37.0

func ResourceType_EC2_REGISTERED_HA_INSTANCE() ResourceType

func ResourceType_EC2_ROUTE_TABLE

func ResourceType_EC2_ROUTE_TABLE() ResourceType

func ResourceType_EC2_SECURITY_GROUP

func ResourceType_EC2_SECURITY_GROUP() ResourceType

func ResourceType_EC2_SUBNET

func ResourceType_EC2_SUBNET() ResourceType

func ResourceType_EC2_TRANSIT_GATEWAY added in v2.37.0

func ResourceType_EC2_TRANSIT_GATEWAY() ResourceType

func ResourceType_EC2_TRANSIT_GATEWAY_ATTACHMENT added in v2.37.0

func ResourceType_EC2_TRANSIT_GATEWAY_ATTACHMENT() ResourceType

func ResourceType_EC2_TRANSIT_GATEWAY_ROUTE_TABLE added in v2.37.0

func ResourceType_EC2_TRANSIT_GATEWAY_ROUTE_TABLE() ResourceType

func ResourceType_EC2_VPC

func ResourceType_EC2_VPC() ResourceType

func ResourceType_EC2_VPC_ENDPOINT

func ResourceType_EC2_VPC_ENDPOINT() ResourceType

func ResourceType_EC2_VPC_ENDPOINT_SERVICE

func ResourceType_EC2_VPC_ENDPOINT_SERVICE() ResourceType

func ResourceType_EC2_VPC_PEERING_CONNECTION

func ResourceType_EC2_VPC_PEERING_CONNECTION() ResourceType

func ResourceType_EC2_VPN_CONNECTION

func ResourceType_EC2_VPN_CONNECTION() ResourceType

func ResourceType_EC2_VPN_GATEWAY

func ResourceType_EC2_VPN_GATEWAY() ResourceType

func ResourceType_ECR_PUBLIC_REPOSITORY added in v2.37.0

func ResourceType_ECR_PUBLIC_REPOSITORY() ResourceType

func ResourceType_ECR_REGISTRY_POLICY added in v2.51.0

func ResourceType_ECR_REGISTRY_POLICY() ResourceType

func ResourceType_ECR_REPOSITORY added in v2.37.0

func ResourceType_ECR_REPOSITORY() ResourceType

func ResourceType_ECS_CLUSTER added in v2.37.0

func ResourceType_ECS_CLUSTER() ResourceType

func ResourceType_ECS_SERVICE added in v2.37.0

func ResourceType_ECS_SERVICE() ResourceType

func ResourceType_ECS_TASK_DEFINITION added in v2.37.0

func ResourceType_ECS_TASK_DEFINITION() ResourceType

func ResourceType_EFS_ACCESS_POINT added in v2.37.0

func ResourceType_EFS_ACCESS_POINT() ResourceType

func ResourceType_EFS_FILE_SYSTEM added in v2.37.0

func ResourceType_EFS_FILE_SYSTEM() ResourceType

func ResourceType_EKS_ADDON added in v2.68.0

func ResourceType_EKS_ADDON() ResourceType

func ResourceType_EKS_CLUSTER added in v2.35.0

func ResourceType_EKS_CLUSTER() ResourceType

func ResourceType_EKS_IDENTITY_PROVIDER_CONFIG added in v2.68.0

func ResourceType_EKS_IDENTITY_PROVIDER_CONFIG() ResourceType

func ResourceType_ELASTICSEARCH_DOMAIN

func ResourceType_ELASTICSEARCH_DOMAIN() ResourceType

func ResourceType_ELASTIC_BEANSTALK_APPLICATION

func ResourceType_ELASTIC_BEANSTALK_APPLICATION() ResourceType

func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION

func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION() ResourceType

func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT

func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT() ResourceType

func ResourceType_ELBV2_LISTENER added in v2.37.0

func ResourceType_ELBV2_LISTENER() ResourceType

func ResourceType_ELBV2_LOAD_BALANCER

func ResourceType_ELBV2_LOAD_BALANCER() ResourceType

func ResourceType_ELB_LOAD_BALANCER

func ResourceType_ELB_LOAD_BALANCER() ResourceType

func ResourceType_EMR_SECURITY_CONFIGURATION added in v2.37.0

func ResourceType_EMR_SECURITY_CONFIGURATION() ResourceType

func ResourceType_EVENTBRIDGE_API_DESTINATION added in v2.60.0

func ResourceType_EVENTBRIDGE_API_DESTINATION() ResourceType

func ResourceType_EVENTBRIDGE_ARCHIVE added in v2.60.0

func ResourceType_EVENTBRIDGE_ARCHIVE() ResourceType

func ResourceType_EVENTBRIDGE_ENDPOINT added in v2.60.0

func ResourceType_EVENTBRIDGE_ENDPOINT() ResourceType

func ResourceType_EVENTBRIDGE_EVENTBUS added in v2.51.0

func ResourceType_EVENTBRIDGE_EVENTBUS() ResourceType

func ResourceType_EVENTSCHEMAS_DISCOVERER added in v2.63.0

func ResourceType_EVENTSCHEMAS_DISCOVERER() ResourceType

func ResourceType_EVENTSCHEMAS_REGISTRY added in v2.63.0

func ResourceType_EVENTSCHEMAS_REGISTRY() ResourceType

func ResourceType_EVENTSCHEMAS_REGISTRY_POLICY added in v2.63.0

func ResourceType_EVENTSCHEMAS_REGISTRY_POLICY() ResourceType

func ResourceType_FIS_EXPERIMENT_TEMPLATE added in v2.60.0

func ResourceType_FIS_EXPERIMENT_TEMPLATE() ResourceType

func ResourceType_FRAUDDETECTOR_ENTITY_TYPE added in v2.63.0

func ResourceType_FRAUDDETECTOR_ENTITY_TYPE() ResourceType

func ResourceType_FRAUDDETECTOR_LABEL added in v2.63.0

func ResourceType_FRAUDDETECTOR_LABEL() ResourceType

func ResourceType_FRAUDDETECTOR_OUTCOME added in v2.63.0

func ResourceType_FRAUDDETECTOR_OUTCOME() ResourceType

func ResourceType_FRAUDDETECTOR_VARIABLE added in v2.63.0

func ResourceType_FRAUDDETECTOR_VARIABLE() ResourceType

func ResourceType_GLOBALACCELERATOR_ACCELERATOR added in v2.37.0

func ResourceType_GLOBALACCELERATOR_ACCELERATOR() ResourceType

func ResourceType_GLOBALACCELERATOR_ENDPOINT_GROUP added in v2.37.0

func ResourceType_GLOBALACCELERATOR_ENDPOINT_GROUP() ResourceType

func ResourceType_GLOBALACCELERATOR_LISTENER added in v2.37.0

func ResourceType_GLOBALACCELERATOR_LISTENER() ResourceType

func ResourceType_GLUE_CLASSIFIER added in v2.51.0

func ResourceType_GLUE_CLASSIFIER() ResourceType

func ResourceType_GLUE_JOB added in v2.51.0

func ResourceType_GLUE_JOB() ResourceType

func ResourceType_GLUE_ML_TRANSFORM added in v2.68.0

func ResourceType_GLUE_ML_TRANSFORM() ResourceType

func ResourceType_GUARDDUTY_DETECTOR added in v2.37.0

func ResourceType_GUARDDUTY_DETECTOR() ResourceType

func ResourceType_GUARDDUTY_FILTER added in v2.60.0

func ResourceType_GUARDDUTY_FILTER() ResourceType

func ResourceType_GUARDDUTY_IP_SET added in v2.46.0

func ResourceType_GUARDDUTY_IP_SET() ResourceType

func ResourceType_GUARDDUTY_THREAT_INTEL_SET added in v2.46.0

func ResourceType_GUARDDUTY_THREAT_INTEL_SET() ResourceType

func ResourceType_IAM_ACCESSANALYZER_ANALYZER added in v2.37.0

func ResourceType_IAM_ACCESSANALYZER_ANALYZER() ResourceType

func ResourceType_IAM_GROUP

func ResourceType_IAM_GROUP() ResourceType

func ResourceType_IAM_POLICY

func ResourceType_IAM_POLICY() ResourceType

func ResourceType_IAM_ROLE

func ResourceType_IAM_ROLE() ResourceType

func ResourceType_IAM_USER

func ResourceType_IAM_USER() ResourceType

func ResourceType_IMAGEBUILDER_CONTAINER_RECIPE added in v2.51.0

func ResourceType_IMAGEBUILDER_CONTAINER_RECIPE() ResourceType

func ResourceType_IMAGEBUILDER_DISTRIBUTION_CONFIGURATION added in v2.51.0

func ResourceType_IMAGEBUILDER_DISTRIBUTION_CONFIGURATION() ResourceType

func ResourceType_IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION added in v2.51.0

func ResourceType_IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION() ResourceType

func ResourceType_IOT_ANALYTICS_CHANNEL added in v2.68.0

func ResourceType_IOT_ANALYTICS_CHANNEL() ResourceType

func ResourceType_IOT_ANALYTICS_DATASET added in v2.68.0

func ResourceType_IOT_ANALYTICS_DATASET() ResourceType

func ResourceType_IOT_ANALYTICS_DATASTORE added in v2.63.0

func ResourceType_IOT_ANALYTICS_DATASTORE() ResourceType

func ResourceType_IOT_ANALYTICS_PIPELINE added in v2.68.0

func ResourceType_IOT_ANALYTICS_PIPELINE() ResourceType

func ResourceType_IOT_AUTHORIZER added in v2.63.0

func ResourceType_IOT_AUTHORIZER() ResourceType

func ResourceType_IOT_DIMENSION added in v2.63.0

func ResourceType_IOT_DIMENSION() ResourceType

func ResourceType_IOT_EVENTS_ALARM_MODEL added in v2.51.0

func ResourceType_IOT_EVENTS_ALARM_MODEL() ResourceType

func ResourceType_IOT_EVENTS_DETECTOR_MODEL added in v2.51.0

func ResourceType_IOT_EVENTS_DETECTOR_MODEL() ResourceType

func ResourceType_IOT_EVENTS_INPUT added in v2.51.0

func ResourceType_IOT_EVENTS_INPUT() ResourceType

func ResourceType_IOT_MITIGATION_ACTION added in v2.68.0

func ResourceType_IOT_MITIGATION_ACTION() ResourceType

func ResourceType_IOT_POLICY added in v2.68.0

func ResourceType_IOT_POLICY() ResourceType

func ResourceType_IOT_ROLE_ALIAS added in v2.63.0

func ResourceType_IOT_ROLE_ALIAS() ResourceType

func ResourceType_IOT_SECURITY_PROFILE added in v2.63.0

func ResourceType_IOT_SECURITY_PROFILE() ResourceType

func ResourceType_IOT_SITEWISE_ASSETMODEL added in v2.68.0

func ResourceType_IOT_SITEWISE_ASSETMODEL() ResourceType

func ResourceType_IOT_SITEWISE_DASHBOARD added in v2.68.0

func ResourceType_IOT_SITEWISE_DASHBOARD() ResourceType

func ResourceType_IOT_SITEWISE_PORTAL added in v2.68.0

func ResourceType_IOT_SITEWISE_PORTAL() ResourceType

func ResourceType_IOT_SITEWISE_PROJECT added in v2.68.0

func ResourceType_IOT_SITEWISE_PROJECT() ResourceType

func ResourceType_IOT_TWINMAKER_ENTITY added in v2.68.0

func ResourceType_IOT_TWINMAKER_ENTITY() ResourceType

func ResourceType_IOT_TWINMAKER_WORKSPACE added in v2.68.0

func ResourceType_IOT_TWINMAKER_WORKSPACE() ResourceType

func ResourceType_IVS_CHANNEL added in v2.68.0

func ResourceType_IVS_CHANNEL() ResourceType

func ResourceType_IVS_PLAYBACK_KEYPAIR added in v2.68.0

func ResourceType_IVS_PLAYBACK_KEYPAIR() ResourceType

func ResourceType_IVS_RECORDING_CONFIGURATION added in v2.68.0

func ResourceType_IVS_RECORDING_CONFIGURATION() ResourceType

func ResourceType_KINESIS_ANALYTICS_V2_APPLICATION added in v2.68.0

func ResourceType_KINESIS_ANALYTICS_V2_APPLICATION() ResourceType

func ResourceType_KINESIS_STREAM added in v2.37.0

func ResourceType_KINESIS_STREAM() ResourceType

func ResourceType_KINESIS_STREAM_CONSUMER added in v2.37.0

func ResourceType_KINESIS_STREAM_CONSUMER() ResourceType

func ResourceType_KMS_KEY

func ResourceType_KMS_KEY() ResourceType

func ResourceType_LAMBDA_FUNCTION

func ResourceType_LAMBDA_FUNCTION() ResourceType

func ResourceType_LIGHTSAIL_BUCKET added in v2.63.0

func ResourceType_LIGHTSAIL_BUCKET() ResourceType

func ResourceType_LIGHTSAIL_CERTIFICATE added in v2.60.0

func ResourceType_LIGHTSAIL_CERTIFICATE() ResourceType

func ResourceType_LIGHTSAIL_DISK added in v2.60.0

func ResourceType_LIGHTSAIL_DISK() ResourceType

func ResourceType_LIGHTSAIL_STATIC_IP added in v2.63.0

func ResourceType_LIGHTSAIL_STATIC_IP() ResourceType

func ResourceType_MEDIAPACKAGE_PACKAGING_GROUP added in v2.63.0

func ResourceType_MEDIAPACKAGE_PACKAGING_GROUP() ResourceType

func ResourceType_MSK_CLUSTER added in v2.37.0

func ResourceType_MSK_CLUSTER() ResourceType

func ResourceType_NETWORK_FIREWALL_FIREWALL added in v2.63.0

func ResourceType_NETWORK_FIREWALL_FIREWALL() ResourceType

func ResourceType_NETWORK_FIREWALL_FIREWALL_POLICY added in v2.63.0

func ResourceType_NETWORK_FIREWALL_FIREWALL_POLICY() ResourceType

func ResourceType_NETWORK_FIREWALL_RULE_GROUP added in v2.63.0

func ResourceType_NETWORK_FIREWALL_RULE_GROUP() ResourceType

func ResourceType_OPENSEARCH_DOMAIN added in v2.37.0

func ResourceType_OPENSEARCH_DOMAIN() ResourceType

func ResourceType_Of

func ResourceType_Of(type_ *string) ResourceType

A custom resource type to support future cases.

func ResourceType_QLDB_LEDGER

func ResourceType_QLDB_LEDGER() ResourceType

func ResourceType_RDS_DB_CLUSTER

func ResourceType_RDS_DB_CLUSTER() ResourceType

func ResourceType_RDS_DB_CLUSTER_SNAPSHOT

func ResourceType_RDS_DB_CLUSTER_SNAPSHOT() ResourceType

func ResourceType_RDS_DB_INSTANCE

func ResourceType_RDS_DB_INSTANCE() ResourceType

func ResourceType_RDS_DB_SECURITY_GROUP

func ResourceType_RDS_DB_SECURITY_GROUP() ResourceType

func ResourceType_RDS_DB_SNAPSHOT

func ResourceType_RDS_DB_SNAPSHOT() ResourceType

func ResourceType_RDS_DB_SUBNET_GROUP

func ResourceType_RDS_DB_SUBNET_GROUP() ResourceType

func ResourceType_RDS_EVENT_SUBSCRIPTION

func ResourceType_RDS_EVENT_SUBSCRIPTION() ResourceType

func ResourceType_RDS_GLOBAL_CLUSTER added in v2.68.0

func ResourceType_RDS_GLOBAL_CLUSTER() ResourceType

func ResourceType_REDSHIFT_CLUSTER

func ResourceType_REDSHIFT_CLUSTER() ResourceType

func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP

func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP

func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT

func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP

func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP() ResourceType

func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION

func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION() ResourceType

func ResourceType_RESILIENCEHUB_RESILIENCY_POLICY added in v2.63.0

func ResourceType_RESILIENCEHUB_RESILIENCY_POLICY() ResourceType

func ResourceType_ROUTE53_HEALTH_CHECK added in v2.51.0

func ResourceType_ROUTE53_HEALTH_CHECK() ResourceType

func ResourceType_ROUTE53_HOSTED_ZONE added in v2.51.0

func ResourceType_ROUTE53_HOSTED_ZONE() ResourceType

func ResourceType_ROUTE53_RECOVERY_READINESS_CELL added in v2.51.0

func ResourceType_ROUTE53_RECOVERY_READINESS_CELL() ResourceType

func ResourceType_ROUTE53_RECOVERY_READINESS_READINESS_CHECK added in v2.51.0

func ResourceType_ROUTE53_RECOVERY_READINESS_READINESS_CHECK() ResourceType

func ResourceType_ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP added in v2.63.0

func ResourceType_ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP() ResourceType

func ResourceType_ROUTE53_RESOLVER_RESOLVER_ENDPOINT added in v2.37.0

func ResourceType_ROUTE53_RESOLVER_RESOLVER_ENDPOINT() ResourceType

func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE added in v2.37.0

func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE() ResourceType

func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION added in v2.37.0

func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION() ResourceType

func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK

func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK() ResourceType

func ResourceType_S3_BUCKET

func ResourceType_S3_BUCKET() ResourceType

func ResourceType_S3_MULTIREGION_ACCESS_POINT added in v2.68.0

func ResourceType_S3_MULTIREGION_ACCESS_POINT() ResourceType

func ResourceType_SAGEMAKER_CODE_REPOSITORY added in v2.37.0

func ResourceType_SAGEMAKER_CODE_REPOSITORY() ResourceType

func ResourceType_SAGEMAKER_MODEL added in v2.37.0

func ResourceType_SAGEMAKER_MODEL() ResourceType

func ResourceType_SAGEMAKER_NOTEBOOK_INSTANCE added in v2.37.0

func ResourceType_SAGEMAKER_NOTEBOOK_INSTANCE() ResourceType

func ResourceType_SAGEMAKER_WORKTEAM added in v2.46.0

func ResourceType_SAGEMAKER_WORKTEAM() ResourceType

func ResourceType_SECRETS_MANAGER_SECRET

func ResourceType_SECRETS_MANAGER_SECRET() ResourceType

func ResourceType_SERVICEDISCOVERY_HTTP_NAMESPACE added in v2.51.0

func ResourceType_SERVICEDISCOVERY_HTTP_NAMESPACE() ResourceType

func ResourceType_SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE added in v2.46.0

func ResourceType_SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE() ResourceType

func ResourceType_SERVICEDISCOVERY_SERVICE added in v2.46.0

func ResourceType_SERVICEDISCOVERY_SERVICE() ResourceType

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT() ResourceType

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT() ResourceType

func ResourceType_SERVICE_CATALOG_PORTFOLIO

func ResourceType_SERVICE_CATALOG_PORTFOLIO() ResourceType

func ResourceType_SES_CONFIGURATION_SET added in v2.46.0

func ResourceType_SES_CONFIGURATION_SET() ResourceType

func ResourceType_SES_CONTACT_LIST added in v2.46.0

func ResourceType_SES_CONTACT_LIST() ResourceType

func ResourceType_SES_RECEIPT_FILTER added in v2.60.0

func ResourceType_SES_RECEIPT_FILTER() ResourceType

func ResourceType_SES_RECEIPT_RECEIPT_RULE_SET added in v2.60.0

func ResourceType_SES_RECEIPT_RECEIPT_RULE_SET() ResourceType

func ResourceType_SES_TEMPLATE added in v2.60.0

func ResourceType_SES_TEMPLATE() ResourceType

func ResourceType_SHIELD_PROTECTION

func ResourceType_SHIELD_PROTECTION() ResourceType

func ResourceType_SHIELD_REGIONAL_PROTECTION

func ResourceType_SHIELD_REGIONAL_PROTECTION() ResourceType

func ResourceType_SNS_TOPIC

func ResourceType_SNS_TOPIC() ResourceType

func ResourceType_SQS_QUEUE

func ResourceType_SQS_QUEUE() ResourceType

func ResourceType_STEPFUNCTIONS_ACTIVITY added in v2.37.0

func ResourceType_STEPFUNCTIONS_ACTIVITY() ResourceType

func ResourceType_STEPFUNCTIONS_STATE_MACHINE added in v2.37.0

func ResourceType_STEPFUNCTIONS_STATE_MACHINE() ResourceType

func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE

func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE() ResourceType

func ResourceType_SYSTEMS_MANAGER_FILE_DATA

func ResourceType_SYSTEMS_MANAGER_FILE_DATA() ResourceType

func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY

func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY() ResourceType

func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE

func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE() ResourceType

func ResourceType_TRANSFER_WORKFLOW added in v2.63.0

func ResourceType_TRANSFER_WORKFLOW() ResourceType

func ResourceType_WAFV2_IP_SET added in v2.37.0

func ResourceType_WAFV2_IP_SET() ResourceType

func ResourceType_WAFV2_MANAGED_RULE_SET

func ResourceType_WAFV2_MANAGED_RULE_SET() ResourceType

func ResourceType_WAFV2_REGEX_PATTERN_SET added in v2.37.0

func ResourceType_WAFV2_REGEX_PATTERN_SET() ResourceType

func ResourceType_WAFV2_RULE_GROUP

func ResourceType_WAFV2_RULE_GROUP() ResourceType

func ResourceType_WAFV2_WEB_ACL

func ResourceType_WAFV2_WEB_ACL() ResourceType

func ResourceType_WAF_RATE_BASED_RULE

func ResourceType_WAF_RATE_BASED_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RATE_BASED_RULE

func ResourceType_WAF_REGIONAL_RATE_BASED_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RULE

func ResourceType_WAF_REGIONAL_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RULE_GROUP

func ResourceType_WAF_REGIONAL_RULE_GROUP() ResourceType

func ResourceType_WAF_REGIONAL_WEB_ACL

func ResourceType_WAF_REGIONAL_WEB_ACL() ResourceType

func ResourceType_WAF_RULE

func ResourceType_WAF_RULE() ResourceType

func ResourceType_WAF_RULE_GROUP

func ResourceType_WAF_RULE_GROUP() ResourceType

func ResourceType_WAF_WEB_ACL

func ResourceType_WAF_WEB_ACL() ResourceType

func ResourceType_WORKSPACES_CONNECTION_ALIAS added in v2.37.0

func ResourceType_WORKSPACES_CONNECTION_ALIAS() ResourceType

func ResourceType_WORKSPACES_WORKSPACE added in v2.37.0

func ResourceType_WORKSPACES_WORKSPACE() ResourceType

func ResourceType_XRAY_ENCRYPTION_CONFIGURATION

func ResourceType_XRAY_ENCRYPTION_CONFIGURATION() ResourceType

type RuleProps

type RuleProps struct {
	// A name for the AWS Config rule.
	// Default: - CloudFormation generated name.
	//
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Default: - No description.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Default: - No input parameters.
	//
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
	//
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
	//
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
}

Construction properties for a new rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}
var ruleScope ruleScope

ruleProps := &RuleProps{
	ConfigRuleName: jsii.String("configRuleName"),
	Description: jsii.String("description"),
	InputParameters: map[string]interface{}{
		"inputParametersKey": inputParameters,
	},
	MaximumExecutionFrequency: awscdk.Aws_config.MaximumExecutionFrequency_ONE_HOUR,
	RuleScope: ruleScope,
}

type RuleScope

type RuleScope interface {
	// tag key applied to resources that will trigger evaluation of a rule.
	Key() *string
	// ID of the only AWS resource that will trigger evaluation of a rule.
	ResourceId() *string
	// Resource types that will trigger evaluation of a rule.
	ResourceTypes() *[]ResourceType
	// tag value applied to resources that will trigger evaluation of a rule.
	Value() *string
}

Determines which resources trigger an evaluation of an AWS Config rule.

Example:

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
	Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	Handler: jsii.String("index.handler"),
	Runtime: lambda.Runtime_NODEJS_18_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
	ConfigurationChanges: jsii.Boolean(true),
	LambdaFunction: evalComplianceFn,
	RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})

func RuleScope_FromResource

func RuleScope_FromResource(resourceType ResourceType, resourceId *string) RuleScope

restricts scope of changes to a specific resource type or resource identifier.

func RuleScope_FromResources

func RuleScope_FromResources(resourceTypes *[]ResourceType) RuleScope

restricts scope of changes to specific resource types.

func RuleScope_FromTag

func RuleScope_FromTag(key *string, value *string) RuleScope

restricts scope of changes to a specific tag.

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL