README
¶
AWS Config Construct Library
AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
This module is part of the AWS Cloud Development Kit project.
Initial Setup
Before using the constructs provided in this module, you need to set up AWS Config in the region in which it will be used. This setup includes the one-time creation of the following resources per region:
ConfigurationRecorder: Configure which resources will be recorded for config changes.DeliveryChannel: Configure where to store the recorded data.
The following guides provide the steps for getting started with AWS Config:
Rules
AWS Config can evaluate the configuration settings of your AWS resources by creating AWS Config rules, which represent your ideal configuration settings.
See Evaluating Resources with AWS Config Rules to learn more about AWS Config rules.
AWS Managed Rules
AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.
For example, you could create a managed rule that checks whether active access keys are rotated within the number of days specified.
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
InputParameters: map[string]interface{}{
"maxAccessKeyAge": jsii.Number(60),
},
// default is 24 hours
MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})
Identifiers for AWS managed rules are available through static constants in the ManagedRuleIdentifiers class.
You can find supported input parameters in the List of AWS Config Managed Rules.
The following higher level constructs for AWS managed rules are available.
Access Key rotation
Checks whether your active access keys are rotated within the number of days specified.
// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))
CloudFormation Stack drift detection
Checks whether your CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration.
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &CloudFormationStackDriftDetectionCheckProps{
OwnStackOnly: jsii.Boolean(true),
})
CloudFormation Stack notifications
Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.
// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
Topics: []iTopic{
topic1,
topic2,
},
})
Custom rules
You can develop custom rules and add them to AWS Config. You associate each custom rule with an AWS Lambda function and Guard.
Custom Lambda Rules
Lambda function which contains the logic that evaluates whether your AWS resources comply with the rule.
// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
Handler: jsii.String("index.handler"),
Runtime: lambda.Runtime_NODEJS_18_X(),
})
// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
ConfigurationChanges: jsii.Boolean(true),
LambdaFunction: evalComplianceFn,
RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})
Custom Policy Rules
Guard which contains the logic that evaluates whether your AWS resources comply with the rule.
samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`
config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EnableDebugLog: jsii.Boolean(true),
RuleScope: config.RuleScope_FromResources([]resourceType{
config.*resourceType_DYNAMODB_TABLE(),
}),
})
Triggers
AWS Lambda executes functions in response to events that are published by AWS Services. The function for a custom Config rule receives an event that is published by AWS Config, and is responsible for evaluating the compliance of the rule.
Evaluations can be triggered by configuration changes, periodically, or both.
To create a custom rule, define a CustomRule and specify the Lambda Function
to run and the trigger types.
var evalComplianceFn function
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: evalComplianceFn,
ConfigurationChanges: jsii.Boolean(true),
Periodic: jsii.Boolean(true),
// default is 24 hours
MaximumExecutionFrequency: config.MaximumExecutionFrequency_SIX_HOURS,
})
When the trigger for a rule occurs, the Lambda function is invoked by publishing an event. See example events for AWS Config Rules
The AWS documentation has examples of Lambda functions for evaluations that are triggered by configuration changes and triggered periodically
Scope
By default rules are triggered by changes to all resources.
Use the RuleScope APIs (fromResource(), fromResources() or fromTag()) to restrict
the scope of both managed and custom rules:
var evalComplianceFn function
sshRule := config.NewManagedRule(this, jsii.String("SSH"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED(),
RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_SECURITY_GROUP(), jsii.String("sg-1234567890abcdefgh")),
})
customRule := config.NewCustomRule(this, jsii.String("Lambda"), &CustomRuleProps{
LambdaFunction: evalComplianceFn,
ConfigurationChanges: jsii.Boolean(true),
RuleScope: config.RuleScope_FromResources([]resourceType{
config.*resourceType_CLOUDFORMATION_STACK(),
config.*resourceType_S3_BUCKET(),
}),
})
tagRule := config.NewCustomRule(this, jsii.String("CostCenterTagRule"), &CustomRuleProps{
LambdaFunction: evalComplianceFn,
ConfigurationChanges: jsii.Boolean(true),
RuleScope: config.RuleScope_FromTag(jsii.String("Cost Center"), jsii.String("MyApp")),
})
Evaluation Mode
You can specify the evaluation mode for a rule to determine when AWS Config runs evaluations.
Use the evaluationModes property to specify the evaluation mode:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
Note: Proactive evaluation mode is not supported for all rules. See AWS Config documentation for more information.
Events
You can define Amazon EventBridge event rules which trigger when a compliance check fails or when a rule is re-evaluated.
Use the onComplianceChange() APIs to trigger an EventBridge event when a compliance check
of your AWS Config Rule fails:
// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))
rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &OnEventOptions{
Target: targets.NewSnsTopic(complianceTopic),
})
Use the onReEvaluationStatus() status to trigger an EventBridge event when an AWS Config
rule is re-evaluated.
// Topic to which re-evaluation notification events will be published
reEvaluationTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))
rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onReEvaluationStatus(jsii.String("ReEvaluationEvent"), &OnEventOptions{
Target: targets.NewSnsTopic(reEvaluationTopic),
})
Example
The following example creates a custom rule that evaluates whether EC2 instances are compliant. Compliance events are published to an SNS topic.
// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
Handler: jsii.String("index.handler"),
Runtime: lambda.Runtime_NODEJS_18_X(),
})
// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
ConfigurationChanges: jsii.Boolean(true),
LambdaFunction: evalComplianceFn,
RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})
// A rule to detect stack drifts
driftRule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))
// Send notification on compliance change events
driftRule.onComplianceChange(jsii.String("ComplianceChange"), &OnEventOptions{
Target: targets.NewSnsTopic(complianceTopic),
})
Documentation
¶
Index ¶
- func AccessKeysRotated_IsConstruct(x interface{}) *bool
- func AccessKeysRotated_IsOwnedResource(construct constructs.IConstruct) *bool
- func AccessKeysRotated_IsResource(construct constructs.IConstruct) *bool
- func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAggregationAuthorization_IsCfnElement(x interface{}) *bool
- func CfnAggregationAuthorization_IsCfnResource(x interface{}) *bool
- func CfnAggregationAuthorization_IsConstruct(x interface{}) *bool
- func CfnConfigRule_CFN_RESOURCE_TYPE_NAME() *string
- func CfnConfigRule_IsCfnElement(x interface{}) *bool
- func CfnConfigRule_IsCfnResource(x interface{}) *bool
- func CfnConfigRule_IsConstruct(x interface{}) *bool
- func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME() *string
- func CfnConfigurationAggregator_IsCfnElement(x interface{}) *bool
- func CfnConfigurationAggregator_IsCfnResource(x interface{}) *bool
- func CfnConfigurationAggregator_IsConstruct(x interface{}) *bool
- func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME() *string
- func CfnConfigurationRecorder_IsCfnElement(x interface{}) *bool
- func CfnConfigurationRecorder_IsCfnResource(x interface{}) *bool
- func CfnConfigurationRecorder_IsConstruct(x interface{}) *bool
- func CfnConformancePack_CFN_RESOURCE_TYPE_NAME() *string
- func CfnConformancePack_IsCfnElement(x interface{}) *bool
- func CfnConformancePack_IsCfnResource(x interface{}) *bool
- func CfnConformancePack_IsConstruct(x interface{}) *bool
- func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME() *string
- func CfnDeliveryChannel_IsCfnElement(x interface{}) *bool
- func CfnDeliveryChannel_IsCfnResource(x interface{}) *bool
- func CfnDeliveryChannel_IsConstruct(x interface{}) *bool
- func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME() *string
- func CfnOrganizationConfigRule_IsCfnElement(x interface{}) *bool
- func CfnOrganizationConfigRule_IsCfnResource(x interface{}) *bool
- func CfnOrganizationConfigRule_IsConstruct(x interface{}) *bool
- func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME() *string
- func CfnOrganizationConformancePack_IsCfnElement(x interface{}) *bool
- func CfnOrganizationConformancePack_IsCfnResource(x interface{}) *bool
- func CfnOrganizationConformancePack_IsConstruct(x interface{}) *bool
- func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME() *string
- func CfnRemediationConfiguration_IsCfnElement(x interface{}) *bool
- func CfnRemediationConfiguration_IsCfnResource(x interface{}) *bool
- func CfnRemediationConfiguration_IsConstruct(x interface{}) *bool
- func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME() *string
- func CfnStoredQuery_IsCfnElement(x interface{}) *bool
- func CfnStoredQuery_IsCfnResource(x interface{}) *bool
- func CfnStoredQuery_IsConstruct(x interface{}) *bool
- func CloudFormationStackDriftDetectionCheck_IsConstruct(x interface{}) *bool
- func CloudFormationStackDriftDetectionCheck_IsOwnedResource(construct constructs.IConstruct) *bool
- func CloudFormationStackDriftDetectionCheck_IsResource(construct constructs.IConstruct) *bool
- func CloudFormationStackNotificationCheck_IsConstruct(x interface{}) *bool
- func CloudFormationStackNotificationCheck_IsOwnedResource(construct constructs.IConstruct) *bool
- func CloudFormationStackNotificationCheck_IsResource(construct constructs.IConstruct) *bool
- func CustomPolicy_IsConstruct(x interface{}) *bool
- func CustomPolicy_IsOwnedResource(construct constructs.IConstruct) *bool
- func CustomPolicy_IsResource(construct constructs.IConstruct) *bool
- func CustomRule_IsConstruct(x interface{}) *bool
- func CustomRule_IsOwnedResource(construct constructs.IConstruct) *bool
- func CustomRule_IsResource(construct constructs.IConstruct) *bool
- func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED() *string
- func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS() *string
- func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK() *string
- func ManagedRuleIdentifiers_ALB_DESYNC_MODE_CHECK() *string
- func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED() *string
- func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK() *string
- func ManagedRuleIdentifiers_ALB_WAF_ENABLED() *string
- func ManagedRuleIdentifiers_API_GWV2_ACCESS_LOGS_ENABLED() *string
- func ManagedRuleIdentifiers_API_GWV2_AUTHORIZATION_TYPE_CONFIGURED() *string
- func ManagedRuleIdentifiers_API_GW_ASSOCIATED_WITH_WAF() *string
- func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED() *string
- func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK() *string
- func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_API_GW_SSL_ENABLED() *string
- func ManagedRuleIdentifiers_API_GW_XRAY_ENABLED() *string
- func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID() *string
- func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG() *string
- func ManagedRuleIdentifiers_AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_AURORA_MYSQL_BACKTRACKING_ENABLED() *string
- func ManagedRuleIdentifiers_AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_AUTOSCALING_CAPACITY_REBALANCING() *string
- func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED() *string
- func ManagedRuleIdentifiers_AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2() *string
- func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT() *string
- func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED() *string
- func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_TEMPLATE() *string
- func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_AZ() *string
- func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_INSTANCE_TYPES() *string
- func ManagedRuleIdentifiers_BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK() *string
- func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_ENCRYPTED() *string
- func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED() *string
- func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK() *string
- func ManagedRuleIdentifiers_BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED() *string
- func ManagedRuleIdentifiers_CLB_DESYNC_MODE_CHECK() *string
- func ManagedRuleIdentifiers_CLB_MULTIPLE_AZ() *string
- func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_ACCESSLOGS_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_ASSOCIATED_WITH_WAF() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_CUSTOM_SSL_CERTIFICATE() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_SECURITY_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED() *string
- func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS() *string
- func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK() *string
- func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED() *string
- func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED() *string
- func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED() *string
- func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED() *string
- func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK() *string
- func ManagedRuleIdentifiers_CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED() *string
- func ManagedRuleIdentifiers_CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED() *string
- func ManagedRuleIdentifiers_CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED() *string
- func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK() *string
- func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK() *string
- func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK() *string
- func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED() *string
- func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC() *string
- func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED() *string
- func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED() *string
- func ManagedRuleIdentifiers_DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS() *string
- func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED() *string
- func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK() *string
- func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES() *string
- func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE() *string
- func ManagedRuleIdentifiers_EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK() *string
- func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY() *string
- func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE() *string
- func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT() *string
- func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK() *string
- func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC() *string
- func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED() *string
- func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM() *string
- func ManagedRuleIdentifiers_EC2_INSTANCE_MULTIPLE_ENI_CHECK() *string
- func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP() *string
- func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED() *string
- func ManagedRuleIdentifiers_EC2_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK() *string
- func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK() *string
- func ManagedRuleIdentifiers_EC2_NO_AMAZON_KEY_PAIR() *string
- func ManagedRuleIdentifiers_EC2_PARAVIRTUAL_INSTANCE_CHECK() *string
- func ManagedRuleIdentifiers_EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED() *string
- func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC() *string
- func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI() *string
- func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC() *string
- func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE() *string
- func ManagedRuleIdentifiers_EC2_TOKEN_HOP_LIMIT_CHECK() *string
- func ManagedRuleIdentifiers_EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED() *string
- func ManagedRuleIdentifiers_EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK() *string
- func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK() *string
- func ManagedRuleIdentifiers_ECR_PRIVATE_IMAGE_SCANNING_ENABLED() *string
- func ManagedRuleIdentifiers_ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED() *string
- func ManagedRuleIdentifiers_ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED() *string
- func ManagedRuleIdentifiers_ECS_AWSVPC_NETWORKING_ENABLED() *string
- func ManagedRuleIdentifiers_ECS_CONTAINERS_NONPRIVILEGED() *string
- func ManagedRuleIdentifiers_ECS_CONTAINERS_READONLY_ACCESS() *string
- func ManagedRuleIdentifiers_ECS_CONTAINER_INSIGHTS_ENABLED() *string
- func ManagedRuleIdentifiers_ECS_FARGATE_LATEST_PLATFORM_VERSION() *string
- func ManagedRuleIdentifiers_ECS_NO_ENVIRONMENT_SECRETS() *string
- func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_LOG_CONFIGURATION() *string
- func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT() *string
- func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_NONROOT_USER() *string
- func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_PID_MODE_CHECK() *string
- func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY() *string
- func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY() *string
- func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK() *string
- func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_EFS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_EIP_ATTACHED() *string
- func ManagedRuleIdentifiers_EKS_CLUSTER_OLDEST_SUPPORTED_VERSION() *string
- func ManagedRuleIdentifiers_EKS_CLUSTER_SUPPORTED_VERSION() *string
- func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS() *string
- func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED() *string
- func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK() *string
- func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST() *string
- func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY() *string
- func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string
- func ManagedRuleIdentifiers_ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED() *string
- func ManagedRuleIdentifiers_ELBV2_ACM_CERTIFICATE_REQUIRED() *string
- func ManagedRuleIdentifiers_ELBV2_MULTIPLE_AZ() *string
- func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED() *string
- func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string
- func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK() *string
- func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED() *string
- func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK() *string
- func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY() *string
- func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED() *string
- func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP() *string
- func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK() *string
- func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK() *string
- func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK() *string
- func ManagedRuleIdentifiers_FSX_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED() *string
- func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS() *string
- func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS() *string
- func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK() *string
- func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS() *string
- func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY() *string
- func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK() *string
- func ManagedRuleIdentifiers_IAM_POLICY_IN_USE() *string
- func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS() *string
- func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS() *string
- func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK() *string
- func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK() *string
- func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED() *string
- func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK() *string
- func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK() *string
- func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY() *string
- func ManagedRuleIdentifiers_KINESIS_STREAM_ENCRYPTED() *string
- func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION() *string
- func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK() *string
- func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK() *string
- func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED() *string
- func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK() *string
- func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC() *string
- func ManagedRuleIdentifiers_LAMBDA_VPC_MULTI_AZ_CHECK() *string
- func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS() *string
- func ManagedRuleIdentifiers_NACL_NO_UNRESTRICTED_SSH_RDP() *string
- func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS() *string
- func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS() *string
- func ManagedRuleIdentifiers_NETFW_POLICY_RULE_GROUP_ASSOCIATED() *string
- func ManagedRuleIdentifiers_NETFW_STATELESS_RULE_GROUP_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string
- func ManagedRuleIdentifiers_OPENSEARCH_ACCESS_CONTROL_ENABLED() *string
- func ManagedRuleIdentifiers_OPENSEARCH_AUDIT_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_OPENSEARCH_DATA_NODE_FAULT_TOLERANCE() *string
- func ManagedRuleIdentifiers_OPENSEARCH_ENCRYPTED_AT_REST() *string
- func ManagedRuleIdentifiers_OPENSEARCH_HTTPS_REQUIRED() *string
- func ManagedRuleIdentifiers_OPENSEARCH_IN_VPC_ONLY() *string
- func ManagedRuleIdentifiers_OPENSEARCH_LOGS_TO_CLOUDWATCH() *string
- func ManagedRuleIdentifiers_OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string
- func ManagedRuleIdentifiers_RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_CLUSTER_DEFAULT_ADMIN_CHECK() *string
- func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_CLUSTER_MULTI_AZ_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_DB_SECURITY_GROUP_NOT_ALLOWED() *string
- func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_INSTANCE_DEFAULT_ADMIN_CHECK() *string
- func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK() *string
- func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_RDS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT() *string
- func ManagedRuleIdentifiers_RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED() *string
- func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED() *string
- func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED() *string
- func ManagedRuleIdentifiers_REDSHIFT_AUDIT_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED() *string
- func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK() *string
- func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_KMS_ENABLED() *string
- func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK() *string
- func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK() *string
- func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_ADMIN_CHECK() *string
- func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_DB_NAME_CHECK() *string
- func ManagedRuleIdentifiers_REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED() *string
- func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL() *string
- func ManagedRuleIdentifiers_REQUIRED_TAGS() *string
- func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED() *string
- func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED() *string
- func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS() *string
- func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC() *string
- func ManagedRuleIdentifiers_S3_BUCKET_ACL_PROHIBITED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK() *string
- func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE() *string
- func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED() *string
- func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY() *string
- func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED() *string
- func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS() *string
- func ManagedRuleIdentifiers_S3_EVENT_NOTIFICATIONS_ENABLED() *string
- func ManagedRuleIdentifiers_S3_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_S3_LIFECYCLE_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_S3_VERSION_LIFECYCLE_POLICY_CHECK() *string
- func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED() *string
- func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED() *string
- func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS() *string
- func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK() *string
- func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK() *string
- func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_PERIODIC_ROTATION() *string
- func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_UNUSED() *string
- func ManagedRuleIdentifiers_SECRETSMANAGER_USING_CMK() *string
- func ManagedRuleIdentifiers_SECURITYHUB_ENABLED() *string
- func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED() *string
- func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW() *string
- func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS() *string
- func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS() *string
- func ManagedRuleIdentifiers_SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED() *string
- func ManagedRuleIdentifiers_SSM_DOCUMENT_NOT_PUBLIC() *string
- func ManagedRuleIdentifiers_STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED() *string
- func ManagedRuleIdentifiers_VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
- func ManagedRuleIdentifiers_VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
- func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED() *string
- func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED() *string
- func ManagedRuleIdentifiers_VPC_NETWORK_ACL_UNUSED_CHECK() *string
- func ManagedRuleIdentifiers_VPC_PEERING_DNS_RESOLUTION_CHECK() *string
- func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS() *string
- func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP() *string
- func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED() *string
- func ManagedRuleIdentifiers_WAF_GLOBAL_RULEGROUP_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_WAF_GLOBAL_RULE_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_WAF_GLOBAL_WEBACL_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_WAF_REGIONAL_RULEGROUP_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_WAF_REGIONAL_RULE_NOT_EMPTY() *string
- func ManagedRuleIdentifiers_WAF_REGIONAL_WEBACL_NOT_EMPTY() *string
- func ManagedRule_IsConstruct(x interface{}) *bool
- func ManagedRule_IsOwnedResource(construct constructs.IConstruct) *bool
- func ManagedRule_IsResource(construct constructs.IConstruct) *bool
- func NewAccessKeysRotated_Override(a AccessKeysRotated, scope constructs.Construct, id *string, ...)
- func NewCfnAggregationAuthorization_Override(c CfnAggregationAuthorization, scope constructs.Construct, id *string, ...)
- func NewCfnConfigRule_Override(c CfnConfigRule, scope constructs.Construct, id *string, ...)
- func NewCfnConfigurationAggregator_Override(c CfnConfigurationAggregator, scope constructs.Construct, id *string, ...)
- func NewCfnConfigurationRecorder_Override(c CfnConfigurationRecorder, scope constructs.Construct, id *string, ...)
- func NewCfnConformancePack_Override(c CfnConformancePack, scope constructs.Construct, id *string, ...)
- func NewCfnDeliveryChannel_Override(c CfnDeliveryChannel, scope constructs.Construct, id *string, ...)
- func NewCfnOrganizationConfigRule_Override(c CfnOrganizationConfigRule, scope constructs.Construct, id *string, ...)
- func NewCfnOrganizationConformancePack_Override(c CfnOrganizationConformancePack, scope constructs.Construct, id *string, ...)
- func NewCfnRemediationConfiguration_Override(c CfnRemediationConfiguration, scope constructs.Construct, id *string, ...)
- func NewCfnStoredQuery_Override(c CfnStoredQuery, scope constructs.Construct, id *string, ...)
- func NewCloudFormationStackDriftDetectionCheck_Override(c CloudFormationStackDriftDetectionCheck, scope constructs.Construct, ...)
- func NewCloudFormationStackNotificationCheck_Override(c CloudFormationStackNotificationCheck, scope constructs.Construct, id *string, ...)
- func NewCustomPolicy_Override(c CustomPolicy, scope constructs.Construct, id *string, ...)
- func NewCustomRule_Override(c CustomRule, scope constructs.Construct, id *string, props *CustomRuleProps)
- func NewEvaluationMode_Override(e EvaluationMode, modes *[]*string)
- func NewManagedRule_Override(m ManagedRule, scope constructs.Construct, id *string, props *ManagedRuleProps)
- type AccessKeysRotated
- type AccessKeysRotatedProps
- type CfnAggregationAuthorization
- type CfnAggregationAuthorizationProps
- type CfnConfigRule
- type CfnConfigRuleProps
- type CfnConfigRule_ComplianceProperty
- type CfnConfigRule_CustomPolicyDetailsProperty
- type CfnConfigRule_EvaluationModeConfigurationProperty
- type CfnConfigRule_ScopeProperty
- type CfnConfigRule_SourceDetailProperty
- type CfnConfigRule_SourceProperty
- type CfnConfigurationAggregator
- type CfnConfigurationAggregatorProps
- type CfnConfigurationAggregator_AccountAggregationSourceProperty
- type CfnConfigurationAggregator_OrganizationAggregationSourceProperty
- type CfnConfigurationRecorder
- type CfnConfigurationRecorderProps
- type CfnConfigurationRecorder_ExclusionByResourceTypesProperty
- type CfnConfigurationRecorder_RecordingGroupProperty
- type CfnConfigurationRecorder_RecordingModeOverrideProperty
- type CfnConfigurationRecorder_RecordingModeProperty
- type CfnConfigurationRecorder_RecordingStrategyProperty
- type CfnConformancePack
- type CfnConformancePackProps
- type CfnConformancePack_ConformancePackInputParameterProperty
- type CfnConformancePack_TemplateSSMDocumentDetailsProperty
- type CfnDeliveryChannel
- type CfnDeliveryChannelProps
- type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty
- type CfnOrganizationConfigRule
- type CfnOrganizationConfigRuleProps
- type CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty
- type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty
- type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty
- type CfnOrganizationConformancePack
- type CfnOrganizationConformancePackProps
- type CfnOrganizationConformancePack_ConformancePackInputParameterProperty
- type CfnRemediationConfiguration
- type CfnRemediationConfigurationProps
- type CfnRemediationConfiguration_ExecutionControlsProperty
- type CfnRemediationConfiguration_RemediationParameterValueProperty
- type CfnRemediationConfiguration_ResourceValueProperty
- type CfnRemediationConfiguration_SsmControlsProperty
- type CfnRemediationConfiguration_StaticValueProperty
- type CfnStoredQuery
- type CfnStoredQueryProps
- type CloudFormationStackDriftDetectionCheck
- type CloudFormationStackDriftDetectionCheckProps
- type CloudFormationStackNotificationCheck
- type CloudFormationStackNotificationCheckProps
- type CustomPolicy
- type CustomPolicyProps
- type CustomRule
- type CustomRuleProps
- type EvaluationMode
- type IRule
- func AccessKeysRotated_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- func CloudFormationStackDriftDetectionCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- func CloudFormationStackNotificationCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- func CustomPolicy_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- func CustomRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- func ManagedRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
- type ManagedRule
- type ManagedRuleIdentifiers
- type ManagedRuleProps
- type MaximumExecutionFrequency
- type ResourceType
- func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY() ResourceType
- func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY_ACTIVATION() ResourceType
- func ResourceType_ACM_CERTIFICATE() ResourceType
- func ResourceType_AMAZON_MQ_BROKER() ResourceType
- func ResourceType_AMPLIFY_APP() ResourceType
- func ResourceType_AMPLIFY_BRANCH() ResourceType
- func ResourceType_APIGATEWAYV2_API() ResourceType
- func ResourceType_APIGATEWAYV2_STAGE() ResourceType
- func ResourceType_APIGATEWAY_REST_API() ResourceType
- func ResourceType_APIGATEWAY_STAGE() ResourceType
- func ResourceType_APPCONFIG_APPLICATION() ResourceType
- func ResourceType_APPCONFIG_CONFIGURATION_PROFILE() ResourceType
- func ResourceType_APPCONFIG_ENVIRONMENT() ResourceType
- func ResourceType_APPSYNC_GRAPHQL_API() ResourceType
- func ResourceType_APP_CONFIG_DEPLOYMENT_STRATEGY() ResourceType
- func ResourceType_APP_CONFIG_HOSTED_CONFIGURATION_VERSION() ResourceType
- func ResourceType_APP_FLOW_FLOW() ResourceType
- func ResourceType_APP_INTEGRATIONS_EVENT_INTEGRATION() ResourceType
- func ResourceType_APP_MESH_GATEWAY_ROUTE() ResourceType
- func ResourceType_APP_MESH_MESH() ResourceType
- func ResourceType_APP_MESH_ROUTE() ResourceType
- func ResourceType_APP_MESH_VIRTUAL_GATEWAY() ResourceType
- func ResourceType_APP_MESH_VIRTUAL_NODE() ResourceType
- func ResourceType_APP_MESH_VIRTUAL_ROUTER() ResourceType
- func ResourceType_APP_MESH_VIRTUAL_SERVICE() ResourceType
- func ResourceType_APP_RUNNER_SERVICE() ResourceType
- func ResourceType_APP_RUNNER_VPC_CONNECTOR() ResourceType
- func ResourceType_APP_STREAM_APPLICATION() ResourceType
- func ResourceType_APP_STREAM_DIRECTORY_CONFIG() ResourceType
- func ResourceType_APP_STREAM_FLEET() ResourceType
- func ResourceType_APP_STREAM_STACK() ResourceType
- func ResourceType_APS_RULE_GROUPS_NAMESPACE() ResourceType
- func ResourceType_ATHENA_PREPARED_STATEMENT() ResourceType
- func ResourceType_AUDIT_MANAGER_ASSESSMENT() ResourceType
- func ResourceType_AUTO_SCALING_GROUP() ResourceType
- func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION() ResourceType
- func ResourceType_AUTO_SCALING_POLICY() ResourceType
- func ResourceType_AUTO_SCALING_SCHEDULED_ACTION() ResourceType
- func ResourceType_AUTO_SCALING_WARM_POOL() ResourceType
- func ResourceType_BACKUP_BACKUP_PLAN() ResourceType
- func ResourceType_BACKUP_BACKUP_SELECTION() ResourceType
- func ResourceType_BACKUP_BACKUP_VAULT() ResourceType
- func ResourceType_BACKUP_RECOVERY_POINT() ResourceType
- func ResourceType_BACKUP_REPORT_PLAN() ResourceType
- func ResourceType_BATCH_COMPUTE_ENVIRONMENT() ResourceType
- func ResourceType_BATCH_JOB_QUEUE() ResourceType
- func ResourceType_BATCH_SCHEDULING_POLICY() ResourceType
- func ResourceType_BUDGETS_BUDGETS_ACTION() ResourceType
- func ResourceType_CASSANDRA_KEYSPACE() ResourceType
- func ResourceType_CLOUD9_ENVIRONMENT_EC2() ResourceType
- func ResourceType_CLOUDFORMATION_STACK() ResourceType
- func ResourceType_CLOUDFRONT_DISTRIBUTION() ResourceType
- func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION() ResourceType
- func ResourceType_CLOUDTRAIL_TRAIL() ResourceType
- func ResourceType_CLOUDWATCH_ALARM() ResourceType
- func ResourceType_CLOUDWATCH_RUM_APP_MONITOR() ResourceType
- func ResourceType_CLOUD_WATCH_METRIC_STREAM() ResourceType
- func ResourceType_CODEBUILD_PROJECT() ResourceType
- func ResourceType_CODEDEPLOY_APPLICATION() ResourceType
- func ResourceType_CODEDEPLOY_DEPLOYMENT_CONFIG() ResourceType
- func ResourceType_CODEDEPLOY_DEPLOYMENT_GROUP() ResourceType
- func ResourceType_CODEPIPELINE_PIPELINE() ResourceType
- func ResourceType_CODE_ARTIFACT_REPOSITORY() ResourceType
- func ResourceType_CODE_BUILD_REPORT_GROUP() ResourceType
- func ResourceType_CODE_GURU_PROFILER_PROFILING_GROUP() ResourceType
- func ResourceType_CODE_GURU_REVIEWER_REPOSITORY_ASSOCIATION() ResourceType
- func ResourceType_CONFIG_CONFORMANCE_PACK_COMPLIANCE() ResourceType
- func ResourceType_CONFIG_RESOURCE_COMPLIANCE() ResourceType
- func ResourceType_CONNECT_INSTANCE() ResourceType
- func ResourceType_CONNECT_PHONE_NUMBER() ResourceType
- func ResourceType_CONNECT_QUICK_CONNECT() ResourceType
- func ResourceType_CUSTOMER_PROFILES_DOMAIN() ResourceType
- func ResourceType_CUSTOMER_PROFILES_OBJECT_TYPE() ResourceType
- func ResourceType_DATASYNC_LOCATION_EFS() ResourceType
- func ResourceType_DATASYNC_LOCATION_FSX_LUSTRE() ResourceType
- func ResourceType_DATASYNC_LOCATION_FSX_WINDOWS() ResourceType
- func ResourceType_DATASYNC_LOCATION_HDFS() ResourceType
- func ResourceType_DATASYNC_LOCATION_NFS() ResourceType
- func ResourceType_DATASYNC_LOCATION_OBJECT_STORAGE() ResourceType
- func ResourceType_DATASYNC_LOCATION_S3() ResourceType
- func ResourceType_DATASYNC_LOCATION_SMB() ResourceType
- func ResourceType_DATASYNC_TASK() ResourceType
- func ResourceType_DEVICE_FARM_INSTANCE_PROFILE() ResourceType
- func ResourceType_DEVICE_FARM_PROJECT() ResourceType
- func ResourceType_DEVICE_FARM_TEST_GRID_PROJECT() ResourceType
- func ResourceType_DMS_ENDPOINT() ResourceType
- func ResourceType_DMS_EVENT_SUBSCRIPTION() ResourceType
- func ResourceType_DMS_REPLICATION_SUBNET_GROUP() ResourceType
- func ResourceType_DYNAMODB_TABLE() ResourceType
- func ResourceType_EBS_VOLUME() ResourceType
- func ResourceType_EC2_CAPACITY_RESERVATION() ResourceType
- func ResourceType_EC2_CARRIER_GATEWAY() ResourceType
- func ResourceType_EC2_CLIENT_VPN_ENDPOINT() ResourceType
- func ResourceType_EC2_CUSTOMER_GATEWAY() ResourceType
- func ResourceType_EC2_DHCP_OPTIONS() ResourceType
- func ResourceType_EC2_EC2_FLEET() ResourceType
- func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY() ResourceType
- func ResourceType_EC2_EIP() ResourceType
- func ResourceType_EC2_FLOW_LOG() ResourceType
- func ResourceType_EC2_HOST() ResourceType
- func ResourceType_EC2_INSTANCE() ResourceType
- func ResourceType_EC2_INTERNET_GATEWAY() ResourceType
- func ResourceType_EC2_IPAM() ResourceType
- func ResourceType_EC2_IPAM_POOL() ResourceType
- func ResourceType_EC2_IPAM_SCOPE() ResourceType
- func ResourceType_EC2_LAUNCH_TEMPLATE() ResourceType
- func ResourceType_EC2_NAT_GATEWAY() ResourceType
- func ResourceType_EC2_NETWORK_ACL() ResourceType
- func ResourceType_EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS() ResourceType
- func ResourceType_EC2_NETWORK_INSIGHTS_PATH() ResourceType
- func ResourceType_EC2_NETWORK_INTERFACE() ResourceType
- func ResourceType_EC2_PREFIX_LIST() ResourceType
- func ResourceType_EC2_REGISTERED_HA_INSTANCE() ResourceType
- func ResourceType_EC2_ROUTE_TABLE() ResourceType
- func ResourceType_EC2_SECURITY_GROUP() ResourceType
- func ResourceType_EC2_SPOT_FLEET() ResourceType
- func ResourceType_EC2_SUBNET() ResourceType
- func ResourceType_EC2_SUBNET_ROUTE_TABLE_ASSOCIATION() ResourceType
- func ResourceType_EC2_TRAFFIC_MIRROR_FILTER() ResourceType
- func ResourceType_EC2_TRAFFIC_MIRROR_SESSION() ResourceType
- func ResourceType_EC2_TRAFFIC_MIRROR_TARGET() ResourceType
- func ResourceType_EC2_TRANSIT_GATEWAY() ResourceType
- func ResourceType_EC2_TRANSIT_GATEWAY_ATTACHMENT() ResourceType
- func ResourceType_EC2_TRANSIT_GATEWAY_CONNECT() ResourceType
- func ResourceType_EC2_TRANSIT_GATEWAY_MULTICAST_DOMAIN() ResourceType
- func ResourceType_EC2_TRANSIT_GATEWAY_ROUTE_TABLE() ResourceType
- func ResourceType_EC2_VPC() ResourceType
- func ResourceType_EC2_VPC_ENDPOINT() ResourceType
- func ResourceType_EC2_VPC_ENDPOINT_SERVICE() ResourceType
- func ResourceType_EC2_VPC_PEERING_CONNECTION() ResourceType
- func ResourceType_EC2_VPN_CONNECTION() ResourceType
- func ResourceType_EC2_VPN_GATEWAY() ResourceType
- func ResourceType_ECR_PUBLIC_REPOSITORY() ResourceType
- func ResourceType_ECR_PULL_THROUGH_CACHE_RULE() ResourceType
- func ResourceType_ECR_REGISTRY_POLICY() ResourceType
- func ResourceType_ECR_REPOSITORY() ResourceType
- func ResourceType_ECS_CAPACITY_PROVIDER() ResourceType
- func ResourceType_ECS_CLUSTER() ResourceType
- func ResourceType_ECS_SERVICE() ResourceType
- func ResourceType_ECS_TASK_DEFINITION() ResourceType
- func ResourceType_ECS_TASK_SET() ResourceType
- func ResourceType_EFS_ACCESS_POINT() ResourceType
- func ResourceType_EFS_FILE_SYSTEM() ResourceType
- func ResourceType_EKS_ADDON() ResourceType
- func ResourceType_EKS_CLUSTER() ResourceType
- func ResourceType_EKS_IDENTITY_PROVIDER_CONFIG() ResourceType
- func ResourceType_ELASTICSEARCH_DOMAIN() ResourceType
- func ResourceType_ELASTIC_BEANSTALK_APPLICATION() ResourceType
- func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION() ResourceType
- func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT() ResourceType
- func ResourceType_ELBV2_LISTENER() ResourceType
- func ResourceType_ELBV2_LOAD_BALANCER() ResourceType
- func ResourceType_ELB_LOAD_BALANCER() ResourceType
- func ResourceType_EMR_SECURITY_CONFIGURATION() ResourceType
- func ResourceType_EVENTBRIDGE_API_DESTINATION() ResourceType
- func ResourceType_EVENTBRIDGE_ARCHIVE() ResourceType
- func ResourceType_EVENTBRIDGE_ENDPOINT() ResourceType
- func ResourceType_EVENTBRIDGE_EVENTBUS() ResourceType
- func ResourceType_EVENTSCHEMAS_DISCOVERER() ResourceType
- func ResourceType_EVENTSCHEMAS_REGISTRY() ResourceType
- func ResourceType_EVENTSCHEMAS_REGISTRY_POLICY() ResourceType
- func ResourceType_EVENTS_CONNECTION() ResourceType
- func ResourceType_EVENTS_RULE() ResourceType
- func ResourceType_EVENT_SCHEMAS_SCHEMA() ResourceType
- func ResourceType_EVIDENTLY_LAUNCH() ResourceType
- func ResourceType_EVIDENTLY_PROJECT() ResourceType
- func ResourceType_FIS_EXPERIMENT_TEMPLATE() ResourceType
- func ResourceType_FORECAST_DATASET() ResourceType
- func ResourceType_FORECAST_DATASET_GROUP() ResourceType
- func ResourceType_FRAUDDETECTOR_ENTITY_TYPE() ResourceType
- func ResourceType_FRAUDDETECTOR_LABEL() ResourceType
- func ResourceType_FRAUDDETECTOR_OUTCOME() ResourceType
- func ResourceType_FRAUDDETECTOR_VARIABLE() ResourceType
- func ResourceType_GLOBALACCELERATOR_ACCELERATOR() ResourceType
- func ResourceType_GLOBALACCELERATOR_ENDPOINT_GROUP() ResourceType
- func ResourceType_GLOBALACCELERATOR_LISTENER() ResourceType
- func ResourceType_GLUE_CLASSIFIER() ResourceType
- func ResourceType_GLUE_JOB() ResourceType
- func ResourceType_GLUE_ML_TRANSFORM() ResourceType
- func ResourceType_GRAFANA_WORKSPACE() ResourceType
- func ResourceType_GREENGRASSV2_COMPONENT_VERSION() ResourceType
- func ResourceType_GROUNDSTATION_MISSION_PROFILE() ResourceType
- func ResourceType_GROUND_STATION_CONFIG() ResourceType
- func ResourceType_GUARDDUTY_DETECTOR() ResourceType
- func ResourceType_GUARDDUTY_FILTER() ResourceType
- func ResourceType_GUARDDUTY_IP_SET() ResourceType
- func ResourceType_GUARDDUTY_THREAT_INTEL_SET() ResourceType
- func ResourceType_HEALTH_LAKE_FHIR_DATASTORE() ResourceType
- func ResourceType_IAM_ACCESSANALYZER_ANALYZER() ResourceType
- func ResourceType_IAM_GROUP() ResourceType
- func ResourceType_IAM_INSTANCE_PROFILE() ResourceType
- func ResourceType_IAM_POLICY() ResourceType
- func ResourceType_IAM_ROLE() ResourceType
- func ResourceType_IAM_SAML_PROVIDER() ResourceType
- func ResourceType_IAM_SERVER_CERTIFICATE() ResourceType
- func ResourceType_IAM_USER() ResourceType
- func ResourceType_IMAGEBUILDER_CONTAINER_RECIPE() ResourceType
- func ResourceType_IMAGEBUILDER_DISTRIBUTION_CONFIGURATION() ResourceType
- func ResourceType_IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION() ResourceType
- func ResourceType_IMAGE_BUILDER_IMAGE_PIPELINE() ResourceType
- func ResourceType_INSPECTORV2_FILTER() ResourceType
- func ResourceType_IOT_ACCOUNT_AUDIT_CONFIGURATION() ResourceType
- func ResourceType_IOT_ANALYTICS_CHANNEL() ResourceType
- func ResourceType_IOT_ANALYTICS_DATASET() ResourceType
- func ResourceType_IOT_ANALYTICS_DATASTORE() ResourceType
- func ResourceType_IOT_ANALYTICS_PIPELINE() ResourceType
- func ResourceType_IOT_AUTHORIZER() ResourceType
- func ResourceType_IOT_CA_CERTIFICATE() ResourceType
- func ResourceType_IOT_CUSTOM_METRIC() ResourceType
- func ResourceType_IOT_DIMENSION() ResourceType
- func ResourceType_IOT_EVENTS_ALARM_MODEL() ResourceType
- func ResourceType_IOT_EVENTS_DETECTOR_MODEL() ResourceType
- func ResourceType_IOT_EVENTS_INPUT() ResourceType
- func ResourceType_IOT_FLEET_METRIC() ResourceType
- func ResourceType_IOT_JOB_TEMPLATE() ResourceType
- func ResourceType_IOT_MITIGATION_ACTION() ResourceType
- func ResourceType_IOT_POLICY() ResourceType
- func ResourceType_IOT_PROVISIONING_TEMPLATE() ResourceType
- func ResourceType_IOT_ROLE_ALIAS() ResourceType
- func ResourceType_IOT_SCHEDULED_AUDIT() ResourceType
- func ResourceType_IOT_SECURITY_PROFILE() ResourceType
- func ResourceType_IOT_SITEWISE_ASSETMODEL() ResourceType
- func ResourceType_IOT_SITEWISE_DASHBOARD() ResourceType
- func ResourceType_IOT_SITEWISE_GATEWAY() ResourceType
- func ResourceType_IOT_SITEWISE_PORTAL() ResourceType
- func ResourceType_IOT_SITEWISE_PROJECT() ResourceType
- func ResourceType_IOT_TWINMAKER_ENTITY() ResourceType
- func ResourceType_IOT_TWINMAKER_WORKSPACE() ResourceType
- func ResourceType_IOT_TWIN_MAKER_COMPONENT_TYPE() ResourceType
- func ResourceType_IOT_TWIN_MAKER_SCENE() ResourceType
- func ResourceType_IOT_TWIN_MAKER_SYNC_JOB() ResourceType
- func ResourceType_IOT_WIRELESS_FUOTA_TASK() ResourceType
- func ResourceType_IOT_WIRELESS_MULTICAST_GROUP() ResourceType
- func ResourceType_IOT_WIRELESS_SERVICE_PROFILE() ResourceType
- func ResourceType_IVS_CHANNEL() ResourceType
- func ResourceType_IVS_PLAYBACK_KEYPAIR() ResourceType
- func ResourceType_IVS_RECORDING_CONFIGURATION() ResourceType
- func ResourceType_KAFKA_CONNECT_CONNECTOR() ResourceType
- func ResourceType_KENDRA_INDEX() ResourceType
- func ResourceType_KINESIS_ANALYTICS_V2_APPLICATION() ResourceType
- func ResourceType_KINESIS_FIREHOSE_DELIVERY_STREAM() ResourceType
- func ResourceType_KINESIS_STREAM() ResourceType
- func ResourceType_KINESIS_STREAM_CONSUMER() ResourceType
- func ResourceType_KINESIS_VIDEO_SIGNALING_CHANNEL() ResourceType
- func ResourceType_KINESIS_VIDEO_STREAM() ResourceType
- func ResourceType_KMS_ALIAS() ResourceType
- func ResourceType_KMS_KEY() ResourceType
- func ResourceType_LAMBDA_CODE_SIGNING_CONFIG() ResourceType
- func ResourceType_LAMBDA_FUNCTION() ResourceType
- func ResourceType_LEX_BOT() ResourceType
- func ResourceType_LEX_BOT_ALIAS() ResourceType
- func ResourceType_LIGHTSAIL_BUCKET() ResourceType
- func ResourceType_LIGHTSAIL_CERTIFICATE() ResourceType
- func ResourceType_LIGHTSAIL_DISK() ResourceType
- func ResourceType_LIGHTSAIL_STATIC_IP() ResourceType
- func ResourceType_LOGS_DESTINATION() ResourceType
- func ResourceType_LOOKOUT_METRICS_ALERT() ResourceType
- func ResourceType_LOOKOUT_VISION_PROJECT() ResourceType
- func ResourceType_MEDIACONNECT_FLOW_ENTITLEMENT() ResourceType
- func ResourceType_MEDIACONNECT_FLOW_VPC_INTERFACE() ResourceType
- func ResourceType_MEDIAPACKAGE_PACKAGING_GROUP() ResourceType
- func ResourceType_MEDIATAILOR_PLAYBACK_CONFIGURATION() ResourceType
- func ResourceType_MEDIA_CONNECT_FLOW_SOURCE() ResourceType
- func ResourceType_MEDIA_PACKAGE_PACKAGING_CONFIGURATION() ResourceType
- func ResourceType_MSK_BATCH_SCRAM_SECRET() ResourceType
- func ResourceType_MSK_CLUSTER() ResourceType
- func ResourceType_MSK_CONFIGURATION() ResourceType
- func ResourceType_NETWORK_FIREWALL_FIREWALL() ResourceType
- func ResourceType_NETWORK_FIREWALL_FIREWALL_POLICY() ResourceType
- func ResourceType_NETWORK_FIREWALL_RULE_GROUP() ResourceType
- func ResourceType_NETWORK_FIREWALL_TLS_INSPECTION_CONFIGURATION() ResourceType
- func ResourceType_NETWORK_MANAGER_CONNECT_PEER() ResourceType
- func ResourceType_NETWORK_MANAGER_CUSTOMER_GATEWAY_ASSOCIATION() ResourceType
- func ResourceType_NETWORK_MANAGER_DEVICE() ResourceType
- func ResourceType_NETWORK_MANAGER_GLOBAL_NETWORK() ResourceType
- func ResourceType_NETWORK_MANAGER_LINK() ResourceType
- func ResourceType_NETWORK_MANAGER_LINK_ASSOCIATION() ResourceType
- func ResourceType_NETWORK_MANAGER_SITE() ResourceType
- func ResourceType_NETWORK_MANAGER_TRANSIT_GATEWAY_REGISTRATION() ResourceType
- func ResourceType_OPENSEARCH_DOMAIN() ResourceType
- func ResourceType_Of(type_ *string) ResourceType
- func ResourceType_PANORAMA_PACKAGE() ResourceType
- func ResourceType_PERSONALIZE_DATASET() ResourceType
- func ResourceType_PERSONALIZE_DATASET_GROUP() ResourceType
- func ResourceType_PERSONALIZE_SCHEMA() ResourceType
- func ResourceType_PERSONALIZE_SOLUTION() ResourceType
- func ResourceType_PINPOINT_APP() ResourceType
- func ResourceType_PINPOINT_APPLICATION_SETTINGS() ResourceType
- func ResourceType_PINPOINT_CAMPAIGN() ResourceType
- func ResourceType_PINPOINT_EMAIL_CHANNEL() ResourceType
- func ResourceType_PINPOINT_EMAIL_TEMPLATE() ResourceType
- func ResourceType_PINPOINT_EVENT_STREAM() ResourceType
- func ResourceType_PINPOINT_IN_APP_TEMPLATE() ResourceType
- func ResourceType_PINPOINT_SEGMENT() ResourceType
- func ResourceType_QLDB_LEDGER() ResourceType
- func ResourceType_RDS_DB_CLUSTER() ResourceType
- func ResourceType_RDS_DB_CLUSTER_SNAPSHOT() ResourceType
- func ResourceType_RDS_DB_INSTANCE() ResourceType
- func ResourceType_RDS_DB_SECURITY_GROUP() ResourceType
- func ResourceType_RDS_DB_SNAPSHOT() ResourceType
- func ResourceType_RDS_DB_SUBNET_GROUP() ResourceType
- func ResourceType_RDS_EVENT_SUBSCRIPTION() ResourceType
- func ResourceType_RDS_GLOBAL_CLUSTER() ResourceType
- func ResourceType_RDS_OPTION_GROUP() ResourceType
- func ResourceType_REDSHIFT_CLUSTER() ResourceType
- func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP() ResourceType
- func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP() ResourceType
- func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT() ResourceType
- func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP() ResourceType
- func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION() ResourceType
- func ResourceType_REDSHIFT_SCHEDULED_ACTION() ResourceType
- func ResourceType_RESILIENCEHUB_APP() ResourceType
- func ResourceType_RESILIENCEHUB_RESILIENCY_POLICY() ResourceType
- func ResourceType_RESOURCE_EXPLORER2_INDEX() ResourceType
- func ResourceType_ROBO_MAKER_ROBOT_APPLICATION() ResourceType
- func ResourceType_ROBO_MAKER_ROBOT_APPLICATION_VERSION() ResourceType
- func ResourceType_ROBO_MAKER_SIMULATION_APPLICATION() ResourceType
- func ResourceType_ROUTE53_HEALTH_CHECK() ResourceType
- func ResourceType_ROUTE53_HOSTED_ZONE() ResourceType
- func ResourceType_ROUTE53_RECOVERY_CONTROL_CLUSTER() ResourceType
- func ResourceType_ROUTE53_RECOVERY_CONTROL_CONTROL_PANEL() ResourceType
- func ResourceType_ROUTE53_RECOVERY_CONTROL_ROUTING_CONTROL() ResourceType
- func ResourceType_ROUTE53_RECOVERY_CONTROL_SAFETY_RULE() ResourceType
- func ResourceType_ROUTE53_RECOVERY_READINESS_CELL() ResourceType
- func ResourceType_ROUTE53_RECOVERY_READINESS_READINESS_CHECK() ResourceType
- func ResourceType_ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP() ResourceType
- func ResourceType_ROUTE53_RECOVERY_READINESS_RESOURCE_SET() ResourceType
- func ResourceType_ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST() ResourceType
- func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP() ResourceType
- func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION() ResourceType
- func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG() ResourceType
- func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG_ASSOCIATION() ResourceType
- func ResourceType_ROUTE53_RESOLVER_RESOLVER_ENDPOINT() ResourceType
- func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE() ResourceType
- func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION() ResourceType
- func ResourceType_S3_ACCESS_POINT() ResourceType
- func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK() ResourceType
- func ResourceType_S3_BUCKET() ResourceType
- func ResourceType_S3_MULTIREGION_ACCESS_POINT() ResourceType
- func ResourceType_S3_STORAGE_LENS() ResourceType
- func ResourceType_SAGEMAKER_CODE_REPOSITORY() ResourceType
- func ResourceType_SAGEMAKER_DOMAIN() ResourceType
- func ResourceType_SAGEMAKER_FEATURE_GROUP() ResourceType
- func ResourceType_SAGEMAKER_MODEL() ResourceType
- func ResourceType_SAGEMAKER_NOTEBOOK_INSTANCE() ResourceType
- func ResourceType_SAGEMAKER_WORKTEAM() ResourceType
- func ResourceType_SAGE_MAKER_APP_IMAGE_CONFIG() ResourceType
- func ResourceType_SAGE_MAKER_IMAGE() ResourceType
- func ResourceType_SECRETS_MANAGER_SECRET() ResourceType
- func ResourceType_SERVICEDISCOVERY_HTTP_NAMESPACE() ResourceType
- func ResourceType_SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE() ResourceType
- func ResourceType_SERVICEDISCOVERY_SERVICE() ResourceType
- func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT() ResourceType
- func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT() ResourceType
- func ResourceType_SERVICE_CATALOG_PORTFOLIO() ResourceType
- func ResourceType_SERVICE_DISCOVERY_INSTANCE() ResourceType
- func ResourceType_SES_CONFIGURATION_SET() ResourceType
- func ResourceType_SES_CONTACT_LIST() ResourceType
- func ResourceType_SES_RECEIPT_FILTER() ResourceType
- func ResourceType_SES_RECEIPT_RECEIPT_RULE_SET() ResourceType
- func ResourceType_SES_TEMPLATE() ResourceType
- func ResourceType_SHIELD_PROTECTION() ResourceType
- func ResourceType_SHIELD_REGIONAL_PROTECTION() ResourceType
- func ResourceType_SIGNER_SIGNING_PROFILE() ResourceType
- func ResourceType_SNS_TOPIC() ResourceType
- func ResourceType_SQS_QUEUE() ResourceType
- func ResourceType_STEPFUNCTIONS_ACTIVITY() ResourceType
- func ResourceType_STEPFUNCTIONS_STATE_MACHINE() ResourceType
- func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE() ResourceType
- func ResourceType_SYSTEMS_MANAGER_FILE_DATA() ResourceType
- func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY() ResourceType
- func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE() ResourceType
- func ResourceType_TRANSFER_AGREEMENT() ResourceType
- func ResourceType_TRANSFER_CERTIFICATE() ResourceType
- func ResourceType_TRANSFER_CONNECTOR() ResourceType
- func ResourceType_TRANSFER_WORKFLOW() ResourceType
- func ResourceType_WAFV2_IP_SET() ResourceType
- func ResourceType_WAFV2_MANAGED_RULE_SET() ResourceType
- func ResourceType_WAFV2_REGEX_PATTERN_SET() ResourceType
- func ResourceType_WAFV2_RULE_GROUP() ResourceType
- func ResourceType_WAFV2_WEB_ACL() ResourceType
- func ResourceType_WAF_RATE_BASED_RULE() ResourceType
- func ResourceType_WAF_REGIONAL_RATE_BASED_RULE() ResourceType
- func ResourceType_WAF_REGIONAL_RULE() ResourceType
- func ResourceType_WAF_REGIONAL_RULE_GROUP() ResourceType
- func ResourceType_WAF_REGIONAL_WEB_ACL() ResourceType
- func ResourceType_WAF_RULE() ResourceType
- func ResourceType_WAF_RULE_GROUP() ResourceType
- func ResourceType_WAF_WEB_ACL() ResourceType
- func ResourceType_WORKSPACES_CONNECTION_ALIAS() ResourceType
- func ResourceType_WORKSPACES_WORKSPACE() ResourceType
- func ResourceType_XRAY_ENCRYPTION_CONFIGURATION() ResourceType
- type RuleProps
- type RuleScope
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AccessKeysRotated_IsConstruct ¶
func AccessKeysRotated_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func AccessKeysRotated_IsOwnedResource ¶ added in v2.32.0
func AccessKeysRotated_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func AccessKeysRotated_IsResource ¶
func AccessKeysRotated_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME ¶
func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME() *string
func CfnAggregationAuthorization_IsCfnElement ¶
func CfnAggregationAuthorization_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnAggregationAuthorization_IsCfnResource ¶
func CfnAggregationAuthorization_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnAggregationAuthorization_IsConstruct ¶
func CfnAggregationAuthorization_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnConfigRule_CFN_RESOURCE_TYPE_NAME ¶
func CfnConfigRule_CFN_RESOURCE_TYPE_NAME() *string
func CfnConfigRule_IsCfnElement ¶
func CfnConfigRule_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnConfigRule_IsCfnResource ¶
func CfnConfigRule_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnConfigRule_IsConstruct ¶
func CfnConfigRule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME ¶
func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME() *string
func CfnConfigurationAggregator_IsCfnElement ¶
func CfnConfigurationAggregator_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnConfigurationAggregator_IsCfnResource ¶
func CfnConfigurationAggregator_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnConfigurationAggregator_IsConstruct ¶
func CfnConfigurationAggregator_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME ¶
func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME() *string
func CfnConfigurationRecorder_IsCfnElement ¶
func CfnConfigurationRecorder_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnConfigurationRecorder_IsCfnResource ¶
func CfnConfigurationRecorder_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnConfigurationRecorder_IsConstruct ¶
func CfnConfigurationRecorder_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnConformancePack_CFN_RESOURCE_TYPE_NAME ¶
func CfnConformancePack_CFN_RESOURCE_TYPE_NAME() *string
func CfnConformancePack_IsCfnElement ¶
func CfnConformancePack_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnConformancePack_IsCfnResource ¶
func CfnConformancePack_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnConformancePack_IsConstruct ¶
func CfnConformancePack_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME ¶
func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME() *string
func CfnDeliveryChannel_IsCfnElement ¶
func CfnDeliveryChannel_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnDeliveryChannel_IsCfnResource ¶
func CfnDeliveryChannel_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnDeliveryChannel_IsConstruct ¶
func CfnDeliveryChannel_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME ¶
func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME() *string
func CfnOrganizationConfigRule_IsCfnElement ¶
func CfnOrganizationConfigRule_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnOrganizationConfigRule_IsCfnResource ¶
func CfnOrganizationConfigRule_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnOrganizationConfigRule_IsConstruct ¶
func CfnOrganizationConfigRule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME ¶
func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME() *string
func CfnOrganizationConformancePack_IsCfnElement ¶
func CfnOrganizationConformancePack_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnOrganizationConformancePack_IsCfnResource ¶
func CfnOrganizationConformancePack_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnOrganizationConformancePack_IsConstruct ¶
func CfnOrganizationConformancePack_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME ¶
func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME() *string
func CfnRemediationConfiguration_IsCfnElement ¶
func CfnRemediationConfiguration_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnRemediationConfiguration_IsCfnResource ¶
func CfnRemediationConfiguration_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnRemediationConfiguration_IsConstruct ¶
func CfnRemediationConfiguration_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME ¶
func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME() *string
func CfnStoredQuery_IsCfnElement ¶
func CfnStoredQuery_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnStoredQuery_IsCfnResource ¶
func CfnStoredQuery_IsCfnResource(x interface{}) *bool
Check whether the given object is a CfnResource.
func CfnStoredQuery_IsConstruct ¶
func CfnStoredQuery_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CloudFormationStackDriftDetectionCheck_IsConstruct ¶
func CloudFormationStackDriftDetectionCheck_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CloudFormationStackDriftDetectionCheck_IsOwnedResource ¶ added in v2.32.0
func CloudFormationStackDriftDetectionCheck_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func CloudFormationStackDriftDetectionCheck_IsResource ¶
func CloudFormationStackDriftDetectionCheck_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func CloudFormationStackNotificationCheck_IsConstruct ¶
func CloudFormationStackNotificationCheck_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CloudFormationStackNotificationCheck_IsOwnedResource ¶ added in v2.32.0
func CloudFormationStackNotificationCheck_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func CloudFormationStackNotificationCheck_IsResource ¶
func CloudFormationStackNotificationCheck_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func CustomPolicy_IsConstruct ¶ added in v2.47.0
func CustomPolicy_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CustomPolicy_IsOwnedResource ¶ added in v2.47.0
func CustomPolicy_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func CustomPolicy_IsResource ¶ added in v2.47.0
func CustomPolicy_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func CustomRule_IsConstruct ¶
func CustomRule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func CustomRule_IsOwnedResource ¶ added in v2.32.0
func CustomRule_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func CustomRule_IsResource ¶
func CustomRule_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED ¶
func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED() *string
func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS ¶
func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS() *string
func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK ¶
func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK() *string
func ManagedRuleIdentifiers_ALB_DESYNC_MODE_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_ALB_DESYNC_MODE_CHECK() *string
func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED ¶
func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED() *string
func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK ¶
func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK() *string
func ManagedRuleIdentifiers_ALB_WAF_ENABLED ¶
func ManagedRuleIdentifiers_ALB_WAF_ENABLED() *string
func ManagedRuleIdentifiers_API_GWV2_ACCESS_LOGS_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_API_GWV2_ACCESS_LOGS_ENABLED() *string
func ManagedRuleIdentifiers_API_GWV2_AUTHORIZATION_TYPE_CONFIGURED ¶ added in v2.67.0
func ManagedRuleIdentifiers_API_GWV2_AUTHORIZATION_TYPE_CONFIGURED() *string
func ManagedRuleIdentifiers_API_GW_ASSOCIATED_WITH_WAF ¶ added in v2.67.0
func ManagedRuleIdentifiers_API_GW_ASSOCIATED_WITH_WAF() *string
func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED ¶
func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED() *string
func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK ¶
func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK() *string
func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_API_GW_SSL_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_API_GW_SSL_ENABLED() *string
func ManagedRuleIdentifiers_API_GW_XRAY_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_API_GW_XRAY_ENABLED() *string
func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID ¶
func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID() *string
func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG ¶
func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG() *string
func ManagedRuleIdentifiers_AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_AURORA_MYSQL_BACKTRACKING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_AURORA_MYSQL_BACKTRACKING_ENABLED() *string
func ManagedRuleIdentifiers_AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_AUTOSCALING_CAPACITY_REBALANCING ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_CAPACITY_REBALANCING() *string
func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED ¶
func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED() *string
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2() *string
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT() *string
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED() *string
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_TEMPLATE ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_LAUNCH_TEMPLATE() *string
func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_AZ ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_AZ() *string
func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_INSTANCE_TYPES ¶ added in v2.67.0
func ManagedRuleIdentifiers_AUTOSCALING_MULTIPLE_INSTANCE_TYPES() *string
func ManagedRuleIdentifiers_BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK() *string
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_ENCRYPTED ¶ added in v2.67.0
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_ENCRYPTED() *string
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED() *string
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK() *string
func ManagedRuleIdentifiers_BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED() *string
func ManagedRuleIdentifiers_CLB_DESYNC_MODE_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLB_DESYNC_MODE_CHECK() *string
func ManagedRuleIdentifiers_CLB_MULTIPLE_AZ ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLB_MULTIPLE_AZ() *string
func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK ¶
func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK() *string
func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK ¶
func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK() *string
func ManagedRuleIdentifiers_CLOUDFRONT_ACCESSLOGS_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_ACCESSLOGS_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_ASSOCIATED_WITH_WAF ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_ASSOCIATED_WITH_WAF() *string
func ManagedRuleIdentifiers_CLOUDFRONT_CUSTOM_SSL_CERTIFICATE ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_CUSTOM_SSL_CERTIFICATE() *string
func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED ¶
func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS() *string
func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_SECURITY_POLICY_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_SECURITY_POLICY_CHECK() *string
func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED() *string
func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS ¶
func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS() *string
func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED ¶
func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED() *string
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK ¶
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK() *string
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK() *string
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK ¶
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK() *string
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK ¶
func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK() *string
func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED ¶
func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED() *string
func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED ¶
func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED() *string
func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED ¶
func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED() *string
func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED ¶
func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED() *string
func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED ¶
func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED() *string
func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED ¶
func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK ¶
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_LOGGING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED() *string
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK ¶
func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK() *string
func ManagedRuleIdentifiers_CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED() *string
func ManagedRuleIdentifiers_CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED() *string
func ManagedRuleIdentifiers_CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED() *string
func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK ¶
func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK() *string
func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK ¶
func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK() *string
func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK ¶
func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK() *string
func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED ¶
func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED() *string
func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC ¶
func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC() *string
func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED ¶
func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED() *string
func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN ¶
func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED ¶
func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED() *string
func ManagedRuleIdentifiers_DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS ¶
func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS() *string
func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED ¶
func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED() *string
func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK ¶
func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK() *string
func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES ¶
func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES() *string
func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN ¶
func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE ¶
func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE() *string
func ManagedRuleIdentifiers_EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK ¶
func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK() *string
func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY ¶
func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY() *string
func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE ¶
func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE() *string
func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT ¶
func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT() *string
func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK ¶
func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK() *string
func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC ¶
func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC() *string
func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED ¶
func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED() *string
func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM ¶
func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM() *string
func ManagedRuleIdentifiers_EC2_INSTANCE_MULTIPLE_ENI_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_INSTANCE_MULTIPLE_ENI_CHECK() *string
func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP ¶
func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP() *string
func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED ¶
func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED() *string
func ManagedRuleIdentifiers_EC2_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK() *string
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK ¶
func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK() *string
func ManagedRuleIdentifiers_EC2_NO_AMAZON_KEY_PAIR ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_NO_AMAZON_KEY_PAIR() *string
func ManagedRuleIdentifiers_EC2_PARAVIRTUAL_INSTANCE_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_PARAVIRTUAL_INSTANCE_CHECK() *string
func ManagedRuleIdentifiers_EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED ¶
func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED() *string
func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC ¶
func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC() *string
func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI ¶
func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI() *string
func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC() *string
func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE ¶
func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE() *string
func ManagedRuleIdentifiers_EC2_TOKEN_HOP_LIMIT_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_TOKEN_HOP_LIMIT_CHECK() *string
func ManagedRuleIdentifiers_EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED() *string
func ManagedRuleIdentifiers_EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK() *string
func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK ¶
func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK() *string
func ManagedRuleIdentifiers_ECR_PRIVATE_IMAGE_SCANNING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECR_PRIVATE_IMAGE_SCANNING_ENABLED() *string
func ManagedRuleIdentifiers_ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED() *string
func ManagedRuleIdentifiers_ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED() *string
func ManagedRuleIdentifiers_ECS_AWSVPC_NETWORKING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_AWSVPC_NETWORKING_ENABLED() *string
func ManagedRuleIdentifiers_ECS_CONTAINERS_NONPRIVILEGED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_CONTAINERS_NONPRIVILEGED() *string
func ManagedRuleIdentifiers_ECS_CONTAINERS_READONLY_ACCESS ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_CONTAINERS_READONLY_ACCESS() *string
func ManagedRuleIdentifiers_ECS_CONTAINER_INSIGHTS_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_CONTAINER_INSIGHTS_ENABLED() *string
func ManagedRuleIdentifiers_ECS_FARGATE_LATEST_PLATFORM_VERSION ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_FARGATE_LATEST_PLATFORM_VERSION() *string
func ManagedRuleIdentifiers_ECS_NO_ENVIRONMENT_SECRETS ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_NO_ENVIRONMENT_SECRETS() *string
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_LOG_CONFIGURATION ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_LOG_CONFIGURATION() *string
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT() *string
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_NONROOT_USER ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_NONROOT_USER() *string
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_PID_MODE_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_ECS_TASK_DEFINITION_PID_MODE_CHECK() *string
func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY ¶ added in v2.67.0
func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY() *string
func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY ¶ added in v2.67.0
func ManagedRuleIdentifiers_EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY() *string
func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK ¶
func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK() *string
func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN ¶
func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_EFS_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_EFS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_EIP_ATTACHED ¶
func ManagedRuleIdentifiers_EIP_ATTACHED() *string
func ManagedRuleIdentifiers_EKS_CLUSTER_OLDEST_SUPPORTED_VERSION ¶ added in v2.35.0
func ManagedRuleIdentifiers_EKS_CLUSTER_OLDEST_SUPPORTED_VERSION() *string
func ManagedRuleIdentifiers_EKS_CLUSTER_SUPPORTED_VERSION ¶ added in v2.35.0
func ManagedRuleIdentifiers_EKS_CLUSTER_SUPPORTED_VERSION() *string
func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS ¶
func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS() *string
func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED ¶
func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED() *string
func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK ¶
func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK() *string
func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST ¶
func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST() *string
func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY ¶
func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY() *string
func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ¶
func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string
func ManagedRuleIdentifiers_ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED() *string
func ManagedRuleIdentifiers_ELBV2_ACM_CERTIFICATE_REQUIRED ¶ added in v2.67.0
func ManagedRuleIdentifiers_ELBV2_ACM_CERTIFICATE_REQUIRED() *string
func ManagedRuleIdentifiers_ELBV2_MULTIPLE_AZ ¶ added in v2.67.0
func ManagedRuleIdentifiers_ELBV2_MULTIPLE_AZ() *string
func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED ¶
func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED() *string
func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED ¶
func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string
func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK ¶
func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK() *string
func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED ¶
func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED() *string
func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK ¶
func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK() *string
func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY ¶
func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY() *string
func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED ¶
func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED() *string
func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP ¶
func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP() *string
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK ¶
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK() *string
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK ¶
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK() *string
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK ¶
func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK() *string
func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK ¶
func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK() *string
func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK ¶
func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK() *string
func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK ¶
func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK() *string
func ManagedRuleIdentifiers_FSX_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_FSX_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED ¶
func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED() *string
func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS ¶
func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS() *string
func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS ¶
func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS() *string
func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK ¶
func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK() *string
func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS ¶
func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS() *string
func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK ¶
func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK() *string
func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY ¶
func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY() *string
func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK ¶
func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK() *string
func ManagedRuleIdentifiers_IAM_POLICY_IN_USE ¶
func ManagedRuleIdentifiers_IAM_POLICY_IN_USE() *string
func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS ¶
func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS() *string
func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS ¶ added in v2.67.0
func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS() *string
func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK ¶
func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK() *string
func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK ¶
func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK() *string
func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK ¶
func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK() *string
func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED ¶
func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED() *string
func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK ¶
func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK() *string
func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK ¶
func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK() *string
func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY ¶
func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY() *string
func ManagedRuleIdentifiers_KINESIS_STREAM_ENCRYPTED ¶ added in v2.67.0
func ManagedRuleIdentifiers_KINESIS_STREAM_ENCRYPTED() *string
func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION ¶
func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION() *string
func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK ¶
func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK() *string
func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK ¶
func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK() *string
func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED ¶
func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED() *string
func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK ¶
func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK() *string
func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC ¶
func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC() *string
func ManagedRuleIdentifiers_LAMBDA_VPC_MULTI_AZ_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_LAMBDA_VPC_MULTI_AZ_CHECK() *string
func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS ¶
func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS() *string
func ManagedRuleIdentifiers_NACL_NO_UNRESTRICTED_SSH_RDP ¶ added in v2.67.0
func ManagedRuleIdentifiers_NACL_NO_UNRESTRICTED_SSH_RDP() *string
func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS ¶ added in v2.67.0
func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS() *string
func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS ¶ added in v2.67.0
func ManagedRuleIdentifiers_NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS() *string
func ManagedRuleIdentifiers_NETFW_POLICY_RULE_GROUP_ASSOCIATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_NETFW_POLICY_RULE_GROUP_ASSOCIATED() *string
func ManagedRuleIdentifiers_NETFW_STATELESS_RULE_GROUP_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_NETFW_STATELESS_RULE_GROUP_NOT_EMPTY() *string
func ManagedRuleIdentifiers_NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string
func ManagedRuleIdentifiers_OPENSEARCH_ACCESS_CONTROL_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_ACCESS_CONTROL_ENABLED() *string
func ManagedRuleIdentifiers_OPENSEARCH_AUDIT_LOGGING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_AUDIT_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_OPENSEARCH_DATA_NODE_FAULT_TOLERANCE ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_DATA_NODE_FAULT_TOLERANCE() *string
func ManagedRuleIdentifiers_OPENSEARCH_ENCRYPTED_AT_REST ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_ENCRYPTED_AT_REST() *string
func ManagedRuleIdentifiers_OPENSEARCH_HTTPS_REQUIRED ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_HTTPS_REQUIRED() *string
func ManagedRuleIdentifiers_OPENSEARCH_IN_VPC_ONLY ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_IN_VPC_ONLY() *string
func ManagedRuleIdentifiers_OPENSEARCH_LOGS_TO_CLOUDWATCH ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_LOGS_TO_CLOUDWATCH() *string
func ManagedRuleIdentifiers_OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string
func ManagedRuleIdentifiers_RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED() *string
func ManagedRuleIdentifiers_RDS_CLUSTER_DEFAULT_ADMIN_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_CLUSTER_DEFAULT_ADMIN_CHECK() *string
func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED ¶
func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED() *string
func ManagedRuleIdentifiers_RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED() *string
func ManagedRuleIdentifiers_RDS_CLUSTER_MULTI_AZ_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_CLUSTER_MULTI_AZ_ENABLED() *string
func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED ¶
func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED() *string
func ManagedRuleIdentifiers_RDS_DB_SECURITY_GROUP_NOT_ALLOWED ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_DB_SECURITY_GROUP_NOT_ALLOWED() *string
func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED ¶
func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED() *string
func ManagedRuleIdentifiers_RDS_INSTANCE_DEFAULT_ADMIN_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_INSTANCE_DEFAULT_ADMIN_CHECK() *string
func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED ¶
func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED() *string
func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED ¶
func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED() *string
func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK ¶
func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK() *string
func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN ¶
func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_RDS_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT ¶
func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT() *string
func ManagedRuleIdentifiers_RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED ¶
func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED() *string
func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED ¶
func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED() *string
func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED ¶
func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED() *string
func ManagedRuleIdentifiers_REDSHIFT_AUDIT_LOGGING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_REDSHIFT_AUDIT_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED ¶
func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED() *string
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK ¶
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK() *string
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_KMS_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_KMS_ENABLED() *string
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK ¶
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK() *string
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK ¶
func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK() *string
func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_ADMIN_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_ADMIN_CHECK() *string
func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_DB_NAME_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_REDSHIFT_DEFAULT_DB_NAME_CHECK() *string
func ManagedRuleIdentifiers_REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED() *string
func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL ¶
func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL() *string
func ManagedRuleIdentifiers_REQUIRED_TAGS ¶
func ManagedRuleIdentifiers_REQUIRED_TAGS() *string
func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED ¶
func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED() *string
func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED ¶
func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED() *string
func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS ¶
func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS() *string
func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC() *string
func ManagedRuleIdentifiers_S3_BUCKET_ACL_PROHIBITED ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_BUCKET_ACL_PROHIBITED() *string
func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED ¶
func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED() *string
func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED ¶
func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED() *string
func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED ¶ added in v2.13.0
func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED() *string
func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK ¶
func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK() *string
func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE ¶
func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE() *string
func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED ¶
func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED() *string
func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED ¶
func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED() *string
func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED ¶
func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED() *string
func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED ¶
func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED() *string
func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY ¶
func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY() *string
func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED ¶
func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED() *string
func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS ¶
func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS() *string
func ManagedRuleIdentifiers_S3_EVENT_NOTIFICATIONS_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_EVENT_NOTIFICATIONS_ENABLED() *string
func ManagedRuleIdentifiers_S3_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_S3_LIFECYCLE_POLICY_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_LIFECYCLE_POLICY_CHECK() *string
func ManagedRuleIdentifiers_S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_S3_VERSION_LIFECYCLE_POLICY_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_S3_VERSION_LIFECYCLE_POLICY_CHECK() *string
func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED ¶
func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED() *string
func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED ¶
func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED() *string
func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS ¶
func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS() *string
func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK ¶
func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK() *string
func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK ¶
func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK() *string
func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_PERIODIC_ROTATION ¶ added in v2.67.0
func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_PERIODIC_ROTATION() *string
func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_UNUSED ¶ added in v2.67.0
func ManagedRuleIdentifiers_SECRETSMANAGER_SECRET_UNUSED() *string
func ManagedRuleIdentifiers_SECRETSMANAGER_USING_CMK ¶ added in v2.67.0
func ManagedRuleIdentifiers_SECRETSMANAGER_USING_CMK() *string
func ManagedRuleIdentifiers_SECURITYHUB_ENABLED ¶
func ManagedRuleIdentifiers_SECURITYHUB_ENABLED() *string
func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED ¶
func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED() *string
func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW ¶
func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW() *string
func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS ¶
func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS() *string
func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS ¶
func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS() *string
func ManagedRuleIdentifiers_SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED() *string
func ManagedRuleIdentifiers_SSM_DOCUMENT_NOT_PUBLIC ¶ added in v2.67.0
func ManagedRuleIdentifiers_SSM_DOCUMENT_NOT_PUBLIC() *string
func ManagedRuleIdentifiers_STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED ¶ added in v2.67.0
func ManagedRuleIdentifiers_SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED() *string
func ManagedRuleIdentifiers_VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED ¶ added in v2.67.0
func ManagedRuleIdentifiers_VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED() *string
func ManagedRuleIdentifiers_VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN ¶ added in v2.67.0
func ManagedRuleIdentifiers_VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN() *string
func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED ¶
func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED() *string
func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED ¶
func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED() *string
func ManagedRuleIdentifiers_VPC_NETWORK_ACL_UNUSED_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_VPC_NETWORK_ACL_UNUSED_CHECK() *string
func ManagedRuleIdentifiers_VPC_PEERING_DNS_RESOLUTION_CHECK ¶ added in v2.67.0
func ManagedRuleIdentifiers_VPC_PEERING_DNS_RESOLUTION_CHECK() *string
func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS ¶
func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS() *string
func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP ¶
func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP() *string
func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED ¶
func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED() *string
func ManagedRuleIdentifiers_WAF_GLOBAL_RULEGROUP_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_GLOBAL_RULEGROUP_NOT_EMPTY() *string
func ManagedRuleIdentifiers_WAF_GLOBAL_RULE_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_GLOBAL_RULE_NOT_EMPTY() *string
func ManagedRuleIdentifiers_WAF_GLOBAL_WEBACL_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_GLOBAL_WEBACL_NOT_EMPTY() *string
func ManagedRuleIdentifiers_WAF_REGIONAL_RULEGROUP_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_REGIONAL_RULEGROUP_NOT_EMPTY() *string
func ManagedRuleIdentifiers_WAF_REGIONAL_RULE_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_REGIONAL_RULE_NOT_EMPTY() *string
func ManagedRuleIdentifiers_WAF_REGIONAL_WEBACL_NOT_EMPTY ¶ added in v2.67.0
func ManagedRuleIdentifiers_WAF_REGIONAL_WEBACL_NOT_EMPTY() *string
func ManagedRule_IsConstruct ¶
func ManagedRule_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`.
func ManagedRule_IsOwnedResource ¶ added in v2.32.0
func ManagedRule_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise.
func ManagedRule_IsResource ¶
func ManagedRule_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource.
func NewAccessKeysRotated_Override ¶
func NewAccessKeysRotated_Override(a AccessKeysRotated, scope constructs.Construct, id *string, props *AccessKeysRotatedProps)
func NewCfnAggregationAuthorization_Override ¶
func NewCfnAggregationAuthorization_Override(c CfnAggregationAuthorization, scope constructs.Construct, id *string, props *CfnAggregationAuthorizationProps)
func NewCfnConfigRule_Override ¶
func NewCfnConfigRule_Override(c CfnConfigRule, scope constructs.Construct, id *string, props *CfnConfigRuleProps)
func NewCfnConfigurationAggregator_Override ¶
func NewCfnConfigurationAggregator_Override(c CfnConfigurationAggregator, scope constructs.Construct, id *string, props *CfnConfigurationAggregatorProps)
func NewCfnConfigurationRecorder_Override ¶
func NewCfnConfigurationRecorder_Override(c CfnConfigurationRecorder, scope constructs.Construct, id *string, props *CfnConfigurationRecorderProps)
func NewCfnConformancePack_Override ¶
func NewCfnConformancePack_Override(c CfnConformancePack, scope constructs.Construct, id *string, props *CfnConformancePackProps)
func NewCfnDeliveryChannel_Override ¶
func NewCfnDeliveryChannel_Override(c CfnDeliveryChannel, scope constructs.Construct, id *string, props *CfnDeliveryChannelProps)
func NewCfnOrganizationConfigRule_Override ¶
func NewCfnOrganizationConfigRule_Override(c CfnOrganizationConfigRule, scope constructs.Construct, id *string, props *CfnOrganizationConfigRuleProps)
func NewCfnOrganizationConformancePack_Override ¶
func NewCfnOrganizationConformancePack_Override(c CfnOrganizationConformancePack, scope constructs.Construct, id *string, props *CfnOrganizationConformancePackProps)
func NewCfnRemediationConfiguration_Override ¶
func NewCfnRemediationConfiguration_Override(c CfnRemediationConfiguration, scope constructs.Construct, id *string, props *CfnRemediationConfigurationProps)
func NewCfnStoredQuery_Override ¶
func NewCfnStoredQuery_Override(c CfnStoredQuery, scope constructs.Construct, id *string, props *CfnStoredQueryProps)
func NewCloudFormationStackDriftDetectionCheck_Override ¶
func NewCloudFormationStackDriftDetectionCheck_Override(c CloudFormationStackDriftDetectionCheck, scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps)
func NewCloudFormationStackNotificationCheck_Override ¶
func NewCloudFormationStackNotificationCheck_Override(c CloudFormationStackNotificationCheck, scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps)
func NewCustomPolicy_Override ¶ added in v2.47.0
func NewCustomPolicy_Override(c CustomPolicy, scope constructs.Construct, id *string, props *CustomPolicyProps)
func NewCustomRule_Override ¶
func NewCustomRule_Override(c CustomRule, scope constructs.Construct, id *string, props *CustomRuleProps)
func NewEvaluationMode_Override ¶ added in v2.145.0
func NewEvaluationMode_Override(e EvaluationMode, modes *[]*string)
func NewManagedRule_Override ¶
func NewManagedRule_Override(m ManagedRule, scope constructs.Construct, id *string, props *ManagedRuleProps)
Types ¶
type AccessKeysRotated ¶
type AccessKeysRotated interface {
ManagedRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
Checks whether the active access keys are rotated within the number of days specified in `maxAge`.
Example:
// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))
See: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
func NewAccessKeysRotated ¶
func NewAccessKeysRotated(scope constructs.Construct, id *string, props *AccessKeysRotatedProps) AccessKeysRotated
type AccessKeysRotatedProps ¶
type AccessKeysRotatedProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// The maximum number of days within which the access keys must be rotated.
// Default: Duration.days(90)
//
MaxAge awscdk.Duration `field:"optional" json:"maxAge" yaml:"maxAge"`
}
Construction properties for a AccessKeysRotated.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
var evaluationMode evaluationMode
var inputParameters interface{}
var ruleScope ruleScope
accessKeysRotatedProps := &AccessKeysRotatedProps{
ConfigRuleName: jsii.String("configRuleName"),
Description: jsii.String("description"),
EvaluationModes: evaluationMode,
InputParameters: map[string]interface{}{
"inputParametersKey": inputParameters,
},
MaxAge: cdk.Duration_Minutes(jsii.Number(30)),
MaximumExecutionFrequency: awscdk.Aws_config.MaximumExecutionFrequency_ONE_HOUR,
RuleScope: ruleScope,
}
type CfnAggregationAuthorization ¶
type CfnAggregationAuthorization interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// The Amazon Resource Name (ARN) of the aggregation object.
AttrAggregationAuthorizationArn() *string
// The 12-digit account ID of the account authorized to aggregate data.
AuthorizedAccountId() *string
SetAuthorizedAccountId(val *string)
// The region authorized to collect aggregated data.
AuthorizedAwsRegion() *string
SetAuthorizedAwsRegion(val *string)
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// An array of tag object.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
An object that represents the authorizations granted to aggregator accounts and regions.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAggregationAuthorization := awscdk.Aws_config.NewCfnAggregationAuthorization(this, jsii.String("MyCfnAggregationAuthorization"), &CfnAggregationAuthorizationProps{
AuthorizedAccountId: jsii.String("authorizedAccountId"),
AuthorizedAwsRegion: jsii.String("authorizedAwsRegion"),
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnAggregationAuthorization ¶
func NewCfnAggregationAuthorization(scope constructs.Construct, id *string, props *CfnAggregationAuthorizationProps) CfnAggregationAuthorization
type CfnAggregationAuthorizationProps ¶
type CfnAggregationAuthorizationProps struct {
// The 12-digit account ID of the account authorized to aggregate data.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedaccountid
//
AuthorizedAccountId *string `field:"required" json:"authorizedAccountId" yaml:"authorizedAccountId"`
// The region authorized to collect aggregated data.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-authorizedawsregion
//
AuthorizedAwsRegion *string `field:"required" json:"authorizedAwsRegion" yaml:"authorizedAwsRegion"`
// An array of tag object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-aggregationauthorization.html#cfn-config-aggregationauthorization-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnAggregationAuthorization`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnAggregationAuthorizationProps := &CfnAggregationAuthorizationProps{
AuthorizedAccountId: jsii.String("authorizedAccountId"),
AuthorizedAwsRegion: jsii.String("authorizedAwsRegion"),
// the properties below are optional
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnConfigRule ¶
type CfnConfigRule interface {
awscdk.CfnResource
awscdk.IInspectable
// The Amazon Resource Name (ARN) of the AWS Config rule, such as `arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi` .
AttrArn() *string
// Compliance type determined by the Config rule.
AttrComplianceType() *string
// The ID of the AWS Config rule, such as `config-rule-a1bzhi` .
AttrConfigRuleId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
Compliance() interface{}
SetCompliance(val interface{})
// A name for the AWS Config rule.
ConfigRuleName() *string
SetConfigRuleName(val *string)
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The description that you provide for the AWS Config rule.
Description() *string
SetDescription(val *string)
// The modes the AWS Config rule can be evaluated in.
EvaluationModes() interface{}
SetEvaluationModes(val interface{})
// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
InputParameters() interface{}
SetInputParameters(val interface{})
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The maximum frequency with which AWS Config runs evaluations for a rule.
MaximumExecutionFrequency() *string
SetMaximumExecutionFrequency(val *string)
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// Defines which resources can trigger an evaluation for the rule.
Scope() interface{}
SetScope(val interface{})
// Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
Source() interface{}
SetSource(val interface{})
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
> You must first create and start the AWS Config configuration recorder in order to create AWS Config managed rules with AWS CloudFormation .
For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html) .
Adds or updates an AWS Config rule to evaluate if your AWS resources comply with your desired configurations. For information on how many AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .
There are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use the `ConfigRule` resource to create both AWS Config Managed Rules and AWS Config Custom Rules.
AWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `SourceIdentifier` key.
AWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .
If you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function that the rule invokes to evaluate your resources. When you use the `ConfigRule` resource to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. You specify the ARN in the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.
For any new AWS Config rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.
If you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.
For more information about developing and using AWS Config rules, see [Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var inputParameters interface{}
cfnConfigRule := awscdk.Aws_config.NewCfnConfigRule(this, jsii.String("MyCfnConfigRule"), &CfnConfigRuleProps{
Source: &SourceProperty{
Owner: jsii.String("owner"),
// the properties below are optional
CustomPolicyDetails: &CustomPolicyDetailsProperty{
EnableDebugLogDelivery: jsii.Boolean(false),
PolicyRuntime: jsii.String("policyRuntime"),
PolicyText: jsii.String("policyText"),
},
SourceDetails: []interface{}{
&SourceDetailProperty{
EventSource: jsii.String("eventSource"),
MessageType: jsii.String("messageType"),
// the properties below are optional
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
},
},
SourceIdentifier: jsii.String("sourceIdentifier"),
},
// the properties below are optional
Compliance: &ComplianceProperty{
Type: jsii.String("type"),
},
ConfigRuleName: jsii.String("configRuleName"),
Description: jsii.String("description"),
EvaluationModes: []interface{}{
&EvaluationModeConfigurationProperty{
Mode: jsii.String("mode"),
},
},
InputParameters: inputParameters,
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
Scope: &ScopeProperty{
ComplianceResourceId: jsii.String("complianceResourceId"),
ComplianceResourceTypes: []*string{
jsii.String("complianceResourceTypes"),
},
TagKey: jsii.String("tagKey"),
TagValue: jsii.String("tagValue"),
},
})
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
func NewCfnConfigRule ¶
func NewCfnConfigRule(scope constructs.Construct, id *string, props *CfnConfigRuleProps) CfnConfigRule
type CfnConfigRuleProps ¶
type CfnConfigRuleProps struct {
// Provides the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-source
//
Source interface{} `field:"required" json:"source" yaml:"source"`
// Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-compliance
//
Compliance interface{} `field:"optional" json:"compliance" yaml:"compliance"`
// A name for the AWS Config rule.
//
// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-configrulename
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// The description that you provide for the AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects. By default, the value is Detective evaluation mode only.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-evaluationmodes
//
EvaluationModes interface{} `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-inputparameters
//
InputParameters interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency with which AWS Config runs evaluations for a rule.
//
// You can specify a value for `MaximumExecutionFrequency` when:
//
// - You are using an AWS managed rule that is triggered at a periodic frequency.
// - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .
//
// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-maximumexecutionfrequency
//
MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources can trigger an evaluation for the rule.
//
// The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
//
// > The scope can be empty.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html#cfn-config-configrule-scope
//
Scope interface{} `field:"optional" json:"scope" yaml:"scope"`
}
Properties for defining a `CfnConfigRule`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var inputParameters interface{}
cfnConfigRuleProps := &CfnConfigRuleProps{
Source: &SourceProperty{
Owner: jsii.String("owner"),
// the properties below are optional
CustomPolicyDetails: &CustomPolicyDetailsProperty{
EnableDebugLogDelivery: jsii.Boolean(false),
PolicyRuntime: jsii.String("policyRuntime"),
PolicyText: jsii.String("policyText"),
},
SourceDetails: []interface{}{
&SourceDetailProperty{
EventSource: jsii.String("eventSource"),
MessageType: jsii.String("messageType"),
// the properties below are optional
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
},
},
SourceIdentifier: jsii.String("sourceIdentifier"),
},
// the properties below are optional
Compliance: &ComplianceProperty{
Type: jsii.String("type"),
},
ConfigRuleName: jsii.String("configRuleName"),
Description: jsii.String("description"),
EvaluationModes: []interface{}{
&EvaluationModeConfigurationProperty{
Mode: jsii.String("mode"),
},
},
InputParameters: inputParameters,
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
Scope: &ScopeProperty{
ComplianceResourceId: jsii.String("complianceResourceId"),
ComplianceResourceTypes: []*string{
jsii.String("complianceResourceTypes"),
},
TagKey: jsii.String("tagKey"),
TagValue: jsii.String("tagValue"),
},
}
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html
type CfnConfigRule_ComplianceProperty ¶ added in v2.91.0
type CfnConfigRule_ComplianceProperty struct {
// Indicates whether an AWS resource or AWS Config rule is compliant.
//
// A resource is compliant if it complies with all of the AWS Config rules that evaluate it. A resource is noncompliant if it does not comply with one or more of these rules.
//
// A rule is compliant if all of the resources that the rule evaluates comply with it. A rule is noncompliant if any of these resources do not comply.
//
// AWS Config returns the `INSUFFICIENT_DATA` value when no evaluation results are available for the AWS resource or AWS Config rule.
//
// For the `Compliance` data type, AWS Config supports only `COMPLIANT` , `NON_COMPLIANT` , and `INSUFFICIENT_DATA` values. AWS Config does not support the `NOT_APPLICABLE` value for the `Compliance` data type.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-compliance.html#cfn-config-configrule-compliance-type
//
Type *string `field:"optional" json:"type" yaml:"type"`
}
Indicates whether an AWS resource or AWS Config rule is compliant and provides the number of contributors that affect the compliance.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
complianceProperty := &ComplianceProperty{
Type: jsii.String("type"),
}
type CfnConfigRule_CustomPolicyDetailsProperty ¶ added in v2.33.0
type CfnConfigRule_CustomPolicyDetailsProperty struct {
// The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
//
// The default value is `false` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-enabledebuglogdelivery
//
EnableDebugLogDelivery interface{} `field:"optional" json:"enableDebugLogDelivery" yaml:"enableDebugLogDelivery"`
// The runtime system for your AWS Config Custom Policy rule.
//
// Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policyruntime
//
PolicyRuntime *string `field:"optional" json:"policyRuntime" yaml:"policyRuntime"`
// The policy definition containing the logic for your AWS Config Custom Policy rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-custompolicydetails.html#cfn-config-configrule-custompolicydetails-policytext
//
PolicyText *string `field:"optional" json:"policyText" yaml:"policyText"`
}
Provides the CustomPolicyDetails, the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
customPolicyDetailsProperty := &CustomPolicyDetailsProperty{
EnableDebugLogDelivery: jsii.Boolean(false),
PolicyRuntime: jsii.String("policyRuntime"),
PolicyText: jsii.String("policyText"),
}
type CfnConfigRule_EvaluationModeConfigurationProperty ¶ added in v2.91.0
type CfnConfigRule_EvaluationModeConfigurationProperty struct {
// The mode of an evaluation.
//
// The valid values are Detective or Proactive.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-evaluationmodeconfiguration.html#cfn-config-configrule-evaluationmodeconfiguration-mode
//
Mode *string `field:"optional" json:"mode" yaml:"mode"`
}
The configuration object for AWS Config rule evaluation mode.
The supported valid values are Detective or Proactive.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
evaluationModeConfigurationProperty := &EvaluationModeConfigurationProperty{
Mode: jsii.String("mode"),
}
type CfnConfigRule_ScopeProperty ¶
type CfnConfigRule_ScopeProperty struct {
// The ID of the only AWS resource that you want to trigger an evaluation for the rule.
//
// If you specify a resource ID, you must specify one resource type for `ComplianceResourceTypes` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourceid
//
ComplianceResourceId *string `field:"optional" json:"complianceResourceId" yaml:"complianceResourceId"`
// The resource types of only those AWS resources that you want to trigger an evaluation for the rule.
//
// You can only specify one type if you also specify a resource ID for `ComplianceResourceId` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-complianceresourcetypes
//
ComplianceResourceTypes *[]*string `field:"optional" json:"complianceResourceTypes" yaml:"complianceResourceTypes"`
// The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagkey
//
TagKey *string `field:"optional" json:"tagKey" yaml:"tagKey"`
// The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
//
// If you specify a value for `TagValue` , you must also specify a value for `TagKey` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-scope.html#cfn-config-configrule-scope-tagvalue
//
TagValue *string `field:"optional" json:"tagValue" yaml:"tagValue"`
}
Defines which resources trigger an evaluation for an AWS Config rule.
The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
scopeProperty := &ScopeProperty{
ComplianceResourceId: jsii.String("complianceResourceId"),
ComplianceResourceTypes: []*string{
jsii.String("complianceResourceTypes"),
},
TagKey: jsii.String("tagKey"),
TagValue: jsii.String("tagValue"),
}
type CfnConfigRule_SourceDetailProperty ¶
type CfnConfigRule_SourceDetailProperty struct {
// The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-eventsource
//
EventSource *string `field:"required" json:"eventSource" yaml:"eventSource"`
// The type of notification that triggers AWS Config to run an evaluation for a rule.
//
// You can specify the following notification types:
//
// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
// - `ConfigurationSnapshotDeliveryCompleted` - Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.
//
// If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for `ConfigurationItemChangeNotification` and one for `OversizedConfigurationItemChangeNotification` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-messagetype
//
MessageType *string `field:"required" json:"messageType" yaml:"messageType"`
// The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger.
//
// If you specify a value for `MaximumExecutionFrequency` , then `MessageType` must use the `ScheduledNotification` value.
//
// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
// >
// > Based on the valid value you choose, AWS Config runs evaluations once for each valid value. For example, if you choose `Three_Hours` , AWS Config runs evaluations once every three hours. In this case, `Three_Hours` is the frequency of this rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-sourcedetail.html#cfn-config-configrule-sourcedetail-maximumexecutionfrequency
//
MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
}
Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule.
It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for `SourceDetail` only for custom rules.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
sourceDetailProperty := &SourceDetailProperty{
EventSource: jsii.String("eventSource"),
MessageType: jsii.String("messageType"),
// the properties below are optional
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
}
type CfnConfigRule_SourceProperty ¶
type CfnConfigRule_SourceProperty struct {
// Indicates whether AWS or the customer owns and manages the AWS Config rule.
//
// AWS Config Managed Rules are predefined rules owned by AWS . For more information, see [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the *AWS Config developer guide* .
//
// AWS Config Custom Rules are rules that you can develop either with Guard ( `CUSTOM_POLICY` ) or AWS Lambda ( `CUSTOM_LAMBDA` ). For more information, see [AWS Config Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the *AWS Config developer guide* .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-owner
//
Owner *string `field:"required" json:"owner" yaml:"owner"`
// Provides the runtime system, policy definition, and whether debug logging is enabled.
//
// Required when owner is set to `CUSTOM_POLICY` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-custompolicydetails
//
CustomPolicyDetails interface{} `field:"optional" json:"customPolicyDetails" yaml:"customPolicyDetails"`
// Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.
//
// It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
//
// If the owner is set to `CUSTOM_POLICY` , the only acceptable values for the AWS Config rule trigger message type are `ConfigurationItemChangeNotification` and `OversizedConfigurationItemChangeNotification` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourcedetails
//
SourceDetails interface{} `field:"optional" json:"sourceDetails" yaml:"sourceDetails"`
// For AWS Config Managed rules, a predefined identifier from a list.
//
// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) .
//
// For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as `arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name` .
//
// For AWS Config Custom Policy rules, this field will be ignored.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html#cfn-config-configrule-source-sourceidentifier
//
SourceIdentifier *string `field:"optional" json:"sourceIdentifier" yaml:"sourceIdentifier"`
}
Provides the CustomPolicyDetails, the rule owner ( `AWS` for managed rules, `CUSTOM_POLICY` for Custom Policy rules, and `CUSTOM_LAMBDA` for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
sourceProperty := &SourceProperty{
Owner: jsii.String("owner"),
// the properties below are optional
CustomPolicyDetails: &CustomPolicyDetailsProperty{
EnableDebugLogDelivery: jsii.Boolean(false),
PolicyRuntime: jsii.String("policyRuntime"),
PolicyText: jsii.String("policyText"),
},
SourceDetails: []interface{}{
&SourceDetailProperty{
EventSource: jsii.String("eventSource"),
MessageType: jsii.String("messageType"),
// the properties below are optional
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
},
},
SourceIdentifier: jsii.String("sourceIdentifier"),
}
type CfnConfigurationAggregator ¶
type CfnConfigurationAggregator interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// Provides a list of source accounts and regions to be aggregated.
AccountAggregationSources() interface{}
SetAccountAggregationSources(val interface{})
// The Amazon Resource Name (ARN) of the aggregator.
AttrConfigurationAggregatorArn() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// The name of the aggregator.
ConfigurationAggregatorName() *string
SetConfigurationAggregatorName(val *string)
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Provides an organization and list of regions to be aggregated.
OrganizationAggregationSource() interface{}
SetOrganizationAggregationSource(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// An array of tag object.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnConfigurationAggregator := awscdk.Aws_config.NewCfnConfigurationAggregator(this, jsii.String("MyCfnConfigurationAggregator"), &CfnConfigurationAggregatorProps{
AccountAggregationSources: []interface{}{
&AccountAggregationSourceProperty{
AccountIds: []*string{
jsii.String("accountIds"),
},
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
},
},
ConfigurationAggregatorName: jsii.String("configurationAggregatorName"),
OrganizationAggregationSource: &OrganizationAggregationSourceProperty{
RoleArn: jsii.String("roleArn"),
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
},
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
func NewCfnConfigurationAggregator ¶
func NewCfnConfigurationAggregator(scope constructs.Construct, id *string, props *CfnConfigurationAggregatorProps) CfnConfigurationAggregator
type CfnConfigurationAggregatorProps ¶
type CfnConfigurationAggregatorProps struct {
// Provides a list of source accounts and regions to be aggregated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-accountaggregationsources
//
AccountAggregationSources interface{} `field:"optional" json:"accountAggregationSources" yaml:"accountAggregationSources"`
// The name of the aggregator.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-configurationaggregatorname
//
ConfigurationAggregatorName *string `field:"optional" json:"configurationAggregatorName" yaml:"configurationAggregatorName"`
// Provides an organization and list of regions to be aggregated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-organizationaggregationsource
//
OrganizationAggregationSource interface{} `field:"optional" json:"organizationAggregationSource" yaml:"organizationAggregationSource"`
// An array of tag object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationaggregator.html#cfn-config-configurationaggregator-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnConfigurationAggregator`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnConfigurationAggregatorProps := &CfnConfigurationAggregatorProps{
AccountAggregationSources: []interface{}{
&AccountAggregationSourceProperty{
AccountIds: []*string{
jsii.String("accountIds"),
},
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
},
},
ConfigurationAggregatorName: jsii.String("configurationAggregatorName"),
OrganizationAggregationSource: &OrganizationAggregationSourceProperty{
RoleArn: jsii.String("roleArn"),
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
},
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
type CfnConfigurationAggregator_AccountAggregationSourceProperty ¶
type CfnConfigurationAggregator_AccountAggregationSourceProperty struct {
// The 12-digit account ID of the account being aggregated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-accountids
//
AccountIds *[]*string `field:"required" json:"accountIds" yaml:"accountIds"`
// If true, aggregate existing AWS Config regions and future regions.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-allawsregions
//
AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
// The source regions being aggregated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-accountaggregationsource.html#cfn-config-configurationaggregator-accountaggregationsource-awsregions
//
AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}
A collection of accounts and regions.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
accountAggregationSourceProperty := &AccountAggregationSourceProperty{
AccountIds: []*string{
jsii.String("accountIds"),
},
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
}
type CfnConfigurationAggregator_OrganizationAggregationSourceProperty ¶
type CfnConfigurationAggregator_OrganizationAggregationSourceProperty struct {
// ARN of the IAM role used to retrieve AWS Organizations details associated with the aggregator account.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-rolearn
//
RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
// If true, aggregate existing AWS Config regions and future regions.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-allawsregions
//
AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
// The source regions being aggregated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationaggregator-organizationaggregationsource.html#cfn-config-configurationaggregator-organizationaggregationsource-awsregions
//
AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}
This object contains regions to set up the aggregator and an IAM role to retrieve organization details.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
organizationAggregationSourceProperty := &OrganizationAggregationSourceProperty{
RoleArn: jsii.String("roleArn"),
// the properties below are optional
AllAwsRegions: jsii.Boolean(false),
AwsRegions: []*string{
jsii.String("awsRegions"),
},
}
type CfnConfigurationRecorder ¶
type CfnConfigurationRecorder interface {
awscdk.CfnResource
awscdk.IInspectable
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The name of the configuration recorder.
//
// AWS Config automatically assigns the name of "default" when creating the configuration recorder.
Name() *string
SetName(val *string)
// The tree node.
Node() constructs.Node
// Specifies which resource types AWS Config records for configuration changes.
RecordingGroup() interface{}
SetRecordingGroup(val interface{})
// Specifies the default recording frequency that AWS Config uses to record configuration changes.
RecordingMode() interface{}
SetRecordingMode(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder.
RoleArn() *string
SetRoleArn(val *string)
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
The `AWS::Config::ConfigurationRecorder` resource type describes the AWS resource types that AWS Config records for configuration changes.
The configuration recorder stores the configuration changes of the specified resources in your account as configuration items.
> To enable AWS Config , you must create a configuration recorder and a delivery channel. > > AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see [AWS::Config::DeliveryChannel](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html) .
AWS CloudFormation starts the recorder as soon as the delivery channel is available.
To stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the [StopConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html) action of the AWS Config API directly.
For more information, see [Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-recorder) in the AWS Config Developer Guide.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnConfigurationRecorder := awscdk.Aws_config.NewCfnConfigurationRecorder(this, jsii.String("MyCfnConfigurationRecorder"), &CfnConfigurationRecorderProps{
RoleArn: jsii.String("roleArn"),
// the properties below are optional
Name: jsii.String("name"),
RecordingGroup: &RecordingGroupProperty{
AllSupported: jsii.Boolean(false),
ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
},
IncludeGlobalResourceTypes: jsii.Boolean(false),
RecordingStrategy: &RecordingStrategyProperty{
UseOnly: jsii.String("useOnly"),
},
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
},
RecordingMode: &RecordingModeProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
// the properties below are optional
RecordingModeOverrides: []interface{}{
&RecordingModeOverrideProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
},
},
},
})
func NewCfnConfigurationRecorder ¶
func NewCfnConfigurationRecorder(scope constructs.Construct, id *string, props *CfnConfigurationRecorderProps) CfnConfigurationRecorder
type CfnConfigurationRecorderProps ¶
type CfnConfigurationRecorderProps struct {
// Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder.
//
// For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.
//
// > *Pre-existing AWS Config role*
// >
// > If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.
// >
// > For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-rolearn
//
RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
// The name of the configuration recorder. AWS Config automatically assigns the name of "default" when creating the configuration recorder.
//
// You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-name
//
Name *string `field:"optional" json:"name" yaml:"name"`
// Specifies which resource types AWS Config records for configuration changes.
//
// > *High Number of AWS Config Evaluations*
// >
// > You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.
// >
// > If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordinggroup
//
RecordingGroup interface{} `field:"optional" json:"recordingGroup" yaml:"recordingGroup"`
// Specifies the default recording frequency that AWS Config uses to record configuration changes.
//
// AWS Config supports *Continuous recording* and *Daily recording* .
//
// - Continuous recording allows you to record configuration changes continuously whenever a change occurs.
// - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
//
// > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
//
// You can also override the recording frequency for specific resource types.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html#cfn-config-configurationrecorder-recordingmode
//
RecordingMode interface{} `field:"optional" json:"recordingMode" yaml:"recordingMode"`
}
Properties for defining a `CfnConfigurationRecorder`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnConfigurationRecorderProps := &CfnConfigurationRecorderProps{
RoleArn: jsii.String("roleArn"),
// the properties below are optional
Name: jsii.String("name"),
RecordingGroup: &RecordingGroupProperty{
AllSupported: jsii.Boolean(false),
ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
},
IncludeGlobalResourceTypes: jsii.Boolean(false),
RecordingStrategy: &RecordingStrategyProperty{
UseOnly: jsii.String("useOnly"),
},
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
},
RecordingMode: &RecordingModeProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
// the properties below are optional
RecordingModeOverrides: []interface{}{
&RecordingModeOverrideProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
},
},
},
}
type CfnConfigurationRecorder_ExclusionByResourceTypesProperty ¶ added in v2.93.0
type CfnConfigurationRecorder_ExclusionByResourceTypesProperty struct {
// A comma-separated list of resource types to exclude from recording by the configuration recorder.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-exclusionbyresourcetypes.html#cfn-config-configurationrecorder-exclusionbyresourcetypes-resourcetypes
//
ResourceTypes *[]*string `field:"required" json:"resourceTypes" yaml:"resourceTypes"`
}
Specifies whether the configuration recorder excludes certain resource types from being recorded.
Use the `ResourceTypes` field to enter a comma-separated list of resource types you want to exclude from recording.
By default, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.
> *How to use the exclusion recording strategy* > > To use this option, you must set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` . > > AWS Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded. > > *Global resource types and the exclusion recording strategy* > > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled. > > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions: > > - Asia Pacific (Hyderabad) > - Asia Pacific (Melbourne) > - Canada West (Calgary) > - Europe (Spain) > - Europe (Zurich) > - Israel (Tel Aviv) > - Middle East (UAE).
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
exclusionByResourceTypesProperty := &ExclusionByResourceTypesProperty{
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
}
type CfnConfigurationRecorder_RecordingGroupProperty ¶
type CfnConfigurationRecorder_RecordingGroupProperty struct {
// Specifies whether AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types.
//
// If you set this field to `true` , when AWS Config adds support for a new resource type, AWS Config starts recording resources of that type automatically.
//
// If you set this field to `true` , you cannot enumerate specific resource types to record in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) , or to exclude in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
//
// > *Region availability*
// >
// > Check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if a resource type is supported in the AWS Region where you set up AWS Config .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-allsupported
//
AllSupported interface{} `field:"optional" json:"allSupported" yaml:"allSupported"`
// An object that specifies how AWS Config excludes resource types from being recorded by the configuration recorder.
//
// To use this option, you must set the `useOnly` field of [AWS::Config::ConfigurationRecorder RecordingStrategy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-exclusionbyresourcetypes
//
ExclusionByResourceTypes interface{} `field:"optional" json:"exclusionByResourceTypes" yaml:"exclusionByResourceTypes"`
// This option is a bundle which only applies to the global IAM resource types: IAM users, groups, roles, and customer managed policies.
//
// These global IAM resource types can only be recorded by AWS Config in Regions where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
//
// - Asia Pacific (Hyderabad)
// - Asia Pacific (Melbourne)
// - Canada West (Calgary)
// - Europe (Spain)
// - Europe (Zurich)
// - Israel (Tel Aviv)
// - Middle East (UAE)
//
// > *Aurora global clusters are recorded in all enabled Regions*
// >
// > The `AWS::RDS::GlobalCluster` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled, even if `IncludeGlobalResourceTypes` is set to `false` . The `IncludeGlobalResourceTypes` option is a bundle which only applies to IAM users, groups, roles, and customer managed policies.
// >
// > If you do not want to record `AWS::RDS::GlobalCluster` in all enabled Regions, use one of the following recording strategies:
// >
// > - *Record all current and future resource types with exclusions* ( `EXCLUSION_BY_RESOURCE_TYPES` ), or
// > - *Record specific resource types* ( `INCLUSION_BY_RESOURCE_TYPES` ).
// >
// > For more information, see [Selecting Which Resources are Recorded](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all) in the *AWS Config developer guide* . > *IncludeGlobalResourceTypes and the exclusion recording strategy*
// >
// > The `IncludeGlobalResourceTypes` field has no impact on the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy. This means that the global IAM resource types ( IAM users, groups, roles, and customer managed policies) will not be automatically added as exclusions for `ExclusionByResourceTypes` when `IncludeGlobalResourceTypes` is set to `false` .
// >
// > The `IncludeGlobalResourceTypes` field should only be used to modify the `AllSupported` field, as the default for the `AllSupported` field is to record configuration changes for all supported resource types excluding the global IAM resource types. To include the global IAM resource types when `AllSupported` is set to `true` , make sure to set `IncludeGlobalResourceTypes` to `true` .
// >
// > To exclude the global IAM resource types for the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, you need to manually add them to the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Required and optional fields*
// >
// > Before you set this field to `true` , set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` . > *Overriding fields*
// >
// > If you set this field to `false` but list global IAM resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) , AWS Config will still record configuration changes for those specified resource types *regardless* of if you set the `IncludeGlobalResourceTypes` field to false.
// >
// > If you do not want to record configuration changes to the global IAM resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the `ResourceTypes` field in addition to setting the `IncludeGlobalResourceTypes` field to false.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-includeglobalresourcetypes
//
IncludeGlobalResourceTypes interface{} `field:"optional" json:"includeGlobalResourceTypes" yaml:"includeGlobalResourceTypes"`
// An object that specifies the recording strategy for the configuration recorder.
//
// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type.
// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types you specify in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
// - If you set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
//
// > *Required and optional fields*
// >
// > The `recordingStrategy` field is optional when you set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .
// >
// > The `recordingStrategy` field is optional when you list resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
// >
// > The `recordingStrategy` field is required if you list resource types to exclude from recording in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*
// >
// > If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `ExclusionByResourceTypes` field will override other properties in the request.
// >
// > For example, even if you set `IncludeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Global resources types and the resource exclusion recording strategy*
// >
// > By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.
// >
// > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.
// >
// > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
// >
// > - Asia Pacific (Hyderabad)
// > - Asia Pacific (Melbourne)
// > - Canada West (Calgary)
// > - Europe (Spain)
// > - Europe (Zurich)
// > - Israel (Tel Aviv)
// > - Middle East (UAE).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-recordingstrategy
//
RecordingStrategy interface{} `field:"optional" json:"recordingStrategy" yaml:"recordingStrategy"`
// A comma-separated list that specifies which resource types AWS Config records.
//
// For a list of valid `ResourceTypes` values, see the *Resource Type Value* column in [Supported AWS resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .
//
// > *Required and optional fields*
// >
// > Optionally, you can set the `useOnly` field of [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html) to `INCLUSION_BY_RESOURCE_TYPES` .
// >
// > To record all configuration changes, set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` , and either omit this field or don't specify any resource types in this field. If you set the `AllSupported` field to `false` and specify values for `ResourceTypes` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group. > *Region availability*
// >
// > Before specifying a resource type for AWS Config to track, check [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html) to see if the resource type is supported in the AWS Region where you set up AWS Config . If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config , even if the specified resource type is not supported in the AWS Region where you set up AWS Config .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordinggroup.html#cfn-config-configurationrecorder-recordinggroup-resourcetypes
//
ResourceTypes *[]*string `field:"optional" json:"resourceTypes" yaml:"resourceTypes"`
}
Specifies which resource types AWS Config records for configuration changes.
By default, AWS Config records configuration changes for all current and future supported resource types in the AWS Region where you have enabled AWS Config , excluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.
In the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .
If you don't want AWS Config to record all current and future supported resource types (excluding the global IAM resource types), use one of the following recording strategies:
- *Record all current and future resource types with exclusions* ( `EXCLUSION_BY_RESOURCE_TYPES` ), or - *Record specific resource types* ( `INCLUSION_BY_RESOURCE_TYPES` ).
If you use the recording strategy to *Record all current and future resource types* ( `ALL_SUPPORTED_RESOURCE_TYPES` ), you can use the flag `IncludeGlobalResourceTypes` to include the global IAM resource types in your recording.
> *Aurora global clusters are recorded in all enabled Regions* > > The `AWS::RDS::GlobalCluster` resource type will be recorded in all supported AWS Config Regions where the configuration recorder is enabled. > > If you do not want to record `AWS::RDS::GlobalCluster` in all enabled Regions, use the `EXCLUSION_BY_RESOURCE_TYPES` or `INCLUSION_BY_RESOURCE_TYPES` recording strategy.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
recordingGroupProperty := &RecordingGroupProperty{
AllSupported: jsii.Boolean(false),
ExclusionByResourceTypes: &ExclusionByResourceTypesProperty{
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
},
IncludeGlobalResourceTypes: jsii.Boolean(false),
RecordingStrategy: &RecordingStrategyProperty{
UseOnly: jsii.String("useOnly"),
},
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
}
type CfnConfigurationRecorder_RecordingModeOverrideProperty ¶ added in v2.116.0
type CfnConfigurationRecorder_RecordingModeOverrideProperty struct {
// The recording frequency that will be applied to all the resource types specified in the override.
//
// - Continuous recording allows you to record configuration changes continuously whenever a change occurs.
// - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
//
// > AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-recordingfrequency
//
RecordingFrequency *string `field:"required" json:"recordingFrequency" yaml:"recordingFrequency"`
// A comma-separated list that specifies which resource types AWS Config includes in the override.
//
// > Daily recording is not supported for the following resource types:
// >
// > - `AWS::Config::ResourceCompliance`
// > - `AWS::Config::ConformancePackCompliance`
// > - `AWS::Config::ConfigurationRecorder`.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-resourcetypes
//
ResourceTypes *[]*string `field:"required" json:"resourceTypes" yaml:"resourceTypes"`
// A description that you provide for the override.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmodeoverride.html#cfn-config-configurationrecorder-recordingmodeoverride-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
}
An object for you to specify your overrides for the recording mode.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
recordingModeOverrideProperty := &RecordingModeOverrideProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
}
type CfnConfigurationRecorder_RecordingModeProperty ¶ added in v2.116.0
type CfnConfigurationRecorder_RecordingModeProperty struct {
// The default recording frequency that AWS Config uses to record configuration changes.
//
// > Daily recording is not supported for the following resource types:
// >
// > - `AWS::Config::ResourceCompliance`
// > - `AWS::Config::ConformancePackCompliance`
// > - `AWS::Config::ConfigurationRecorder`
// >
// > For the *allSupported* ( `ALL_SUPPORTED_RESOURCE_TYPES` ) recording strategy, these resource types will be set to Continuous recording.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmode.html#cfn-config-configurationrecorder-recordingmode-recordingfrequency
//
RecordingFrequency *string `field:"required" json:"recordingFrequency" yaml:"recordingFrequency"`
// An array of `recordingModeOverride` objects for you to specify your overrides for the recording mode.
//
// The `recordingModeOverride` object in the `recordingModeOverrides` array consists of three fields: a `description` , the new `recordingFrequency` , and an array of `resourceTypes` to override.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingmode.html#cfn-config-configurationrecorder-recordingmode-recordingmodeoverrides
//
RecordingModeOverrides interface{} `field:"optional" json:"recordingModeOverrides" yaml:"recordingModeOverrides"`
}
Specifies the default recording frequency that AWS Config uses to record configuration changes.
AWS Config supports *Continuous recording* and *Daily recording* .
- Continuous recording allows you to record configuration changes continuously whenever a change occurs. - Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.
> AWS Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
You can also override the recording frequency for specific resource types.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
recordingModeProperty := &RecordingModeProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
// the properties below are optional
RecordingModeOverrides: []interface{}{
&RecordingModeOverrideProperty{
RecordingFrequency: jsii.String("recordingFrequency"),
ResourceTypes: []*string{
jsii.String("resourceTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
},
},
}
type CfnConfigurationRecorder_RecordingStrategyProperty ¶ added in v2.93.0
type CfnConfigurationRecorder_RecordingStrategyProperty struct {
// The recording strategy for the configuration recorder.
//
// - If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .
// - If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
// - If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .
//
// > *Required and optional fields*
// >
// > The `recordingStrategy` field is optional when you set the `AllSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .
// >
// > The `recordingStrategy` field is optional when you list resource types in the `ResourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .
// >
// > The `recordingStrategy` field is required if you list resource types to exclude from recording in the `ResourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*
// >
// > If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `ExclusionByResourceTypes` field will override other properties in the request.
// >
// > For example, even if you set `IncludeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `ResourceTypes` field of `ExclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*
// >
// > By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.
// >
// > Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.
// >
// > IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
// >
// > - Asia Pacific (Hyderabad)
// > - Asia Pacific (Melbourne)
// > - Canada West (Calgary)
// > - Europe (Spain)
// > - Europe (Zurich)
// > - Israel (Tel Aviv)
// > - Middle East (UAE).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configurationrecorder-recordingstrategy.html#cfn-config-configurationrecorder-recordingstrategy-useonly
//
UseOnly *string `field:"required" json:"useOnly" yaml:"useOnly"`
}
Specifies the recording strategy of the configuration recorder.
Valid values include: `ALL_SUPPORTED_RESOURCE_TYPES` , `INCLUSION_BY_RESOURCE_TYPES` , and `EXCLUSION_BY_RESOURCE_TYPES` .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
recordingStrategyProperty := &RecordingStrategyProperty{
UseOnly: jsii.String("useOnly"),
}
type CfnConformancePack ¶
type CfnConformancePack interface {
awscdk.CfnResource
awscdk.IInspectable
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// A list of ConformancePackInputParameter objects.
ConformancePackInputParameters() interface{}
SetConformancePackInputParameters(val interface{})
// Name of the conformance pack you want to create.
ConformancePackName() *string
SetConformancePackName(val *string)
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
DeliveryS3Bucket() *string
SetDeliveryS3Bucket(val *string)
// The prefix for the Amazon S3 bucket.
DeliveryS3KeyPrefix() *string
SetDeliveryS3KeyPrefix(val *string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// A string containing full conformance pack template body.
TemplateBody() *string
SetTemplateBody(val *string)
// Location of file containing the template body (s3://bucketname/prefix).
TemplateS3Uri() *string
SetTemplateS3Uri(val *string)
// An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
TemplateSsmDocumentDetails() interface{}
SetTemplateSsmDocumentDetails(val interface{})
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region.
ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var templateSsmDocumentDetails interface{}
cfnConformancePack := awscdk.Aws_config.NewCfnConformancePack(this, jsii.String("MyCfnConformancePack"), &CfnConformancePackProps{
ConformancePackName: jsii.String("conformancePackName"),
// the properties below are optional
ConformancePackInputParameters: []interface{}{
&ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
},
},
DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
TemplateBody: jsii.String("templateBody"),
TemplateS3Uri: jsii.String("templateS3Uri"),
TemplateSsmDocumentDetails: templateSsmDocumentDetails,
})
func NewCfnConformancePack ¶
func NewCfnConformancePack(scope constructs.Construct, id *string, props *CfnConformancePackProps) CfnConformancePack
type CfnConformancePackProps ¶
type CfnConformancePackProps struct {
// Name of the conformance pack you want to create.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackname
//
ConformancePackName *string `field:"required" json:"conformancePackName" yaml:"conformancePackName"`
// A list of ConformancePackInputParameter objects.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-conformancepackinputparameters
//
ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3bucket
//
DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
// The prefix for the Amazon S3 bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-deliverys3keyprefix
//
DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
// A string containing full conformance pack template body.
//
// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
//
// > You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatebody
//
TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
// Location of file containing the template body (s3://bucketname/prefix).
//
// The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.
//
// > You must have access to read Amazon S3 bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templates3uri
//
TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
// An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html#cfn-config-conformancepack-templatessmdocumentdetails
//
TemplateSsmDocumentDetails interface{} `field:"optional" json:"templateSsmDocumentDetails" yaml:"templateSsmDocumentDetails"`
}
Properties for defining a `CfnConformancePack`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var templateSsmDocumentDetails interface{}
cfnConformancePackProps := &CfnConformancePackProps{
ConformancePackName: jsii.String("conformancePackName"),
// the properties below are optional
ConformancePackInputParameters: []interface{}{
&ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
},
},
DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
TemplateBody: jsii.String("templateBody"),
TemplateS3Uri: jsii.String("templateS3Uri"),
TemplateSsmDocumentDetails: templateSsmDocumentDetails,
}
type CfnConformancePack_ConformancePackInputParameterProperty ¶
type CfnConformancePack_ConformancePackInputParameterProperty struct {
// One part of a key-value pair.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametername
//
ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
// Another part of the key-value pair.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-conformancepackinputparameter.html#cfn-config-conformancepack-conformancepackinputparameter-parametervalue
//
ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}
Input parameters in the form of key-value pairs for the conformance pack, both of which you define.
Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
conformancePackInputParameterProperty := &ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
}
type CfnConformancePack_TemplateSSMDocumentDetailsProperty ¶ added in v2.55.0
type CfnConformancePack_TemplateSSMDocumentDetailsProperty struct {
// The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.
//
// If you use the document name, AWS Config checks only your account and AWS Region for the SSM document.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentname
//
DocumentName *string `field:"optional" json:"documentName" yaml:"documentName"`
// The version of the SSM document to use to create a conformance pack.
//
// By default, AWS Config uses the latest version.
//
// > This field is optional.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-conformancepack-templatessmdocumentdetails.html#cfn-config-conformancepack-templatessmdocumentdetails-documentversion
//
DocumentVersion *string `field:"optional" json:"documentVersion" yaml:"documentVersion"`
}
This API allows you to create a conformance pack template with an AWS Systems Manager document (SSM document).
To deploy a conformance pack using an SSM document, first create an SSM document with conformance pack content, and then provide the `DocumentName` in the [PutConformancePack API](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html) . You can also provide the `DocumentVersion` .
The `TemplateSSMDocumentDetails` object contains the name of the SSM document and the version of the SSM document.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
templateSSMDocumentDetailsProperty := &TemplateSSMDocumentDetailsProperty{
DocumentName: jsii.String("documentName"),
DocumentVersion: jsii.String("documentVersion"),
}
type CfnDeliveryChannel ¶
type CfnDeliveryChannel interface {
awscdk.CfnResource
awscdk.IInspectable
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
ConfigSnapshotDeliveryProperties() interface{}
SetConfigSnapshotDeliveryProperties(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// A name for the delivery channel.
Name() *string
SetName(val *string)
// The tree node.
Node() constructs.Node
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
S3BucketName() *string
SetS3BucketName(val *string)
// The prefix for the specified Amazon S3 bucket.
S3KeyPrefix() *string
SetS3KeyPrefix(val *string)
// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
S3KmsKeyArn() *string
SetS3KmsKeyArn(val *string)
// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
SnsTopicArn() *string
SetSnsTopicArn(val *string)
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Specifies a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.
Before you can create a delivery channel, you must create a configuration recorder. You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.
> In the China (Beijing) Region, when you call this action, the Amazon S3 bucket must also be in the China (Beijing) Region. In all the other regions, AWS Config supports cross-region and cross-account delivery channels.
You can have only one delivery channel per region per AWS account, and the delivery channel is required to use AWS Config .
> AWS Config does not support the delivery channel to an Amazon S3 bucket bucket where object lock is enabled. For more information, see [How S3 Object Lock works](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html) .
When you create the delivery channel, you can specify; how often AWS Config delivers configuration snapshots to your Amazon S3 bucket (for example, 24 hours), the S3 bucket to which AWS Config sends configuration snapshots and configuration history files, and the Amazon SNS topic to which AWS Config sends notifications about configuration changes, such as updated resources, AWS Config rule evaluations, and when AWS Config delivers the configuration snapshot to your S3 bucket. For more information, see [Deliver Configuration Items](https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html#delivery-channel) in the AWS Config Developer Guide.
> To enable AWS Config , you must create a configuration recorder and a delivery channel. If you want to create the resources separately, you must create a configuration recorder before you can create a delivery channel. AWS Config uses the configuration recorder to capture configuration changes to your resources. For more information, see [AWS::Config::ConfigurationRecorder](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html) .
For more information, see [Managing the Delivery Channel](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html) in the AWS Config Developer Guide.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnDeliveryChannel := awscdk.Aws_config.NewCfnDeliveryChannel(this, jsii.String("MyCfnDeliveryChannel"), &CfnDeliveryChannelProps{
S3BucketName: jsii.String("s3BucketName"),
// the properties below are optional
ConfigSnapshotDeliveryProperties: &ConfigSnapshotDeliveryPropertiesProperty{
DeliveryFrequency: jsii.String("deliveryFrequency"),
},
Name: jsii.String("name"),
S3KeyPrefix: jsii.String("s3KeyPrefix"),
S3KmsKeyArn: jsii.String("s3KmsKeyArn"),
SnsTopicArn: jsii.String("snsTopicArn"),
})
func NewCfnDeliveryChannel ¶
func NewCfnDeliveryChannel(scope constructs.Construct, id *string, props *CfnDeliveryChannelProps) CfnDeliveryChannel
type CfnDeliveryChannelProps ¶
type CfnDeliveryChannelProps struct {
// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
//
// If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the *AWS Config Developer Guide* .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3bucketname
//
S3BucketName *string `field:"required" json:"s3BucketName" yaml:"s3BucketName"`
// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties
//
ConfigSnapshotDeliveryProperties interface{} `field:"optional" json:"configSnapshotDeliveryProperties" yaml:"configSnapshotDeliveryProperties"`
// A name for the delivery channel.
//
// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
//
// Updates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-name
//
Name *string `field:"optional" json:"name" yaml:"name"`
// The prefix for the specified Amazon S3 bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3keyprefix
//
S3KeyPrefix *string `field:"optional" json:"s3KeyPrefix" yaml:"s3KeyPrefix"`
// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
//
// Must belong to the same Region as the destination S3 bucket.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-s3kmskeyarn
//
S3KmsKeyArn *string `field:"optional" json:"s3KmsKeyArn" yaml:"s3KmsKeyArn"`
// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
//
// If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the *AWS Config Developer Guide* .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html#cfn-config-deliverychannel-snstopicarn
//
SnsTopicArn *string `field:"optional" json:"snsTopicArn" yaml:"snsTopicArn"`
}
Properties for defining a `CfnDeliveryChannel`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnDeliveryChannelProps := &CfnDeliveryChannelProps{
S3BucketName: jsii.String("s3BucketName"),
// the properties below are optional
ConfigSnapshotDeliveryProperties: &ConfigSnapshotDeliveryPropertiesProperty{
DeliveryFrequency: jsii.String("deliveryFrequency"),
},
Name: jsii.String("name"),
S3KeyPrefix: jsii.String("s3KeyPrefix"),
S3KmsKeyArn: jsii.String("s3KmsKeyArn"),
SnsTopicArn: jsii.String("snsTopicArn"),
}
type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty ¶
type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty struct {
// The frequency with which AWS Config delivers configuration snapshots.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-deliverychannel-configsnapshotdeliveryproperties.html#cfn-config-deliverychannel-configsnapshotdeliveryproperties-deliveryfrequency
//
DeliveryFrequency *string `field:"optional" json:"deliveryFrequency" yaml:"deliveryFrequency"`
}
Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.
> If you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot, see the following:
The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:
- The value for the `deliveryFrequency` parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules. - The value for the `MaximumExecutionFrequency` parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see [ConfigRule](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html) .
If the `deliveryFrequency` value is less frequent than the `MaximumExecutionFrequency` value for a rule, AWS Config invokes the rule only as often as the `deliveryFrequency` value.
- For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot. - You specify the `MaximumExecutionFrequency` value for `Six_Hours` . - You then specify the delivery channel `deliveryFrequency` value for `TwentyFour_Hours` . - Because the value for `deliveryFrequency` is less frequent than `MaximumExecutionFrequency` , AWS Config invokes evaluations for the rule every 24 hours.
You should set the `MaximumExecutionFrequency` value to be at least as frequent as the `deliveryFrequency` value. You can view the `deliveryFrequency` value by using the `DescribeDeliveryChannnels` action.
To update the `deliveryFrequency` with which AWS Config delivers your configuration snapshots, use the `PutDeliveryChannel` action.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
configSnapshotDeliveryPropertiesProperty := &ConfigSnapshotDeliveryPropertiesProperty{
DeliveryFrequency: jsii.String("deliveryFrequency"),
}
type CfnOrganizationConfigRule ¶
type CfnOrganizationConfigRule interface {
awscdk.CfnResource
awscdk.IInspectable
AttrId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// A comma-separated list of accounts excluded from organization AWS Config rule.
ExcludedAccounts() *[]*string
SetExcludedAccounts(val *[]*string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// The name that you assign to organization AWS Config rule.
OrganizationConfigRuleName() *string
SetOrganizationConfigRuleName(val *string)
// An object that specifies metadata for your organization's AWS Config Custom Policy rule.
OrganizationCustomPolicyRuleMetadata() interface{}
SetOrganizationCustomPolicyRuleMetadata(val interface{})
// An `OrganizationCustomRuleMetadata` object.
OrganizationCustomRuleMetadata() interface{}
SetOrganizationCustomRuleMetadata(val interface{})
// An `OrganizationManagedRuleMetadata` object.
OrganizationManagedRuleMetadata() interface{}
SetOrganizationManagedRuleMetadata(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Adds or updates an AWS Config rule for your entire organization to evaluate if your AWS resources comply with your desired configurations.
For information on how many organization AWS Config rules you can have per account, see [*Service Limits*](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *AWS Config Developer Guide* .
Only a management account and a delegated administrator can create or update an organization AWS Config rule. When calling the `OrganizationConfigRule` resource with a delegated administrator, you must ensure AWS Organizations `ListDelegatedAdministrator` permissions are added. An organization can have up to 3 delegated administrators.
The `OrganizationConfigRule` resource enables organization service access through the `EnableAWSServiceAccess` action and creates a service-linked role `AWSServiceRoleForConfigMultiAccountSetup` in the management or delegated administrator account of your organization. The service-linked role is created only when the role does not exist in the caller account. AWS Config verifies the existence of role with `GetRole` action.
To use the `OrganizationConfigRule` resource with delegated administrator, register a delegated administrator by calling AWS Organization `register-delegated-administrator` for `config-multiaccountsetup.amazonaws.com` .
There are two types of rules: *AWS Config Managed Rules* and *AWS Config Custom Rules* . You can use `PutOrganizationConfigRule` to create both AWS Config Managed Rules and AWS Config Custom Rules.
AWS Config Managed Rules are predefined, customizable rules created by AWS Config . For a list of managed rules, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) . If you are adding an AWS Config managed rule, you must specify the rule's identifier for the `RuleIdentifier` key.
AWS Config Custom Rules are rules that you create from scratch. There are two ways to create AWS Config custom rules: with Lambda functions ( [AWS Lambda Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function) ) and with Guard ( [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) ), a policy-as-code language. AWS Config custom rules created with AWS Lambda are called *AWS Config Custom Lambda Rules* and AWS Config custom rules created with Guard are called *AWS Config Custom Policy Rules* .
If you are adding a new AWS Config Custom Lambda rule, you first need to create an AWS Lambda function in the management account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed account that can be assumed by the Lambda function. When you use `PutOrganizationConfigRule` to add a Custom Lambda rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationConfigRule := awscdk.Aws_config.NewCfnOrganizationConfigRule(this, jsii.String("MyCfnOrganizationConfigRule"), &CfnOrganizationConfigRuleProps{
OrganizationConfigRuleName: jsii.String("organizationConfigRuleName"),
// the properties below are optional
ExcludedAccounts: []*string{
jsii.String("excludedAccounts"),
},
OrganizationCustomPolicyRuleMetadata: &OrganizationCustomPolicyRuleMetadataProperty{
PolicyText: jsii.String("policyText"),
Runtime: jsii.String("runtime"),
// the properties below are optional
DebugLogDeliveryAccounts: []*string{
jsii.String("debugLogDeliveryAccounts"),
},
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
OrganizationCustomRuleMetadata: &OrganizationCustomRuleMetadataProperty{
LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
OrganizationManagedRuleMetadata: &OrganizationManagedRuleMetadataProperty{
RuleIdentifier: jsii.String("ruleIdentifier"),
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
})
func NewCfnOrganizationConfigRule ¶
func NewCfnOrganizationConfigRule(scope constructs.Construct, id *string, props *CfnOrganizationConfigRuleProps) CfnOrganizationConfigRule
type CfnOrganizationConfigRuleProps ¶
type CfnOrganizationConfigRuleProps struct {
// The name that you assign to organization AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationconfigrulename
//
OrganizationConfigRuleName *string `field:"required" json:"organizationConfigRuleName" yaml:"organizationConfigRuleName"`
// A comma-separated list of accounts excluded from organization AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-excludedaccounts
//
ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
// An object that specifies metadata for your organization's AWS Config Custom Policy rule.
//
// The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of AWS resource, and organization trigger types that initiate AWS Config to evaluate AWS resources against a rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata
//
OrganizationCustomPolicyRuleMetadata interface{} `field:"optional" json:"organizationCustomPolicyRuleMetadata" yaml:"organizationCustomPolicyRuleMetadata"`
// An `OrganizationCustomRuleMetadata` object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata
//
OrganizationCustomRuleMetadata interface{} `field:"optional" json:"organizationCustomRuleMetadata" yaml:"organizationCustomRuleMetadata"`
// An `OrganizationManagedRuleMetadata` object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconfigrule.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata
//
OrganizationManagedRuleMetadata interface{} `field:"optional" json:"organizationManagedRuleMetadata" yaml:"organizationManagedRuleMetadata"`
}
Properties for defining a `CfnOrganizationConfigRule`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationConfigRuleProps := &CfnOrganizationConfigRuleProps{
OrganizationConfigRuleName: jsii.String("organizationConfigRuleName"),
// the properties below are optional
ExcludedAccounts: []*string{
jsii.String("excludedAccounts"),
},
OrganizationCustomPolicyRuleMetadata: &OrganizationCustomPolicyRuleMetadataProperty{
PolicyText: jsii.String("policyText"),
Runtime: jsii.String("runtime"),
// the properties below are optional
DebugLogDeliveryAccounts: []*string{
jsii.String("debugLogDeliveryAccounts"),
},
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
OrganizationCustomRuleMetadata: &OrganizationCustomRuleMetadataProperty{
LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
OrganizationManagedRuleMetadata: &OrganizationManagedRuleMetadataProperty{
RuleIdentifier: jsii.String("ruleIdentifier"),
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
},
}
type CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty ¶ added in v2.70.0
type CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty struct {
// The policy definition containing the logic for your organization AWS Config Custom Policy rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-policytext
//
PolicyText *string `field:"required" json:"policyText" yaml:"policyText"`
// The runtime system for your organization AWS Config Custom Policy rules.
//
// Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the [Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard) .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-runtime
//
Runtime *string `field:"required" json:"runtime" yaml:"runtime"`
// A list of accounts that you can enable debug logging for your organization AWS Config Custom Policy rule.
//
// List is null when debug logging is enabled for all accounts.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-debuglogdeliveryaccounts
//
DebugLogDeliveryAccounts *[]*string `field:"optional" json:"debugLogDeliveryAccounts" yaml:"debugLogDeliveryAccounts"`
// The description that you provide for your organization AWS Config Custom Policy rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// A string, in JSON format, that is passed to your organization AWS Config Custom Policy rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-inputparameters
//
InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency with which AWS Config runs evaluations for a rule.
//
// Your AWS Config Custom Policy rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-maximumexecutionfrequency
//
MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// The type of notification that initiates AWS Config to run an evaluation for a rule.
//
// For AWS Config Custom Policy rules, AWS Config supports change-initiated notification types:
//
// - `ConfigurationItemChangeNotification` - Initiates an evaluation when AWS Config delivers a configuration item as a result of a resource change.
// - `OversizedConfigurationItemChangeNotification` - Initiates an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-organizationconfigruletriggertypes
//
OrganizationConfigRuleTriggerTypes *[]*string `field:"optional" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
// The ID of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourceidscope
//
ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
// The type of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-resourcetypesscope
//
ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
// One part of a key-value pair that make up a tag.
//
// A key is a general label that acts like a category for more specific tag values.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagkeyscope
//
TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
// The optional part of a key-value pair that make up a tag.
//
// A value acts as a descriptor within a tag category (key).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustompolicyrulemetadata.html#cfn-config-organizationconfigrule-organizationcustompolicyrulemetadata-tagvaluescope
//
TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}
An object that specifies metadata for your organization's AWS Config Custom Policy rule.
The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of AWS resource, and organization trigger types that initiate AWS Config to evaluate AWS resources against a rule.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
organizationCustomPolicyRuleMetadataProperty := &OrganizationCustomPolicyRuleMetadataProperty{
PolicyText: jsii.String("policyText"),
Runtime: jsii.String("runtime"),
// the properties below are optional
DebugLogDeliveryAccounts: []*string{
jsii.String("debugLogDeliveryAccounts"),
},
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
}
type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty ¶
type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty struct {
// The lambda function ARN.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-lambdafunctionarn
//
LambdaFunctionArn *string `field:"required" json:"lambdaFunctionArn" yaml:"lambdaFunctionArn"`
// The type of notification that triggers AWS Config to run an evaluation for a rule.
//
// You can specify the following notification types:
//
// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-organizationconfigruletriggertypes
//
OrganizationConfigRuleTriggerTypes *[]*string `field:"required" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
// The description that you provide for your organization AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-inputparameters
//
InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency with which AWS Config runs evaluations for a rule.
//
// Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .
//
// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-maximumexecutionfrequency
//
MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// The ID of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourceidscope
//
ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
// The type of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-resourcetypesscope
//
ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
// One part of a key-value pair that make up a tag.
//
// A key is a general label that acts like a category for more specific tag values.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagkeyscope
//
TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
// The optional part of a key-value pair that make up a tag.
//
// A value acts as a descriptor within a tag category (key).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationcustomrulemetadata.html#cfn-config-organizationconfigrule-organizationcustomrulemetadata-tagvaluescope
//
TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}
An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.
It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
organizationCustomRuleMetadataProperty := &OrganizationCustomRuleMetadataProperty{
LambdaFunctionArn: jsii.String("lambdaFunctionArn"),
OrganizationConfigRuleTriggerTypes: []*string{
jsii.String("organizationConfigRuleTriggerTypes"),
},
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
}
type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty ¶
type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty struct {
// For organization config managed rules, a predefined identifier from a list.
//
// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [Using AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-ruleidentifier
//
RuleIdentifier *string `field:"required" json:"ruleIdentifier" yaml:"ruleIdentifier"`
// The description that you provide for your organization AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-description
//
Description *string `field:"optional" json:"description" yaml:"description"`
// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-inputparameters
//
InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency with which AWS Config runs evaluations for a rule.
//
// This is for an AWS Config managed rule that is triggered at a periodic frequency.
//
// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-maximumexecutionfrequency
//
MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// The ID of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourceidscope
//
ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
// The type of the AWS resource that was evaluated.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-resourcetypesscope
//
ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
// One part of a key-value pair that make up a tag.
//
// A key is a general label that acts like a category for more specific tag values.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagkeyscope
//
TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
// The optional part of a key-value pair that make up a tag.
//
// A value acts as a descriptor within a tag category (key).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconfigrule-organizationmanagedrulemetadata.html#cfn-config-organizationconfigrule-organizationmanagedrulemetadata-tagvaluescope
//
TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}
An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.
It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
organizationManagedRuleMetadataProperty := &OrganizationManagedRuleMetadataProperty{
RuleIdentifier: jsii.String("ruleIdentifier"),
// the properties below are optional
Description: jsii.String("description"),
InputParameters: jsii.String("inputParameters"),
MaximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
ResourceIdScope: jsii.String("resourceIdScope"),
ResourceTypesScope: []*string{
jsii.String("resourceTypesScope"),
},
TagKeyScope: jsii.String("tagKeyScope"),
TagValueScope: jsii.String("tagValueScope"),
}
type CfnOrganizationConformancePack ¶
type CfnOrganizationConformancePack interface {
awscdk.CfnResource
awscdk.IInspectable
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// A list of `ConformancePackInputParameter` objects.
ConformancePackInputParameters() interface{}
SetConformancePackInputParameters(val interface{})
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
DeliveryS3Bucket() *string
SetDeliveryS3Bucket(val *string)
// Any folder structure you want to add to an Amazon S3 bucket.
DeliveryS3KeyPrefix() *string
SetDeliveryS3KeyPrefix(val *string)
// A comma-separated list of accounts excluded from organization conformance pack.
ExcludedAccounts() *[]*string
SetExcludedAccounts(val *[]*string)
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// The name you assign to an organization conformance pack.
OrganizationConformancePackName() *string
SetOrganizationConformancePackName(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// A string containing full conformance pack template body.
TemplateBody() *string
SetTemplateBody(val *string)
// Location of file containing the template body.
TemplateS3Uri() *string
SetTemplateS3Uri(val *string)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations .
OrganizationConformancePack enables organization service access for `config-multiaccountsetup.amazonaws.com` through the `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationConformancePack := awscdk.Aws_config.NewCfnOrganizationConformancePack(this, jsii.String("MyCfnOrganizationConformancePack"), &CfnOrganizationConformancePackProps{
OrganizationConformancePackName: jsii.String("organizationConformancePackName"),
// the properties below are optional
ConformancePackInputParameters: []interface{}{
&ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
},
},
DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
ExcludedAccounts: []*string{
jsii.String("excludedAccounts"),
},
TemplateBody: jsii.String("templateBody"),
TemplateS3Uri: jsii.String("templateS3Uri"),
})
func NewCfnOrganizationConformancePack ¶
func NewCfnOrganizationConformancePack(scope constructs.Construct, id *string, props *CfnOrganizationConformancePackProps) CfnOrganizationConformancePack
type CfnOrganizationConformancePackProps ¶
type CfnOrganizationConformancePackProps struct {
// The name you assign to an organization conformance pack.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-organizationconformancepackname
//
OrganizationConformancePackName *string `field:"required" json:"organizationConformancePackName" yaml:"organizationConformancePackName"`
// A list of `ConformancePackInputParameter` objects.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-conformancepackinputparameters
//
ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
//
// > This field is optional.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3bucket
//
DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
// Any folder structure you want to add to an Amazon S3 bucket.
//
// > This field is optional.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-deliverys3keyprefix
//
DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
// A comma-separated list of accounts excluded from organization conformance pack.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-excludedaccounts
//
ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
// A string containing full conformance pack template body.
//
// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templatebody
//
TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
// Location of file containing the template body.
//
// The uri must point to the conformance pack template (max size: 300 KB).
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-organizationconformancepack.html#cfn-config-organizationconformancepack-templates3uri
//
TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
}
Properties for defining a `CfnOrganizationConformancePack`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnOrganizationConformancePackProps := &CfnOrganizationConformancePackProps{
OrganizationConformancePackName: jsii.String("organizationConformancePackName"),
// the properties below are optional
ConformancePackInputParameters: []interface{}{
&ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
},
},
DeliveryS3Bucket: jsii.String("deliveryS3Bucket"),
DeliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
ExcludedAccounts: []*string{
jsii.String("excludedAccounts"),
},
TemplateBody: jsii.String("templateBody"),
TemplateS3Uri: jsii.String("templateS3Uri"),
}
type CfnOrganizationConformancePack_ConformancePackInputParameterProperty ¶
type CfnOrganizationConformancePack_ConformancePackInputParameterProperty struct {
// One part of a key-value pair.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametername
//
ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
// One part of a key-value pair.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-organizationconformancepack-conformancepackinputparameter.html#cfn-config-organizationconformancepack-conformancepackinputparameter-parametervalue
//
ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}
Input parameters in the form of key-value pairs for the conformance pack, both of which you define.
Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
conformancePackInputParameterProperty := &ConformancePackInputParameterProperty{
ParameterName: jsii.String("parameterName"),
ParameterValue: jsii.String("parameterValue"),
}
type CfnRemediationConfiguration ¶
type CfnRemediationConfiguration interface {
awscdk.CfnResource
awscdk.IInspectable
AttrId() *string
// The remediation is triggered automatically.
Automatic() interface{}
SetAutomatic(val interface{})
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// The name of the AWS Config rule.
ConfigRuleName() *string
SetConfigRuleName(val *string)
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// An ExecutionControls object.
ExecutionControls() interface{}
SetExecutionControls(val interface{})
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The maximum number of failed attempts for auto-remediation.
//
// If you do not select a number, the default is 5.
MaximumAutomaticAttempts() *float64
SetMaximumAutomaticAttempts(val *float64)
// The tree node.
Node() constructs.Node
// An object of the RemediationParameterValue.
//
// For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) .
Parameters() interface{}
SetParameters(val interface{})
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The type of a resource.
ResourceType() *string
SetResourceType(val *string)
// Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts.
RetryAttemptSeconds() *float64
SetRetryAttemptSeconds(val *float64)
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Target ID is the name of the SSM document.
TargetId() *string
SetTargetId(val *string)
// The type of the target.
TargetType() *string
SetTargetType(val *string)
// Version of the target.
//
// For example, version of the SSM document.
TargetVersion() *string
SetTargetVersion(val *string)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var parameters interface{}
cfnRemediationConfiguration := awscdk.Aws_config.NewCfnRemediationConfiguration(this, jsii.String("MyCfnRemediationConfiguration"), &CfnRemediationConfigurationProps{
ConfigRuleName: jsii.String("configRuleName"),
TargetId: jsii.String("targetId"),
TargetType: jsii.String("targetType"),
// the properties below are optional
Automatic: jsii.Boolean(false),
ExecutionControls: &ExecutionControlsProperty{
SsmControls: &SsmControlsProperty{
ConcurrentExecutionRatePercentage: jsii.Number(123),
ErrorPercentage: jsii.Number(123),
},
},
MaximumAutomaticAttempts: jsii.Number(123),
Parameters: parameters,
ResourceType: jsii.String("resourceType"),
RetryAttemptSeconds: jsii.Number(123),
TargetVersion: jsii.String("targetVersion"),
})
func NewCfnRemediationConfiguration ¶
func NewCfnRemediationConfiguration(scope constructs.Construct, id *string, props *CfnRemediationConfigurationProps) CfnRemediationConfiguration
type CfnRemediationConfigurationProps ¶
type CfnRemediationConfigurationProps struct {
// The name of the AWS Config rule.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-configrulename
//
ConfigRuleName *string `field:"required" json:"configRuleName" yaml:"configRuleName"`
// Target ID is the name of the SSM document.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetid
//
TargetId *string `field:"required" json:"targetId" yaml:"targetId"`
// The type of the target.
//
// Target executes remediation. For example, SSM document.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targettype
//
TargetType *string `field:"required" json:"targetType" yaml:"targetType"`
// The remediation is triggered automatically.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-automatic
//
Automatic interface{} `field:"optional" json:"automatic" yaml:"automatic"`
// An ExecutionControls object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-executioncontrols
//
ExecutionControls interface{} `field:"optional" json:"executionControls" yaml:"executionControls"`
// The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
//
// For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-maximumautomaticattempts
//
MaximumAutomaticAttempts *float64 `field:"optional" json:"maximumAutomaticAttempts" yaml:"maximumAutomaticAttempts"`
// An object of the RemediationParameterValue. For more information, see [RemediationParameterValue](https://docs.aws.amazon.com/config/latest/APIReference/API_RemediationParameterValue.html) .
//
// > The type is a map of strings to RemediationParameterValue.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-parameters
//
Parameters interface{} `field:"optional" json:"parameters" yaml:"parameters"`
// The type of a resource.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-resourcetype
//
ResourceType *string `field:"optional" json:"resourceType" yaml:"resourceType"`
// Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts.
//
// If `MaximumAutomaticAttempts` remediation attempts have been made under `RetryAttemptSeconds` , a remediation exception will be added to the resource. If you do not select a number, the default is 60 seconds.
//
// For example, if you specify `RetryAttemptSeconds` as 50 seconds and `MaximumAutomaticAttempts` as 5, AWS Config will run auto-remediations 5 times within 50 seconds before adding a remediation exception to the resource.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-retryattemptseconds
//
RetryAttemptSeconds *float64 `field:"optional" json:"retryAttemptSeconds" yaml:"retryAttemptSeconds"`
// Version of the target. For example, version of the SSM document.
//
// > If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html#cfn-config-remediationconfiguration-targetversion
//
TargetVersion *string `field:"optional" json:"targetVersion" yaml:"targetVersion"`
}
Properties for defining a `CfnRemediationConfiguration`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var parameters interface{}
cfnRemediationConfigurationProps := &CfnRemediationConfigurationProps{
ConfigRuleName: jsii.String("configRuleName"),
TargetId: jsii.String("targetId"),
TargetType: jsii.String("targetType"),
// the properties below are optional
Automatic: jsii.Boolean(false),
ExecutionControls: &ExecutionControlsProperty{
SsmControls: &SsmControlsProperty{
ConcurrentExecutionRatePercentage: jsii.Number(123),
ErrorPercentage: jsii.Number(123),
},
},
MaximumAutomaticAttempts: jsii.Number(123),
Parameters: parameters,
ResourceType: jsii.String("resourceType"),
RetryAttemptSeconds: jsii.Number(123),
TargetVersion: jsii.String("targetVersion"),
}
type CfnRemediationConfiguration_ExecutionControlsProperty ¶
type CfnRemediationConfiguration_ExecutionControlsProperty struct {
// A SsmControls object.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-executioncontrols.html#cfn-config-remediationconfiguration-executioncontrols-ssmcontrols
//
SsmControls interface{} `field:"optional" json:"ssmControls" yaml:"ssmControls"`
}
An ExecutionControls object.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
executionControlsProperty := &ExecutionControlsProperty{
SsmControls: &SsmControlsProperty{
ConcurrentExecutionRatePercentage: jsii.Number(123),
ErrorPercentage: jsii.Number(123),
},
}
type CfnRemediationConfiguration_RemediationParameterValueProperty ¶
type CfnRemediationConfiguration_RemediationParameterValueProperty struct {
// The value is dynamic and changes at run-time.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-resourcevalue
//
ResourceValue interface{} `field:"optional" json:"resourceValue" yaml:"resourceValue"`
// The value is static and does not change at run-time.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-remediationparametervalue.html#cfn-config-remediationconfiguration-remediationparametervalue-staticvalue
//
StaticValue interface{} `field:"optional" json:"staticValue" yaml:"staticValue"`
}
The value is either a dynamic (resource) value or a static value.
You must select either a dynamic value or a static value.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
remediationParameterValueProperty := &RemediationParameterValueProperty{
ResourceValue: &ResourceValueProperty{
Value: jsii.String("value"),
},
StaticValue: &StaticValueProperty{
Value: []*string{
jsii.String("value"),
},
Values: []*string{
jsii.String("values"),
},
},
}
type CfnRemediationConfiguration_ResourceValueProperty ¶
type CfnRemediationConfiguration_ResourceValueProperty struct {
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-resourcevalue.html#cfn-config-remediationconfiguration-resourcevalue-value
//
Value *string `field:"optional" json:"value" yaml:"value"`
}
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
resourceValueProperty := &ResourceValueProperty{
Value: jsii.String("value"),
}
type CfnRemediationConfiguration_SsmControlsProperty ¶
type CfnRemediationConfiguration_SsmControlsProperty struct {
// The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule.
//
// You can specify a percentage, such as 10%. The default value is 10.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-concurrentexecutionratepercentage
//
ConcurrentExecutionRatePercentage *float64 `field:"optional" json:"concurrentExecutionRatePercentage" yaml:"concurrentExecutionRatePercentage"`
// The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule.
//
// You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-ssmcontrols.html#cfn-config-remediationconfiguration-ssmcontrols-errorpercentage
//
ErrorPercentage *float64 `field:"optional" json:"errorPercentage" yaml:"errorPercentage"`
}
AWS Systems Manager (SSM) specific remediation controls.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
ssmControlsProperty := &SsmControlsProperty{
ConcurrentExecutionRatePercentage: jsii.Number(123),
ErrorPercentage: jsii.Number(123),
}
type CfnRemediationConfiguration_StaticValueProperty ¶
type CfnRemediationConfiguration_StaticValueProperty struct {
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-staticvalue.html#cfn-config-remediationconfiguration-staticvalue-value
//
Value *[]*string `field:"optional" json:"value" yaml:"value"`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-remediationconfiguration-staticvalue.html#cfn-config-remediationconfiguration-staticvalue-values
//
Values *[]*string `field:"optional" json:"values" yaml:"values"`
}
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
staticValueProperty := &StaticValueProperty{
Value: []*string{
jsii.String("value"),
},
Values: []*string{
jsii.String("values"),
},
}
type CfnStoredQuery ¶
type CfnStoredQuery interface {
awscdk.CfnResource
awscdk.IInspectable
awscdk.ITaggable
// Amazon Resource Name (ARN) of the query.
//
// For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
AttrQueryArn() *string
// The ID of the query.
AttrQueryId() *string
// Options for this resource, such as condition, update policy etc.
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
// AWS resource type.
CfnResourceType() *string
// Returns: the stack trace of the point where this Resource was created from, sourced
// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
// node +internal+ entries filtered.
CreationStack() *[]*string
// The logical ID for this CloudFormation stack element.
//
// The logical ID of the element
// is calculated from the path of the resource node in the construct tree.
//
// To override this value, use `overrideLogicalId(newLogicalId)`.
//
// Returns: the logical ID as a stringified token. This value will only get
// resolved during synthesis.
LogicalId() *string
// The tree node.
Node() constructs.Node
// A unique description for the query.
QueryDescription() *string
SetQueryDescription(val *string)
// The expression of the query.
QueryExpression() *string
SetQueryExpression(val *string)
// The name of the query.
QueryName() *string
SetQueryName(val *string)
// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
//
// If, by any chance, the intrinsic reference of a resource is not a string, you could
// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
Ref() *string
// The stack in which this element is defined.
//
// CfnElements must be defined within a stack scope (directly or indirectly).
Stack() awscdk.Stack
// Tag Manager which manages the tags for this resource.
Tags() awscdk.TagManager
// An array of key-value pairs to apply to this resource.
TagsRaw() *[]*awscdk.CfnTag
SetTagsRaw(val *[]*awscdk.CfnTag)
// Deprecated.
// Deprecated: use `updatedProperties`
//
// Return properties modified after initiation
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperites() *map[string]interface{}
// Return properties modified after initiation.
//
// Resources that expose mutable properties should override this function to
// collect and return the properties object for this resource.
UpdatedProperties() *map[string]interface{}
// Syntactic sugar for `addOverride(path, undefined)`.
AddDeletionOverride(path *string)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
//
// This can be used for resources across stacks (or nested stack) boundaries
// and the dependency will automatically be transferred to the relevant scope.
AddDependency(target awscdk.CfnResource)
// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
// Deprecated: use addDependency.
AddDependsOn(target awscdk.CfnResource)
// Add a value to the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
AddMetadata(key *string, value interface{})
// Adds an override to the synthesized CloudFormation resource.
//
// To add a
// property override, either use `addPropertyOverride` or prefix `path` with
// "Properties." (i.e. `Properties.TopicName`).
//
// If the override is nested, separate each nested level using a dot (.) in the path parameter.
// If there is an array as part of the nesting, specify the index in the path.
//
// To include a literal `.` in the property name, prefix with a `\`. In most
// programming languages you will need to write this as `"\\."` because the
// `\` itself will need to be escaped.
//
// For example,
// “`typescript
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
// “`
// would add the overrides
// “`json
// "Properties": {
// "GlobalSecondaryIndexes": [
// {
// "Projection": {
// "NonKeyAttributes": [ "myattribute" ]
// ...
// }
// ...
// },
// {
// "ProjectionType": "INCLUDE"
// ...
// },
// ]
// ...
// }
// “`
//
// The `value` argument to `addOverride` will not be processed or translated
// in any way. Pass raw JSON values in here with the correct capitalization
// for CloudFormation. If you pass CDK classes or structs, they will be
// rendered with lowercased key names, and CloudFormation will reject the
// template.
AddOverride(path *string, value interface{})
// Adds an override that deletes the value of a property from the resource definition.
AddPropertyDeletionOverride(propertyPath *string)
// Adds an override to a resource property.
//
// Syntactic sugar for `addOverride("Properties.<...>", value)`.
AddPropertyOverride(propertyPath *string, value interface{})
// Sets the deletion policy of the resource based on the removal policy specified.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
// cases, a snapshot can be taken of the resource prior to deletion
// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
// can be found in the following link:.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
//
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
// Returns a token for an runtime attribute of this resource.
//
// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
// in case there is no generated attribute.
GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
// Retrieve a value value from the CloudFormation Resource Metadata.
// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
//
// Note that this is a different set of metadata from CDK node metadata; this
// metadata ends up in the stack template under the resource, whereas CDK
// node metadata ends up in the Cloud Assembly.
//
GetMetadata(key *string) interface{}
// Examines the CloudFormation resource and discloses attributes.
Inspect(inspector awscdk.TreeInspector)
// Retrieves an array of resources this resource depends on.
//
// This assembles dependencies on resources across stacks (including nested stacks)
// automatically.
ObtainDependencies() *[]interface{}
// Get a shallow copy of dependencies between this resource and other resources in the same stack.
ObtainResourceDependencies() *[]awscdk.CfnResource
// Overrides the auto-generated logical ID with a specific ID.
OverrideLogicalId(newLogicalId *string)
// Indicates that this resource no longer depends on another resource.
//
// This can be used for resources across stacks (including nested stacks)
// and the dependency will automatically be removed from the relevant scope.
RemoveDependency(target awscdk.CfnResource)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
// Replaces one dependency with another.
ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
//
// Returns: `true` if the resource should be included or `false` is the resource
// should be omitted.
ShouldSynthesize() *bool
// Returns a string representation of this construct.
//
// Returns: a string representation of this resource.
ToString() *string
ValidateProperties(_properties interface{})
}
Provides the details of a stored query.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnStoredQuery := awscdk.Aws_config.NewCfnStoredQuery(this, jsii.String("MyCfnStoredQuery"), &CfnStoredQueryProps{
QueryExpression: jsii.String("queryExpression"),
QueryName: jsii.String("queryName"),
// the properties below are optional
QueryDescription: jsii.String("queryDescription"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
})
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html
func NewCfnStoredQuery ¶
func NewCfnStoredQuery(scope constructs.Construct, id *string, props *CfnStoredQueryProps) CfnStoredQuery
type CfnStoredQueryProps ¶
type CfnStoredQueryProps struct {
// The expression of the query.
//
// For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryexpression
//
QueryExpression *string `field:"required" json:"queryExpression" yaml:"queryExpression"`
// The name of the query.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-queryname
//
QueryName *string `field:"required" json:"queryName" yaml:"queryName"`
// A unique description for the query.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-querydescription
//
QueryDescription *string `field:"optional" json:"queryDescription" yaml:"queryDescription"`
// An array of key-value pairs to apply to this resource.
// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html#cfn-config-storedquery-tags
//
Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}
Properties for defining a `CfnStoredQuery`.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
cfnStoredQueryProps := &CfnStoredQueryProps{
QueryExpression: jsii.String("queryExpression"),
QueryName: jsii.String("queryName"),
// the properties below are optional
QueryDescription: jsii.String("queryDescription"),
Tags: []cfnTag{
&cfnTag{
Key: jsii.String("key"),
Value: jsii.String("value"),
},
},
}
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-storedquery.html
type CloudFormationStackDriftDetectionCheck ¶
type CloudFormationStackDriftDetectionCheck interface {
ManagedRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.
Example:
// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))
rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &OnEventOptions{
Target: targets.NewSnsTopic(complianceTopic),
})
func NewCloudFormationStackDriftDetectionCheck ¶
func NewCloudFormationStackDriftDetectionCheck(scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps) CloudFormationStackDriftDetectionCheck
type CloudFormationStackDriftDetectionCheckProps ¶
type CloudFormationStackDriftDetectionCheckProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// Whether to check only the stack where this rule is deployed.
// Default: false.
//
OwnStackOnly *bool `field:"optional" json:"ownStackOnly" yaml:"ownStackOnly"`
// The IAM role to use for this rule.
//
// It must have permissions to detect drift
// for AWS CloudFormation stacks. Ensure to attach `config.amazonaws.com` trusted
// permissions and `ReadOnlyAccess` policy permissions. For specific policy permissions,
// refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.
// Default: - A role will be created.
//
Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
}
Construction properties for a CloudFormationStackDriftDetectionCheck.
Example:
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &CloudFormationStackDriftDetectionCheckProps{
OwnStackOnly: jsii.Boolean(true),
})
type CloudFormationStackNotificationCheck ¶
type CloudFormationStackNotificationCheck interface {
ManagedRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.
Optionally checks whether specified SNS topics are used.
Example:
// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
Topics: []iTopic{
topic1,
topic2,
},
})
func NewCloudFormationStackNotificationCheck ¶
func NewCloudFormationStackNotificationCheck(scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps) CloudFormationStackNotificationCheck
type CloudFormationStackNotificationCheckProps ¶
type CloudFormationStackNotificationCheckProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// A list of allowed topics.
//
// At most 5 topics.
// Default: - No topics.
//
Topics *[]awssns.ITopic `field:"optional" json:"topics" yaml:"topics"`
}
Construction properties for a CloudFormationStackNotificationCheck.
Example:
// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &CloudFormationStackNotificationCheckProps{
Topics: []iTopic{
topic1,
topic2,
},
})
type CustomPolicy ¶ added in v2.47.0
type CustomPolicy interface {
awscdk.Resource
IRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
A new custom policy.
Example:
samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`
config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EnableDebugLog: jsii.Boolean(true),
RuleScope: config.RuleScope_FromResources([]resourceType{
config.*resourceType_DYNAMODB_TABLE(),
}),
})
func NewCustomPolicy ¶ added in v2.47.0
func NewCustomPolicy(scope constructs.Construct, id *string, props *CustomPolicyProps) CustomPolicy
type CustomPolicyProps ¶ added in v2.47.0
type CustomPolicyProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// The policy definition containing the logic for your AWS Config Custom Policy rule.
PolicyText *string `field:"required" json:"policyText" yaml:"policyText"`
// The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
// Default: false.
//
EnableDebugLog *bool `field:"optional" json:"enableDebugLog" yaml:"enableDebugLog"`
}
Construction properties for a CustomPolicy.
Example:
samplePolicyText := `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']
rule tableisactive when
resourceType == "AWS::DynamoDB::Table" {
configuration.tableStatus == %status
}
rule checkcompliance when
resourceType == "AWS::DynamoDB::Table"
tableisactive {
let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
%pitr == "ENABLED"
}
`
config.NewCustomPolicy(this, jsii.String("Custom"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EnableDebugLog: jsii.Boolean(true),
RuleScope: config.RuleScope_FromResources([]resourceType{
config.*resourceType_DYNAMODB_TABLE(),
}),
})
type CustomRule ¶
type CustomRule interface {
awscdk.Resource
IRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
A new custom rule.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
func NewCustomRule ¶
func NewCustomRule(scope constructs.Construct, id *string, props *CustomRuleProps) CustomRule
type CustomRuleProps ¶
type CustomRuleProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// The Lambda function to run.
LambdaFunction awslambda.IFunction `field:"required" json:"lambdaFunction" yaml:"lambdaFunction"`
// Whether to run the rule on configuration changes.
// Default: false.
//
ConfigurationChanges *bool `field:"optional" json:"configurationChanges" yaml:"configurationChanges"`
// Whether to run the rule on a fixed frequency.
// Default: false.
//
Periodic *bool `field:"optional" json:"periodic" yaml:"periodic"`
}
Construction properties for a CustomRule.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
type EvaluationMode ¶ added in v2.145.0
type EvaluationMode interface {
// The modes of evaluation for the rule.
Modes() *[]*string
}
The mode of evaluation for the rule.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
func EvaluationMode_DETECTIVE ¶ added in v2.145.0
func EvaluationMode_DETECTIVE() EvaluationMode
func EvaluationMode_DETECTIVE_AND_PROACTIVE ¶ added in v2.145.0
func EvaluationMode_DETECTIVE_AND_PROACTIVE() EvaluationMode
func EvaluationMode_PROACTIVE ¶ added in v2.145.0
func EvaluationMode_PROACTIVE() EvaluationMode
func NewEvaluationMode ¶ added in v2.145.0
func NewEvaluationMode(modes *[]*string) EvaluationMode
type IRule ¶
type IRule interface {
awscdk.IResource
// Defines a EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines a EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// The name of the rule.
ConfigRuleName() *string
}
Interface representing an AWS Config rule.
func AccessKeysRotated_FromConfigRuleName ¶
func AccessKeysRotated_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
func CloudFormationStackDriftDetectionCheck_FromConfigRuleName ¶
func CloudFormationStackDriftDetectionCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
func CloudFormationStackNotificationCheck_FromConfigRuleName ¶
func CloudFormationStackNotificationCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
func CustomPolicy_FromConfigRuleName ¶ added in v2.47.0
func CustomPolicy_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
func CustomRule_FromConfigRuleName ¶
func CustomRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
func ManagedRule_FromConfigRuleName ¶
func ManagedRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule
Imports an existing rule.
type ManagedRule ¶
type ManagedRule interface {
awscdk.Resource
IRule
// The arn of the rule.
ConfigRuleArn() *string
// The compliance status of the rule.
ConfigRuleComplianceType() *string
// The id of the rule.
ConfigRuleId() *string
// The name of the rule.
ConfigRuleName() *string
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
Env() *awscdk.ResourceEnvironment
IsCustomWithChanges() *bool
SetIsCustomWithChanges(val *bool)
IsManaged() *bool
SetIsManaged(val *bool)
// The tree node.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
PhysicalName() *string
RuleScope() RuleScope
SetRuleScope(val RuleScope)
// The stack in which this resource is defined.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
GetResourceNameAttribute(nameAttr *string) *string
// Defines an EventBridge event rule which triggers for rule compliance events.
OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule events.
//
// Use
// `rule.addEventPattern(pattern)` to specify a filter.
OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
// Returns a string representation of this construct.
ToString() *string
}
A new managed rule.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
func NewManagedRule ¶
func NewManagedRule(scope constructs.Construct, id *string, props *ManagedRuleProps) ManagedRule
type ManagedRuleIdentifiers ¶
type ManagedRuleIdentifiers interface {
}
Managed rules that are supported by AWS Config.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
type ManagedRuleProps ¶
type ManagedRuleProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
// The identifier of the AWS managed rule.
// See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
//
Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
}
Construction properties for a ManagedRule.
Example:
var fn function
var samplePolicyText string
config.NewManagedRule(this, jsii.String("ManagedRule"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_API_GW_XRAY_ENABLED(),
EvaluationModes: config.EvaluationMode_DETECTIVE_AND_PROACTIVE(),
})
config.NewCustomRule(this, jsii.String("CustomRule"), &CustomRuleProps{
LambdaFunction: fn,
EvaluationModes: config.EvaluationMode_PROACTIVE(),
})
config.NewCustomPolicy(this, jsii.String("CustomPolicy"), &CustomPolicyProps{
PolicyText: samplePolicyText,
EvaluationModes: config.EvaluationMode_DETECTIVE(),
})
type MaximumExecutionFrequency ¶
type MaximumExecutionFrequency string
The maximum frequency at which the AWS Config rule runs evaluations.
Example:
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &ManagedRuleProps{
Identifier: config.ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
InputParameters: map[string]interface{}{
"maxAccessKeyAge": jsii.Number(60),
},
// default is 24 hours
MaximumExecutionFrequency: config.MaximumExecutionFrequency_TWELVE_HOURS,
})
const ( // 1 hour. MaximumExecutionFrequency_ONE_HOUR MaximumExecutionFrequency = "ONE_HOUR" // 3 hours. MaximumExecutionFrequency_THREE_HOURS MaximumExecutionFrequency = "THREE_HOURS" // 6 hours. MaximumExecutionFrequency_SIX_HOURS MaximumExecutionFrequency = "SIX_HOURS" // 12 hours. MaximumExecutionFrequency_TWELVE_HOURS MaximumExecutionFrequency = "TWELVE_HOURS" // 24 hours. MaximumExecutionFrequency_TWENTY_FOUR_HOURS MaximumExecutionFrequency = "TWENTY_FOUR_HOURS" )
type ResourceType ¶
type ResourceType interface {
// Valid value of resource type.
ComplianceResourceType() *string
}
Resources types that are supported by AWS Config.
Example:
// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
Handler: jsii.String("index.handler"),
Runtime: lambda.Runtime_NODEJS_18_X(),
})
// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
ConfigurationChanges: jsii.Boolean(true),
LambdaFunction: evalComplianceFn,
RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})
See: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html
func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY ¶ added in v2.145.0
func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY() ResourceType
func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY_ACTIVATION ¶ added in v2.145.0
func ResourceType_ACMPCA_CERTIFICATE_AUTHORITY_ACTIVATION() ResourceType
func ResourceType_ACM_CERTIFICATE ¶
func ResourceType_ACM_CERTIFICATE() ResourceType
func ResourceType_AMAZON_MQ_BROKER ¶ added in v2.63.0
func ResourceType_AMAZON_MQ_BROKER() ResourceType
func ResourceType_AMPLIFY_APP ¶ added in v2.145.0
func ResourceType_AMPLIFY_APP() ResourceType
func ResourceType_AMPLIFY_BRANCH ¶ added in v2.145.0
func ResourceType_AMPLIFY_BRANCH() ResourceType
func ResourceType_APIGATEWAYV2_API ¶
func ResourceType_APIGATEWAYV2_API() ResourceType
func ResourceType_APIGATEWAYV2_STAGE ¶
func ResourceType_APIGATEWAYV2_STAGE() ResourceType
func ResourceType_APIGATEWAY_REST_API ¶
func ResourceType_APIGATEWAY_REST_API() ResourceType
func ResourceType_APIGATEWAY_STAGE ¶
func ResourceType_APIGATEWAY_STAGE() ResourceType
func ResourceType_APPCONFIG_APPLICATION ¶ added in v2.46.0
func ResourceType_APPCONFIG_APPLICATION() ResourceType
func ResourceType_APPCONFIG_CONFIGURATION_PROFILE ¶ added in v2.63.0
func ResourceType_APPCONFIG_CONFIGURATION_PROFILE() ResourceType
func ResourceType_APPCONFIG_ENVIRONMENT ¶ added in v2.63.0
func ResourceType_APPCONFIG_ENVIRONMENT() ResourceType
func ResourceType_APPSYNC_GRAPHQL_API ¶ added in v2.46.0
func ResourceType_APPSYNC_GRAPHQL_API() ResourceType
func ResourceType_APP_CONFIG_DEPLOYMENT_STRATEGY ¶ added in v2.145.0
func ResourceType_APP_CONFIG_DEPLOYMENT_STRATEGY() ResourceType
func ResourceType_APP_CONFIG_HOSTED_CONFIGURATION_VERSION ¶ added in v2.145.0
func ResourceType_APP_CONFIG_HOSTED_CONFIGURATION_VERSION() ResourceType
func ResourceType_APP_FLOW_FLOW ¶ added in v2.145.0
func ResourceType_APP_FLOW_FLOW() ResourceType
func ResourceType_APP_INTEGRATIONS_EVENT_INTEGRATION ¶ added in v2.145.0
func ResourceType_APP_INTEGRATIONS_EVENT_INTEGRATION() ResourceType
func ResourceType_APP_MESH_GATEWAY_ROUTE ¶ added in v2.145.0
func ResourceType_APP_MESH_GATEWAY_ROUTE() ResourceType
func ResourceType_APP_MESH_MESH ¶ added in v2.145.0
func ResourceType_APP_MESH_MESH() ResourceType
func ResourceType_APP_MESH_ROUTE ¶ added in v2.145.0
func ResourceType_APP_MESH_ROUTE() ResourceType
func ResourceType_APP_MESH_VIRTUAL_GATEWAY ¶ added in v2.145.0
func ResourceType_APP_MESH_VIRTUAL_GATEWAY() ResourceType
func ResourceType_APP_MESH_VIRTUAL_NODE ¶ added in v2.145.0
func ResourceType_APP_MESH_VIRTUAL_NODE() ResourceType
func ResourceType_APP_MESH_VIRTUAL_ROUTER ¶ added in v2.145.0
func ResourceType_APP_MESH_VIRTUAL_ROUTER() ResourceType
func ResourceType_APP_MESH_VIRTUAL_SERVICE ¶ added in v2.145.0
func ResourceType_APP_MESH_VIRTUAL_SERVICE() ResourceType
func ResourceType_APP_RUNNER_SERVICE ¶ added in v2.145.0
func ResourceType_APP_RUNNER_SERVICE() ResourceType
func ResourceType_APP_RUNNER_VPC_CONNECTOR ¶ added in v2.145.0
func ResourceType_APP_RUNNER_VPC_CONNECTOR() ResourceType
func ResourceType_APP_STREAM_APPLICATION ¶ added in v2.145.0
func ResourceType_APP_STREAM_APPLICATION() ResourceType
func ResourceType_APP_STREAM_DIRECTORY_CONFIG ¶ added in v2.145.0
func ResourceType_APP_STREAM_DIRECTORY_CONFIG() ResourceType
func ResourceType_APP_STREAM_FLEET ¶ added in v2.145.0
func ResourceType_APP_STREAM_FLEET() ResourceType
func ResourceType_APP_STREAM_STACK ¶ added in v2.145.0
func ResourceType_APP_STREAM_STACK() ResourceType
func ResourceType_APS_RULE_GROUPS_NAMESPACE ¶ added in v2.145.0
func ResourceType_APS_RULE_GROUPS_NAMESPACE() ResourceType
func ResourceType_ATHENA_PREPARED_STATEMENT ¶ added in v2.145.0
func ResourceType_ATHENA_PREPARED_STATEMENT() ResourceType
func ResourceType_AUDIT_MANAGER_ASSESSMENT ¶ added in v2.145.0
func ResourceType_AUDIT_MANAGER_ASSESSMENT() ResourceType
func ResourceType_AUTO_SCALING_GROUP ¶
func ResourceType_AUTO_SCALING_GROUP() ResourceType
func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION ¶
func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION() ResourceType
func ResourceType_AUTO_SCALING_POLICY ¶
func ResourceType_AUTO_SCALING_POLICY() ResourceType
func ResourceType_AUTO_SCALING_SCHEDULED_ACTION ¶
func ResourceType_AUTO_SCALING_SCHEDULED_ACTION() ResourceType
func ResourceType_AUTO_SCALING_WARM_POOL ¶ added in v2.145.0
func ResourceType_AUTO_SCALING_WARM_POOL() ResourceType
func ResourceType_BACKUP_BACKUP_PLAN ¶ added in v2.37.0
func ResourceType_BACKUP_BACKUP_PLAN() ResourceType
func ResourceType_BACKUP_BACKUP_SELECTION ¶ added in v2.37.0
func ResourceType_BACKUP_BACKUP_SELECTION() ResourceType
func ResourceType_BACKUP_BACKUP_VAULT ¶ added in v2.37.0
func ResourceType_BACKUP_BACKUP_VAULT() ResourceType
func ResourceType_BACKUP_RECOVERY_POINT ¶ added in v2.37.0
func ResourceType_BACKUP_RECOVERY_POINT() ResourceType
func ResourceType_BACKUP_REPORT_PLAN ¶ added in v2.60.0
func ResourceType_BACKUP_REPORT_PLAN() ResourceType
func ResourceType_BATCH_COMPUTE_ENVIRONMENT ¶ added in v2.37.0
func ResourceType_BATCH_COMPUTE_ENVIRONMENT() ResourceType
func ResourceType_BATCH_JOB_QUEUE ¶ added in v2.37.0
func ResourceType_BATCH_JOB_QUEUE() ResourceType
func ResourceType_BATCH_SCHEDULING_POLICY ¶ added in v2.145.0
func ResourceType_BATCH_SCHEDULING_POLICY() ResourceType
func ResourceType_BUDGETS_BUDGETS_ACTION ¶ added in v2.145.0
func ResourceType_BUDGETS_BUDGETS_ACTION() ResourceType
func ResourceType_CASSANDRA_KEYSPACE ¶ added in v2.145.0
func ResourceType_CASSANDRA_KEYSPACE() ResourceType
func ResourceType_CLOUD9_ENVIRONMENT_EC2 ¶ added in v2.63.0
func ResourceType_CLOUD9_ENVIRONMENT_EC2() ResourceType
func ResourceType_CLOUDFORMATION_STACK ¶
func ResourceType_CLOUDFORMATION_STACK() ResourceType
func ResourceType_CLOUDFRONT_DISTRIBUTION ¶
func ResourceType_CLOUDFRONT_DISTRIBUTION() ResourceType
func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION ¶
func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION() ResourceType
func ResourceType_CLOUDTRAIL_TRAIL ¶
func ResourceType_CLOUDTRAIL_TRAIL() ResourceType
func ResourceType_CLOUDWATCH_ALARM ¶
func ResourceType_CLOUDWATCH_ALARM() ResourceType
func ResourceType_CLOUDWATCH_RUM_APP_MONITOR ¶ added in v2.60.0
func ResourceType_CLOUDWATCH_RUM_APP_MONITOR() ResourceType
func ResourceType_CLOUD_WATCH_METRIC_STREAM ¶ added in v2.145.0
func ResourceType_CLOUD_WATCH_METRIC_STREAM() ResourceType
func ResourceType_CODEBUILD_PROJECT ¶
func ResourceType_CODEBUILD_PROJECT() ResourceType
func ResourceType_CODEDEPLOY_APPLICATION ¶ added in v2.37.0
func ResourceType_CODEDEPLOY_APPLICATION() ResourceType
func ResourceType_CODEDEPLOY_DEPLOYMENT_CONFIG ¶ added in v2.37.0
func ResourceType_CODEDEPLOY_DEPLOYMENT_CONFIG() ResourceType
func ResourceType_CODEDEPLOY_DEPLOYMENT_GROUP ¶ added in v2.37.0
func ResourceType_CODEDEPLOY_DEPLOYMENT_GROUP() ResourceType
func ResourceType_CODEPIPELINE_PIPELINE ¶
func ResourceType_CODEPIPELINE_PIPELINE() ResourceType
func ResourceType_CODE_ARTIFACT_REPOSITORY ¶ added in v2.145.0
func ResourceType_CODE_ARTIFACT_REPOSITORY() ResourceType
func ResourceType_CODE_BUILD_REPORT_GROUP ¶ added in v2.145.0
func ResourceType_CODE_BUILD_REPORT_GROUP() ResourceType
func ResourceType_CODE_GURU_PROFILER_PROFILING_GROUP ¶ added in v2.145.0
func ResourceType_CODE_GURU_PROFILER_PROFILING_GROUP() ResourceType
func ResourceType_CODE_GURU_REVIEWER_REPOSITORY_ASSOCIATION ¶ added in v2.145.0
func ResourceType_CODE_GURU_REVIEWER_REPOSITORY_ASSOCIATION() ResourceType
func ResourceType_CONFIG_CONFORMANCE_PACK_COMPLIANCE ¶ added in v2.37.0
func ResourceType_CONFIG_CONFORMANCE_PACK_COMPLIANCE() ResourceType
func ResourceType_CONFIG_RESOURCE_COMPLIANCE ¶ added in v2.37.0
func ResourceType_CONFIG_RESOURCE_COMPLIANCE() ResourceType
func ResourceType_CONNECT_INSTANCE ¶ added in v2.145.0
func ResourceType_CONNECT_INSTANCE() ResourceType
func ResourceType_CONNECT_PHONE_NUMBER ¶ added in v2.145.0
func ResourceType_CONNECT_PHONE_NUMBER() ResourceType
func ResourceType_CONNECT_QUICK_CONNECT ¶ added in v2.145.0
func ResourceType_CONNECT_QUICK_CONNECT() ResourceType
func ResourceType_CUSTOMER_PROFILES_DOMAIN ¶ added in v2.145.0
func ResourceType_CUSTOMER_PROFILES_DOMAIN() ResourceType
func ResourceType_CUSTOMER_PROFILES_OBJECT_TYPE ¶ added in v2.145.0
func ResourceType_CUSTOMER_PROFILES_OBJECT_TYPE() ResourceType
func ResourceType_DATASYNC_LOCATION_EFS ¶ added in v2.46.0
func ResourceType_DATASYNC_LOCATION_EFS() ResourceType
func ResourceType_DATASYNC_LOCATION_FSX_LUSTRE ¶ added in v2.46.0
func ResourceType_DATASYNC_LOCATION_FSX_LUSTRE() ResourceType
func ResourceType_DATASYNC_LOCATION_FSX_WINDOWS ¶ added in v2.60.0
func ResourceType_DATASYNC_LOCATION_FSX_WINDOWS() ResourceType
func ResourceType_DATASYNC_LOCATION_HDFS ¶ added in v2.51.0
func ResourceType_DATASYNC_LOCATION_HDFS() ResourceType
func ResourceType_DATASYNC_LOCATION_NFS ¶ added in v2.46.0
func ResourceType_DATASYNC_LOCATION_NFS() ResourceType
func ResourceType_DATASYNC_LOCATION_OBJECT_STORAGE ¶ added in v2.51.0
func ResourceType_DATASYNC_LOCATION_OBJECT_STORAGE() ResourceType
func ResourceType_DATASYNC_LOCATION_S3 ¶ added in v2.46.0
func ResourceType_DATASYNC_LOCATION_S3() ResourceType
func ResourceType_DATASYNC_LOCATION_SMB ¶ added in v2.46.0
func ResourceType_DATASYNC_LOCATION_SMB() ResourceType
func ResourceType_DATASYNC_TASK ¶ added in v2.46.0
func ResourceType_DATASYNC_TASK() ResourceType
func ResourceType_DEVICE_FARM_INSTANCE_PROFILE ¶ added in v2.145.0
func ResourceType_DEVICE_FARM_INSTANCE_PROFILE() ResourceType
func ResourceType_DEVICE_FARM_PROJECT ¶ added in v2.145.0
func ResourceType_DEVICE_FARM_PROJECT() ResourceType
func ResourceType_DEVICE_FARM_TEST_GRID_PROJECT ¶ added in v2.145.0
func ResourceType_DEVICE_FARM_TEST_GRID_PROJECT() ResourceType
func ResourceType_DMS_ENDPOINT ¶ added in v2.145.0
func ResourceType_DMS_ENDPOINT() ResourceType
func ResourceType_DMS_EVENT_SUBSCRIPTION ¶ added in v2.37.0
func ResourceType_DMS_EVENT_SUBSCRIPTION() ResourceType
func ResourceType_DMS_REPLICATION_SUBNET_GROUP ¶ added in v2.37.0
func ResourceType_DMS_REPLICATION_SUBNET_GROUP() ResourceType
func ResourceType_DYNAMODB_TABLE ¶
func ResourceType_DYNAMODB_TABLE() ResourceType
func ResourceType_EBS_VOLUME ¶
func ResourceType_EBS_VOLUME() ResourceType
func ResourceType_EC2_CAPACITY_RESERVATION ¶ added in v2.145.0
func ResourceType_EC2_CAPACITY_RESERVATION() ResourceType
func ResourceType_EC2_CARRIER_GATEWAY ¶ added in v2.145.0
func ResourceType_EC2_CARRIER_GATEWAY() ResourceType
func ResourceType_EC2_CLIENT_VPN_ENDPOINT ¶ added in v2.145.0
func ResourceType_EC2_CLIENT_VPN_ENDPOINT() ResourceType
func ResourceType_EC2_CUSTOMER_GATEWAY ¶
func ResourceType_EC2_CUSTOMER_GATEWAY() ResourceType
func ResourceType_EC2_DHCP_OPTIONS ¶ added in v2.145.0
func ResourceType_EC2_DHCP_OPTIONS() ResourceType
func ResourceType_EC2_EC2_FLEET ¶ added in v2.145.0
func ResourceType_EC2_EC2_FLEET() ResourceType
func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY ¶
func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY() ResourceType
func ResourceType_EC2_EIP ¶
func ResourceType_EC2_EIP() ResourceType
func ResourceType_EC2_FLOW_LOG ¶
func ResourceType_EC2_FLOW_LOG() ResourceType
func ResourceType_EC2_HOST ¶
func ResourceType_EC2_HOST() ResourceType
func ResourceType_EC2_INSTANCE ¶
func ResourceType_EC2_INSTANCE() ResourceType
func ResourceType_EC2_INTERNET_GATEWAY ¶
func ResourceType_EC2_INTERNET_GATEWAY() ResourceType
func ResourceType_EC2_IPAM ¶ added in v2.145.0
func ResourceType_EC2_IPAM() ResourceType
func ResourceType_EC2_IPAM_POOL ¶ added in v2.145.0
func ResourceType_EC2_IPAM_POOL() ResourceType
func ResourceType_EC2_IPAM_SCOPE ¶ added in v2.145.0
func ResourceType_EC2_IPAM_SCOPE() ResourceType
func ResourceType_EC2_LAUNCH_TEMPLATE ¶ added in v2.37.0
func ResourceType_EC2_LAUNCH_TEMPLATE() ResourceType
func ResourceType_EC2_NAT_GATEWAY ¶
func ResourceType_EC2_NAT_GATEWAY() ResourceType
func ResourceType_EC2_NETWORK_ACL ¶
func ResourceType_EC2_NETWORK_ACL() ResourceType
func ResourceType_EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS ¶ added in v2.46.0
func ResourceType_EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS() ResourceType
func ResourceType_EC2_NETWORK_INSIGHTS_PATH ¶ added in v2.145.0
func ResourceType_EC2_NETWORK_INSIGHTS_PATH() ResourceType
func ResourceType_EC2_NETWORK_INTERFACE ¶ added in v2.37.0
func ResourceType_EC2_NETWORK_INTERFACE() ResourceType
func ResourceType_EC2_PREFIX_LIST ¶ added in v2.145.0
func ResourceType_EC2_PREFIX_LIST() ResourceType
func ResourceType_EC2_REGISTERED_HA_INSTANCE ¶ added in v2.37.0
func ResourceType_EC2_REGISTERED_HA_INSTANCE() ResourceType
func ResourceType_EC2_ROUTE_TABLE ¶
func ResourceType_EC2_ROUTE_TABLE() ResourceType
func ResourceType_EC2_SECURITY_GROUP ¶
func ResourceType_EC2_SECURITY_GROUP() ResourceType
func ResourceType_EC2_SPOT_FLEET ¶ added in v2.145.0
func ResourceType_EC2_SPOT_FLEET() ResourceType
func ResourceType_EC2_SUBNET ¶
func ResourceType_EC2_SUBNET() ResourceType
func ResourceType_EC2_SUBNET_ROUTE_TABLE_ASSOCIATION ¶ added in v2.145.0
func ResourceType_EC2_SUBNET_ROUTE_TABLE_ASSOCIATION() ResourceType
func ResourceType_EC2_TRAFFIC_MIRROR_FILTER ¶ added in v2.145.0
func ResourceType_EC2_TRAFFIC_MIRROR_FILTER() ResourceType
func ResourceType_EC2_TRAFFIC_MIRROR_SESSION ¶ added in v2.145.0
func ResourceType_EC2_TRAFFIC_MIRROR_SESSION() ResourceType
func ResourceType_EC2_TRAFFIC_MIRROR_TARGET ¶ added in v2.145.0
func ResourceType_EC2_TRAFFIC_MIRROR_TARGET() ResourceType
func ResourceType_EC2_TRANSIT_GATEWAY ¶ added in v2.37.0
func ResourceType_EC2_TRANSIT_GATEWAY() ResourceType
func ResourceType_EC2_TRANSIT_GATEWAY_ATTACHMENT ¶ added in v2.37.0
func ResourceType_EC2_TRANSIT_GATEWAY_ATTACHMENT() ResourceType
func ResourceType_EC2_TRANSIT_GATEWAY_CONNECT ¶ added in v2.145.0
func ResourceType_EC2_TRANSIT_GATEWAY_CONNECT() ResourceType
func ResourceType_EC2_TRANSIT_GATEWAY_MULTICAST_DOMAIN ¶ added in v2.145.0
func ResourceType_EC2_TRANSIT_GATEWAY_MULTICAST_DOMAIN() ResourceType
func ResourceType_EC2_TRANSIT_GATEWAY_ROUTE_TABLE ¶ added in v2.37.0
func ResourceType_EC2_TRANSIT_GATEWAY_ROUTE_TABLE() ResourceType
func ResourceType_EC2_VPC ¶
func ResourceType_EC2_VPC() ResourceType
func ResourceType_EC2_VPC_ENDPOINT ¶
func ResourceType_EC2_VPC_ENDPOINT() ResourceType
func ResourceType_EC2_VPC_ENDPOINT_SERVICE ¶
func ResourceType_EC2_VPC_ENDPOINT_SERVICE() ResourceType
func ResourceType_EC2_VPC_PEERING_CONNECTION ¶
func ResourceType_EC2_VPC_PEERING_CONNECTION() ResourceType
func ResourceType_EC2_VPN_CONNECTION ¶
func ResourceType_EC2_VPN_CONNECTION() ResourceType
func ResourceType_EC2_VPN_GATEWAY ¶
func ResourceType_EC2_VPN_GATEWAY() ResourceType
func ResourceType_ECR_PUBLIC_REPOSITORY ¶ added in v2.37.0
func ResourceType_ECR_PUBLIC_REPOSITORY() ResourceType
func ResourceType_ECR_PULL_THROUGH_CACHE_RULE ¶ added in v2.145.0
func ResourceType_ECR_PULL_THROUGH_CACHE_RULE() ResourceType
func ResourceType_ECR_REGISTRY_POLICY ¶ added in v2.51.0
func ResourceType_ECR_REGISTRY_POLICY() ResourceType
func ResourceType_ECR_REPOSITORY ¶ added in v2.37.0
func ResourceType_ECR_REPOSITORY() ResourceType
func ResourceType_ECS_CAPACITY_PROVIDER ¶ added in v2.145.0
func ResourceType_ECS_CAPACITY_PROVIDER() ResourceType
func ResourceType_ECS_CLUSTER ¶ added in v2.37.0
func ResourceType_ECS_CLUSTER() ResourceType
func ResourceType_ECS_SERVICE ¶ added in v2.37.0
func ResourceType_ECS_SERVICE() ResourceType
func ResourceType_ECS_TASK_DEFINITION ¶ added in v2.37.0
func ResourceType_ECS_TASK_DEFINITION() ResourceType
func ResourceType_ECS_TASK_SET ¶ added in v2.145.0
func ResourceType_ECS_TASK_SET() ResourceType
func ResourceType_EFS_ACCESS_POINT ¶ added in v2.37.0
func ResourceType_EFS_ACCESS_POINT() ResourceType
func ResourceType_EFS_FILE_SYSTEM ¶ added in v2.37.0
func ResourceType_EFS_FILE_SYSTEM() ResourceType
func ResourceType_EKS_ADDON ¶ added in v2.68.0
func ResourceType_EKS_ADDON() ResourceType
func ResourceType_EKS_CLUSTER ¶ added in v2.35.0
func ResourceType_EKS_CLUSTER() ResourceType
func ResourceType_EKS_IDENTITY_PROVIDER_CONFIG ¶ added in v2.68.0
func ResourceType_EKS_IDENTITY_PROVIDER_CONFIG() ResourceType
func ResourceType_ELASTICSEARCH_DOMAIN ¶
func ResourceType_ELASTICSEARCH_DOMAIN() ResourceType
func ResourceType_ELASTIC_BEANSTALK_APPLICATION ¶
func ResourceType_ELASTIC_BEANSTALK_APPLICATION() ResourceType
func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION ¶
func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION() ResourceType
func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT ¶
func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT() ResourceType
func ResourceType_ELBV2_LISTENER ¶ added in v2.37.0
func ResourceType_ELBV2_LISTENER() ResourceType
func ResourceType_ELBV2_LOAD_BALANCER ¶
func ResourceType_ELBV2_LOAD_BALANCER() ResourceType
func ResourceType_ELB_LOAD_BALANCER ¶
func ResourceType_ELB_LOAD_BALANCER() ResourceType
func ResourceType_EMR_SECURITY_CONFIGURATION ¶ added in v2.37.0
func ResourceType_EMR_SECURITY_CONFIGURATION() ResourceType
func ResourceType_EVENTBRIDGE_API_DESTINATION ¶ added in v2.60.0
func ResourceType_EVENTBRIDGE_API_DESTINATION() ResourceType
func ResourceType_EVENTBRIDGE_ARCHIVE ¶ added in v2.60.0
func ResourceType_EVENTBRIDGE_ARCHIVE() ResourceType
func ResourceType_EVENTBRIDGE_ENDPOINT ¶ added in v2.60.0
func ResourceType_EVENTBRIDGE_ENDPOINT() ResourceType
func ResourceType_EVENTBRIDGE_EVENTBUS ¶ added in v2.51.0
func ResourceType_EVENTBRIDGE_EVENTBUS() ResourceType
func ResourceType_EVENTSCHEMAS_DISCOVERER ¶ added in v2.63.0
func ResourceType_EVENTSCHEMAS_DISCOVERER() ResourceType
func ResourceType_EVENTSCHEMAS_REGISTRY ¶ added in v2.63.0
func ResourceType_EVENTSCHEMAS_REGISTRY() ResourceType
func ResourceType_EVENTSCHEMAS_REGISTRY_POLICY ¶ added in v2.63.0
func ResourceType_EVENTSCHEMAS_REGISTRY_POLICY() ResourceType
func ResourceType_EVENTS_CONNECTION ¶ added in v2.145.0
func ResourceType_EVENTS_CONNECTION() ResourceType
func ResourceType_EVENTS_RULE ¶ added in v2.145.0
func ResourceType_EVENTS_RULE() ResourceType
func ResourceType_EVENT_SCHEMAS_SCHEMA ¶ added in v2.145.0
func ResourceType_EVENT_SCHEMAS_SCHEMA() ResourceType
func ResourceType_EVIDENTLY_LAUNCH ¶ added in v2.145.0
func ResourceType_EVIDENTLY_LAUNCH() ResourceType
func ResourceType_EVIDENTLY_PROJECT ¶ added in v2.145.0
func ResourceType_EVIDENTLY_PROJECT() ResourceType
func ResourceType_FIS_EXPERIMENT_TEMPLATE ¶ added in v2.60.0
func ResourceType_FIS_EXPERIMENT_TEMPLATE() ResourceType
func ResourceType_FORECAST_DATASET ¶ added in v2.145.0
func ResourceType_FORECAST_DATASET() ResourceType
func ResourceType_FORECAST_DATASET_GROUP ¶ added in v2.145.0
func ResourceType_FORECAST_DATASET_GROUP() ResourceType
func ResourceType_FRAUDDETECTOR_ENTITY_TYPE ¶ added in v2.63.0
func ResourceType_FRAUDDETECTOR_ENTITY_TYPE() ResourceType
func ResourceType_FRAUDDETECTOR_LABEL ¶ added in v2.63.0
func ResourceType_FRAUDDETECTOR_LABEL() ResourceType
func ResourceType_FRAUDDETECTOR_OUTCOME ¶ added in v2.63.0
func ResourceType_FRAUDDETECTOR_OUTCOME() ResourceType
func ResourceType_FRAUDDETECTOR_VARIABLE ¶ added in v2.63.0
func ResourceType_FRAUDDETECTOR_VARIABLE() ResourceType
func ResourceType_GLOBALACCELERATOR_ACCELERATOR ¶ added in v2.37.0
func ResourceType_GLOBALACCELERATOR_ACCELERATOR() ResourceType
func ResourceType_GLOBALACCELERATOR_ENDPOINT_GROUP ¶ added in v2.37.0
func ResourceType_GLOBALACCELERATOR_ENDPOINT_GROUP() ResourceType
func ResourceType_GLOBALACCELERATOR_LISTENER ¶ added in v2.37.0
func ResourceType_GLOBALACCELERATOR_LISTENER() ResourceType
func ResourceType_GLUE_CLASSIFIER ¶ added in v2.51.0
func ResourceType_GLUE_CLASSIFIER() ResourceType
func ResourceType_GLUE_JOB ¶ added in v2.51.0
func ResourceType_GLUE_JOB() ResourceType
func ResourceType_GLUE_ML_TRANSFORM ¶ added in v2.68.0
func ResourceType_GLUE_ML_TRANSFORM() ResourceType
func ResourceType_GRAFANA_WORKSPACE ¶ added in v2.145.0
func ResourceType_GRAFANA_WORKSPACE() ResourceType
func ResourceType_GREENGRASSV2_COMPONENT_VERSION ¶ added in v2.145.0
func ResourceType_GREENGRASSV2_COMPONENT_VERSION() ResourceType
func ResourceType_GROUNDSTATION_MISSION_PROFILE ¶ added in v2.145.0
func ResourceType_GROUNDSTATION_MISSION_PROFILE() ResourceType
func ResourceType_GROUND_STATION_CONFIG ¶ added in v2.145.0
func ResourceType_GROUND_STATION_CONFIG() ResourceType
func ResourceType_GUARDDUTY_DETECTOR ¶ added in v2.37.0
func ResourceType_GUARDDUTY_DETECTOR() ResourceType
func ResourceType_GUARDDUTY_FILTER ¶ added in v2.60.0
func ResourceType_GUARDDUTY_FILTER() ResourceType
func ResourceType_GUARDDUTY_IP_SET ¶ added in v2.46.0
func ResourceType_GUARDDUTY_IP_SET() ResourceType
func ResourceType_GUARDDUTY_THREAT_INTEL_SET ¶ added in v2.46.0
func ResourceType_GUARDDUTY_THREAT_INTEL_SET() ResourceType
func ResourceType_HEALTH_LAKE_FHIR_DATASTORE ¶ added in v2.145.0
func ResourceType_HEALTH_LAKE_FHIR_DATASTORE() ResourceType
func ResourceType_IAM_ACCESSANALYZER_ANALYZER ¶ added in v2.37.0
func ResourceType_IAM_ACCESSANALYZER_ANALYZER() ResourceType
func ResourceType_IAM_GROUP ¶
func ResourceType_IAM_GROUP() ResourceType
func ResourceType_IAM_INSTANCE_PROFILE ¶ added in v2.145.0
func ResourceType_IAM_INSTANCE_PROFILE() ResourceType
func ResourceType_IAM_POLICY ¶
func ResourceType_IAM_POLICY() ResourceType
func ResourceType_IAM_ROLE ¶
func ResourceType_IAM_ROLE() ResourceType
func ResourceType_IAM_SAML_PROVIDER ¶ added in v2.145.0
func ResourceType_IAM_SAML_PROVIDER() ResourceType
func ResourceType_IAM_SERVER_CERTIFICATE ¶ added in v2.145.0
func ResourceType_IAM_SERVER_CERTIFICATE() ResourceType
func ResourceType_IAM_USER ¶
func ResourceType_IAM_USER() ResourceType
func ResourceType_IMAGEBUILDER_CONTAINER_RECIPE ¶ added in v2.51.0
func ResourceType_IMAGEBUILDER_CONTAINER_RECIPE() ResourceType
func ResourceType_IMAGEBUILDER_DISTRIBUTION_CONFIGURATION ¶ added in v2.51.0
func ResourceType_IMAGEBUILDER_DISTRIBUTION_CONFIGURATION() ResourceType
func ResourceType_IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION ¶ added in v2.51.0
func ResourceType_IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION() ResourceType
func ResourceType_IMAGE_BUILDER_IMAGE_PIPELINE ¶ added in v2.145.0
func ResourceType_IMAGE_BUILDER_IMAGE_PIPELINE() ResourceType
func ResourceType_INSPECTORV2_FILTER ¶ added in v2.145.0
func ResourceType_INSPECTORV2_FILTER() ResourceType
func ResourceType_IOT_ACCOUNT_AUDIT_CONFIGURATION ¶ added in v2.145.0
func ResourceType_IOT_ACCOUNT_AUDIT_CONFIGURATION() ResourceType
func ResourceType_IOT_ANALYTICS_CHANNEL ¶ added in v2.68.0
func ResourceType_IOT_ANALYTICS_CHANNEL() ResourceType
func ResourceType_IOT_ANALYTICS_DATASET ¶ added in v2.68.0
func ResourceType_IOT_ANALYTICS_DATASET() ResourceType
func ResourceType_IOT_ANALYTICS_DATASTORE ¶ added in v2.63.0
func ResourceType_IOT_ANALYTICS_DATASTORE() ResourceType
func ResourceType_IOT_ANALYTICS_PIPELINE ¶ added in v2.68.0
func ResourceType_IOT_ANALYTICS_PIPELINE() ResourceType
func ResourceType_IOT_AUTHORIZER ¶ added in v2.63.0
func ResourceType_IOT_AUTHORIZER() ResourceType
func ResourceType_IOT_CA_CERTIFICATE ¶ added in v2.145.0
func ResourceType_IOT_CA_CERTIFICATE() ResourceType
func ResourceType_IOT_CUSTOM_METRIC ¶ added in v2.145.0
func ResourceType_IOT_CUSTOM_METRIC() ResourceType
func ResourceType_IOT_DIMENSION ¶ added in v2.63.0
func ResourceType_IOT_DIMENSION() ResourceType
func ResourceType_IOT_EVENTS_ALARM_MODEL ¶ added in v2.51.0
func ResourceType_IOT_EVENTS_ALARM_MODEL() ResourceType
func ResourceType_IOT_EVENTS_DETECTOR_MODEL ¶ added in v2.51.0
func ResourceType_IOT_EVENTS_DETECTOR_MODEL() ResourceType
func ResourceType_IOT_EVENTS_INPUT ¶ added in v2.51.0
func ResourceType_IOT_EVENTS_INPUT() ResourceType
func ResourceType_IOT_FLEET_METRIC ¶ added in v2.145.0
func ResourceType_IOT_FLEET_METRIC() ResourceType
func ResourceType_IOT_JOB_TEMPLATE ¶ added in v2.145.0
func ResourceType_IOT_JOB_TEMPLATE() ResourceType
func ResourceType_IOT_MITIGATION_ACTION ¶ added in v2.68.0
func ResourceType_IOT_MITIGATION_ACTION() ResourceType
func ResourceType_IOT_POLICY ¶ added in v2.68.0
func ResourceType_IOT_POLICY() ResourceType
func ResourceType_IOT_PROVISIONING_TEMPLATE ¶ added in v2.145.0
func ResourceType_IOT_PROVISIONING_TEMPLATE() ResourceType
func ResourceType_IOT_ROLE_ALIAS ¶ added in v2.63.0
func ResourceType_IOT_ROLE_ALIAS() ResourceType
func ResourceType_IOT_SCHEDULED_AUDIT ¶ added in v2.145.0
func ResourceType_IOT_SCHEDULED_AUDIT() ResourceType
func ResourceType_IOT_SECURITY_PROFILE ¶ added in v2.63.0
func ResourceType_IOT_SECURITY_PROFILE() ResourceType
func ResourceType_IOT_SITEWISE_ASSETMODEL ¶ added in v2.68.0
func ResourceType_IOT_SITEWISE_ASSETMODEL() ResourceType
func ResourceType_IOT_SITEWISE_DASHBOARD ¶ added in v2.68.0
func ResourceType_IOT_SITEWISE_DASHBOARD() ResourceType
func ResourceType_IOT_SITEWISE_GATEWAY ¶ added in v2.145.0
func ResourceType_IOT_SITEWISE_GATEWAY() ResourceType
func ResourceType_IOT_SITEWISE_PORTAL ¶ added in v2.68.0
func ResourceType_IOT_SITEWISE_PORTAL() ResourceType
func ResourceType_IOT_SITEWISE_PROJECT ¶ added in v2.68.0
func ResourceType_IOT_SITEWISE_PROJECT() ResourceType
func ResourceType_IOT_TWINMAKER_ENTITY ¶ added in v2.68.0
func ResourceType_IOT_TWINMAKER_ENTITY() ResourceType
func ResourceType_IOT_TWINMAKER_WORKSPACE ¶ added in v2.68.0
func ResourceType_IOT_TWINMAKER_WORKSPACE() ResourceType
func ResourceType_IOT_TWIN_MAKER_COMPONENT_TYPE ¶ added in v2.145.0
func ResourceType_IOT_TWIN_MAKER_COMPONENT_TYPE() ResourceType
func ResourceType_IOT_TWIN_MAKER_SCENE ¶ added in v2.145.0
func ResourceType_IOT_TWIN_MAKER_SCENE() ResourceType
func ResourceType_IOT_TWIN_MAKER_SYNC_JOB ¶ added in v2.145.0
func ResourceType_IOT_TWIN_MAKER_SYNC_JOB() ResourceType
func ResourceType_IOT_WIRELESS_FUOTA_TASK ¶ added in v2.145.0
func ResourceType_IOT_WIRELESS_FUOTA_TASK() ResourceType
func ResourceType_IOT_WIRELESS_MULTICAST_GROUP ¶ added in v2.145.0
func ResourceType_IOT_WIRELESS_MULTICAST_GROUP() ResourceType
func ResourceType_IOT_WIRELESS_SERVICE_PROFILE ¶ added in v2.145.0
func ResourceType_IOT_WIRELESS_SERVICE_PROFILE() ResourceType
func ResourceType_IVS_CHANNEL ¶ added in v2.68.0
func ResourceType_IVS_CHANNEL() ResourceType
func ResourceType_IVS_PLAYBACK_KEYPAIR ¶ added in v2.68.0
func ResourceType_IVS_PLAYBACK_KEYPAIR() ResourceType
func ResourceType_IVS_RECORDING_CONFIGURATION ¶ added in v2.68.0
func ResourceType_IVS_RECORDING_CONFIGURATION() ResourceType
func ResourceType_KAFKA_CONNECT_CONNECTOR ¶ added in v2.145.0
func ResourceType_KAFKA_CONNECT_CONNECTOR() ResourceType
func ResourceType_KENDRA_INDEX ¶ added in v2.145.0
func ResourceType_KENDRA_INDEX() ResourceType
func ResourceType_KINESIS_ANALYTICS_V2_APPLICATION ¶ added in v2.68.0
func ResourceType_KINESIS_ANALYTICS_V2_APPLICATION() ResourceType
func ResourceType_KINESIS_FIREHOSE_DELIVERY_STREAM ¶ added in v2.145.0
func ResourceType_KINESIS_FIREHOSE_DELIVERY_STREAM() ResourceType
func ResourceType_KINESIS_STREAM ¶ added in v2.37.0
func ResourceType_KINESIS_STREAM() ResourceType
func ResourceType_KINESIS_STREAM_CONSUMER ¶ added in v2.37.0
func ResourceType_KINESIS_STREAM_CONSUMER() ResourceType
func ResourceType_KINESIS_VIDEO_SIGNALING_CHANNEL ¶ added in v2.145.0
func ResourceType_KINESIS_VIDEO_SIGNALING_CHANNEL() ResourceType
func ResourceType_KINESIS_VIDEO_STREAM ¶ added in v2.145.0
func ResourceType_KINESIS_VIDEO_STREAM() ResourceType
func ResourceType_KMS_ALIAS ¶ added in v2.145.0
func ResourceType_KMS_ALIAS() ResourceType
func ResourceType_KMS_KEY ¶
func ResourceType_KMS_KEY() ResourceType
func ResourceType_LAMBDA_CODE_SIGNING_CONFIG ¶ added in v2.145.0
func ResourceType_LAMBDA_CODE_SIGNING_CONFIG() ResourceType
func ResourceType_LAMBDA_FUNCTION ¶
func ResourceType_LAMBDA_FUNCTION() ResourceType
func ResourceType_LEX_BOT ¶ added in v2.145.0
func ResourceType_LEX_BOT() ResourceType
func ResourceType_LEX_BOT_ALIAS ¶ added in v2.145.0
func ResourceType_LEX_BOT_ALIAS() ResourceType
func ResourceType_LIGHTSAIL_BUCKET ¶ added in v2.63.0
func ResourceType_LIGHTSAIL_BUCKET() ResourceType
func ResourceType_LIGHTSAIL_CERTIFICATE ¶ added in v2.60.0
func ResourceType_LIGHTSAIL_CERTIFICATE() ResourceType
func ResourceType_LIGHTSAIL_DISK ¶ added in v2.60.0
func ResourceType_LIGHTSAIL_DISK() ResourceType
func ResourceType_LIGHTSAIL_STATIC_IP ¶ added in v2.63.0
func ResourceType_LIGHTSAIL_STATIC_IP() ResourceType
func ResourceType_LOGS_DESTINATION ¶ added in v2.145.0
func ResourceType_LOGS_DESTINATION() ResourceType
func ResourceType_LOOKOUT_METRICS_ALERT ¶ added in v2.145.0
func ResourceType_LOOKOUT_METRICS_ALERT() ResourceType
func ResourceType_LOOKOUT_VISION_PROJECT ¶ added in v2.145.0
func ResourceType_LOOKOUT_VISION_PROJECT() ResourceType
func ResourceType_MEDIACONNECT_FLOW_ENTITLEMENT ¶ added in v2.145.0
func ResourceType_MEDIACONNECT_FLOW_ENTITLEMENT() ResourceType
func ResourceType_MEDIACONNECT_FLOW_VPC_INTERFACE ¶ added in v2.145.0
func ResourceType_MEDIACONNECT_FLOW_VPC_INTERFACE() ResourceType
func ResourceType_MEDIAPACKAGE_PACKAGING_GROUP ¶ added in v2.63.0
func ResourceType_MEDIAPACKAGE_PACKAGING_GROUP() ResourceType
func ResourceType_MEDIATAILOR_PLAYBACK_CONFIGURATION ¶ added in v2.145.0
func ResourceType_MEDIATAILOR_PLAYBACK_CONFIGURATION() ResourceType
func ResourceType_MEDIA_CONNECT_FLOW_SOURCE ¶ added in v2.145.0
func ResourceType_MEDIA_CONNECT_FLOW_SOURCE() ResourceType
func ResourceType_MEDIA_PACKAGE_PACKAGING_CONFIGURATION ¶ added in v2.145.0
func ResourceType_MEDIA_PACKAGE_PACKAGING_CONFIGURATION() ResourceType
func ResourceType_MSK_BATCH_SCRAM_SECRET ¶ added in v2.145.0
func ResourceType_MSK_BATCH_SCRAM_SECRET() ResourceType
func ResourceType_MSK_CLUSTER ¶ added in v2.37.0
func ResourceType_MSK_CLUSTER() ResourceType
func ResourceType_MSK_CONFIGURATION ¶ added in v2.145.0
func ResourceType_MSK_CONFIGURATION() ResourceType
func ResourceType_NETWORK_FIREWALL_FIREWALL ¶ added in v2.63.0
func ResourceType_NETWORK_FIREWALL_FIREWALL() ResourceType
func ResourceType_NETWORK_FIREWALL_FIREWALL_POLICY ¶ added in v2.63.0
func ResourceType_NETWORK_FIREWALL_FIREWALL_POLICY() ResourceType
func ResourceType_NETWORK_FIREWALL_RULE_GROUP ¶ added in v2.63.0
func ResourceType_NETWORK_FIREWALL_RULE_GROUP() ResourceType
func ResourceType_NETWORK_FIREWALL_TLS_INSPECTION_CONFIGURATION ¶ added in v2.145.0
func ResourceType_NETWORK_FIREWALL_TLS_INSPECTION_CONFIGURATION() ResourceType
func ResourceType_NETWORK_MANAGER_CONNECT_PEER ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_CONNECT_PEER() ResourceType
func ResourceType_NETWORK_MANAGER_CUSTOMER_GATEWAY_ASSOCIATION ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_CUSTOMER_GATEWAY_ASSOCIATION() ResourceType
func ResourceType_NETWORK_MANAGER_DEVICE ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_DEVICE() ResourceType
func ResourceType_NETWORK_MANAGER_GLOBAL_NETWORK ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_GLOBAL_NETWORK() ResourceType
func ResourceType_NETWORK_MANAGER_LINK ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_LINK() ResourceType
func ResourceType_NETWORK_MANAGER_LINK_ASSOCIATION ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_LINK_ASSOCIATION() ResourceType
func ResourceType_NETWORK_MANAGER_SITE ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_SITE() ResourceType
func ResourceType_NETWORK_MANAGER_TRANSIT_GATEWAY_REGISTRATION ¶ added in v2.145.0
func ResourceType_NETWORK_MANAGER_TRANSIT_GATEWAY_REGISTRATION() ResourceType
func ResourceType_OPENSEARCH_DOMAIN ¶ added in v2.37.0
func ResourceType_OPENSEARCH_DOMAIN() ResourceType
func ResourceType_Of ¶
func ResourceType_Of(type_ *string) ResourceType
A custom resource type to support future cases.
func ResourceType_PANORAMA_PACKAGE ¶ added in v2.145.0
func ResourceType_PANORAMA_PACKAGE() ResourceType
func ResourceType_PERSONALIZE_DATASET ¶ added in v2.145.0
func ResourceType_PERSONALIZE_DATASET() ResourceType
func ResourceType_PERSONALIZE_DATASET_GROUP ¶ added in v2.145.0
func ResourceType_PERSONALIZE_DATASET_GROUP() ResourceType
func ResourceType_PERSONALIZE_SCHEMA ¶ added in v2.145.0
func ResourceType_PERSONALIZE_SCHEMA() ResourceType
func ResourceType_PERSONALIZE_SOLUTION ¶ added in v2.145.0
func ResourceType_PERSONALIZE_SOLUTION() ResourceType
func ResourceType_PINPOINT_APP ¶ added in v2.145.0
func ResourceType_PINPOINT_APP() ResourceType
func ResourceType_PINPOINT_APPLICATION_SETTINGS ¶ added in v2.145.0
func ResourceType_PINPOINT_APPLICATION_SETTINGS() ResourceType
func ResourceType_PINPOINT_CAMPAIGN ¶ added in v2.145.0
func ResourceType_PINPOINT_CAMPAIGN() ResourceType
func ResourceType_PINPOINT_EMAIL_CHANNEL ¶ added in v2.145.0
func ResourceType_PINPOINT_EMAIL_CHANNEL() ResourceType
func ResourceType_PINPOINT_EMAIL_TEMPLATE ¶ added in v2.145.0
func ResourceType_PINPOINT_EMAIL_TEMPLATE() ResourceType
func ResourceType_PINPOINT_EVENT_STREAM ¶ added in v2.145.0
func ResourceType_PINPOINT_EVENT_STREAM() ResourceType
func ResourceType_PINPOINT_IN_APP_TEMPLATE ¶ added in v2.145.0
func ResourceType_PINPOINT_IN_APP_TEMPLATE() ResourceType
func ResourceType_PINPOINT_SEGMENT ¶ added in v2.145.0
func ResourceType_PINPOINT_SEGMENT() ResourceType
func ResourceType_QLDB_LEDGER ¶
func ResourceType_QLDB_LEDGER() ResourceType
func ResourceType_RDS_DB_CLUSTER ¶
func ResourceType_RDS_DB_CLUSTER() ResourceType
func ResourceType_RDS_DB_CLUSTER_SNAPSHOT ¶
func ResourceType_RDS_DB_CLUSTER_SNAPSHOT() ResourceType
func ResourceType_RDS_DB_INSTANCE ¶
func ResourceType_RDS_DB_INSTANCE() ResourceType
func ResourceType_RDS_DB_SECURITY_GROUP ¶
func ResourceType_RDS_DB_SECURITY_GROUP() ResourceType
func ResourceType_RDS_DB_SNAPSHOT ¶
func ResourceType_RDS_DB_SNAPSHOT() ResourceType
func ResourceType_RDS_DB_SUBNET_GROUP ¶
func ResourceType_RDS_DB_SUBNET_GROUP() ResourceType
func ResourceType_RDS_EVENT_SUBSCRIPTION ¶
func ResourceType_RDS_EVENT_SUBSCRIPTION() ResourceType
func ResourceType_RDS_GLOBAL_CLUSTER ¶ added in v2.68.0
func ResourceType_RDS_GLOBAL_CLUSTER() ResourceType
func ResourceType_RDS_OPTION_GROUP ¶ added in v2.145.0
func ResourceType_RDS_OPTION_GROUP() ResourceType
func ResourceType_REDSHIFT_CLUSTER ¶
func ResourceType_REDSHIFT_CLUSTER() ResourceType
func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP ¶
func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP() ResourceType
func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP ¶
func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP() ResourceType
func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT ¶
func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT() ResourceType
func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP ¶
func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP() ResourceType
func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION ¶
func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION() ResourceType
func ResourceType_REDSHIFT_SCHEDULED_ACTION ¶ added in v2.145.0
func ResourceType_REDSHIFT_SCHEDULED_ACTION() ResourceType
func ResourceType_RESILIENCEHUB_APP ¶ added in v2.145.0
func ResourceType_RESILIENCEHUB_APP() ResourceType
func ResourceType_RESILIENCEHUB_RESILIENCY_POLICY ¶ added in v2.63.0
func ResourceType_RESILIENCEHUB_RESILIENCY_POLICY() ResourceType
func ResourceType_RESOURCE_EXPLORER2_INDEX ¶ added in v2.145.0
func ResourceType_RESOURCE_EXPLORER2_INDEX() ResourceType
func ResourceType_ROBO_MAKER_ROBOT_APPLICATION ¶ added in v2.145.0
func ResourceType_ROBO_MAKER_ROBOT_APPLICATION() ResourceType
func ResourceType_ROBO_MAKER_ROBOT_APPLICATION_VERSION ¶ added in v2.145.0
func ResourceType_ROBO_MAKER_ROBOT_APPLICATION_VERSION() ResourceType
func ResourceType_ROBO_MAKER_SIMULATION_APPLICATION ¶ added in v2.145.0
func ResourceType_ROBO_MAKER_SIMULATION_APPLICATION() ResourceType
func ResourceType_ROUTE53_HEALTH_CHECK ¶ added in v2.51.0
func ResourceType_ROUTE53_HEALTH_CHECK() ResourceType
func ResourceType_ROUTE53_HOSTED_ZONE ¶ added in v2.51.0
func ResourceType_ROUTE53_HOSTED_ZONE() ResourceType
func ResourceType_ROUTE53_RECOVERY_CONTROL_CLUSTER ¶ added in v2.145.0
func ResourceType_ROUTE53_RECOVERY_CONTROL_CLUSTER() ResourceType
func ResourceType_ROUTE53_RECOVERY_CONTROL_CONTROL_PANEL ¶ added in v2.145.0
func ResourceType_ROUTE53_RECOVERY_CONTROL_CONTROL_PANEL() ResourceType
func ResourceType_ROUTE53_RECOVERY_CONTROL_ROUTING_CONTROL ¶ added in v2.145.0
func ResourceType_ROUTE53_RECOVERY_CONTROL_ROUTING_CONTROL() ResourceType
func ResourceType_ROUTE53_RECOVERY_CONTROL_SAFETY_RULE ¶ added in v2.145.0
func ResourceType_ROUTE53_RECOVERY_CONTROL_SAFETY_RULE() ResourceType
func ResourceType_ROUTE53_RECOVERY_READINESS_CELL ¶ added in v2.51.0
func ResourceType_ROUTE53_RECOVERY_READINESS_CELL() ResourceType
func ResourceType_ROUTE53_RECOVERY_READINESS_READINESS_CHECK ¶ added in v2.51.0
func ResourceType_ROUTE53_RECOVERY_READINESS_READINESS_CHECK() ResourceType
func ResourceType_ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP ¶ added in v2.63.0
func ResourceType_ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP() ResourceType
func ResourceType_ROUTE53_RECOVERY_READINESS_RESOURCE_SET ¶ added in v2.145.0
func ResourceType_ROUTE53_RECOVERY_READINESS_RESOURCE_SET() ResourceType
func ResourceType_ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST ¶ added in v2.145.0
func ResourceType_ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST() ResourceType
func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP ¶ added in v2.145.0
func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP() ResourceType
func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION ¶ added in v2.145.0
func ResourceType_ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION() ResourceType
func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG ¶ added in v2.145.0
func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG() ResourceType
func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG_ASSOCIATION ¶ added in v2.145.0
func ResourceType_ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG_ASSOCIATION() ResourceType
func ResourceType_ROUTE53_RESOLVER_RESOLVER_ENDPOINT ¶ added in v2.37.0
func ResourceType_ROUTE53_RESOLVER_RESOLVER_ENDPOINT() ResourceType
func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE ¶ added in v2.37.0
func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE() ResourceType
func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION ¶ added in v2.37.0
func ResourceType_ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION() ResourceType
func ResourceType_S3_ACCESS_POINT ¶ added in v2.145.0
func ResourceType_S3_ACCESS_POINT() ResourceType
func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK ¶
func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK() ResourceType
func ResourceType_S3_BUCKET ¶
func ResourceType_S3_BUCKET() ResourceType
func ResourceType_S3_MULTIREGION_ACCESS_POINT ¶ added in v2.68.0
func ResourceType_S3_MULTIREGION_ACCESS_POINT() ResourceType
func ResourceType_S3_STORAGE_LENS ¶ added in v2.145.0
func ResourceType_S3_STORAGE_LENS() ResourceType
func ResourceType_SAGEMAKER_CODE_REPOSITORY ¶ added in v2.37.0
func ResourceType_SAGEMAKER_CODE_REPOSITORY() ResourceType
func ResourceType_SAGEMAKER_DOMAIN ¶ added in v2.145.0
func ResourceType_SAGEMAKER_DOMAIN() ResourceType
func ResourceType_SAGEMAKER_FEATURE_GROUP ¶ added in v2.145.0
func ResourceType_SAGEMAKER_FEATURE_GROUP() ResourceType
func ResourceType_SAGEMAKER_MODEL ¶ added in v2.37.0
func ResourceType_SAGEMAKER_MODEL() ResourceType
func ResourceType_SAGEMAKER_NOTEBOOK_INSTANCE ¶ added in v2.37.0
func ResourceType_SAGEMAKER_NOTEBOOK_INSTANCE() ResourceType
func ResourceType_SAGEMAKER_WORKTEAM ¶ added in v2.46.0
func ResourceType_SAGEMAKER_WORKTEAM() ResourceType
func ResourceType_SAGE_MAKER_APP_IMAGE_CONFIG ¶ added in v2.145.0
func ResourceType_SAGE_MAKER_APP_IMAGE_CONFIG() ResourceType
func ResourceType_SAGE_MAKER_IMAGE ¶ added in v2.145.0
func ResourceType_SAGE_MAKER_IMAGE() ResourceType
func ResourceType_SECRETS_MANAGER_SECRET ¶
func ResourceType_SECRETS_MANAGER_SECRET() ResourceType
func ResourceType_SERVICEDISCOVERY_HTTP_NAMESPACE ¶ added in v2.51.0
func ResourceType_SERVICEDISCOVERY_HTTP_NAMESPACE() ResourceType
func ResourceType_SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE ¶ added in v2.46.0
func ResourceType_SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE() ResourceType
func ResourceType_SERVICEDISCOVERY_SERVICE ¶ added in v2.46.0
func ResourceType_SERVICEDISCOVERY_SERVICE() ResourceType
func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT ¶
func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT() ResourceType
func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT ¶
func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT() ResourceType
func ResourceType_SERVICE_CATALOG_PORTFOLIO ¶
func ResourceType_SERVICE_CATALOG_PORTFOLIO() ResourceType
func ResourceType_SERVICE_DISCOVERY_INSTANCE ¶ added in v2.145.0
func ResourceType_SERVICE_DISCOVERY_INSTANCE() ResourceType
func ResourceType_SES_CONFIGURATION_SET ¶ added in v2.46.0
func ResourceType_SES_CONFIGURATION_SET() ResourceType
func ResourceType_SES_CONTACT_LIST ¶ added in v2.46.0
func ResourceType_SES_CONTACT_LIST() ResourceType
func ResourceType_SES_RECEIPT_FILTER ¶ added in v2.60.0
func ResourceType_SES_RECEIPT_FILTER() ResourceType
func ResourceType_SES_RECEIPT_RECEIPT_RULE_SET ¶ added in v2.60.0
func ResourceType_SES_RECEIPT_RECEIPT_RULE_SET() ResourceType
func ResourceType_SES_TEMPLATE ¶ added in v2.60.0
func ResourceType_SES_TEMPLATE() ResourceType
func ResourceType_SHIELD_PROTECTION ¶
func ResourceType_SHIELD_PROTECTION() ResourceType
func ResourceType_SHIELD_REGIONAL_PROTECTION ¶
func ResourceType_SHIELD_REGIONAL_PROTECTION() ResourceType
func ResourceType_SIGNER_SIGNING_PROFILE ¶ added in v2.145.0
func ResourceType_SIGNER_SIGNING_PROFILE() ResourceType
func ResourceType_SNS_TOPIC ¶
func ResourceType_SNS_TOPIC() ResourceType
func ResourceType_SQS_QUEUE ¶
func ResourceType_SQS_QUEUE() ResourceType
func ResourceType_STEPFUNCTIONS_ACTIVITY ¶ added in v2.37.0
func ResourceType_STEPFUNCTIONS_ACTIVITY() ResourceType
func ResourceType_STEPFUNCTIONS_STATE_MACHINE ¶ added in v2.37.0
func ResourceType_STEPFUNCTIONS_STATE_MACHINE() ResourceType
func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE ¶
func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE() ResourceType
func ResourceType_SYSTEMS_MANAGER_FILE_DATA ¶
func ResourceType_SYSTEMS_MANAGER_FILE_DATA() ResourceType
func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY ¶
func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY() ResourceType
func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE ¶
func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE() ResourceType
func ResourceType_TRANSFER_AGREEMENT ¶ added in v2.145.0
func ResourceType_TRANSFER_AGREEMENT() ResourceType
func ResourceType_TRANSFER_CERTIFICATE ¶ added in v2.145.0
func ResourceType_TRANSFER_CERTIFICATE() ResourceType
func ResourceType_TRANSFER_CONNECTOR ¶ added in v2.145.0
func ResourceType_TRANSFER_CONNECTOR() ResourceType
func ResourceType_TRANSFER_WORKFLOW ¶ added in v2.63.0
func ResourceType_TRANSFER_WORKFLOW() ResourceType
func ResourceType_WAFV2_IP_SET ¶ added in v2.37.0
func ResourceType_WAFV2_IP_SET() ResourceType
func ResourceType_WAFV2_MANAGED_RULE_SET ¶
func ResourceType_WAFV2_MANAGED_RULE_SET() ResourceType
func ResourceType_WAFV2_REGEX_PATTERN_SET ¶ added in v2.37.0
func ResourceType_WAFV2_REGEX_PATTERN_SET() ResourceType
func ResourceType_WAFV2_RULE_GROUP ¶
func ResourceType_WAFV2_RULE_GROUP() ResourceType
func ResourceType_WAFV2_WEB_ACL ¶
func ResourceType_WAFV2_WEB_ACL() ResourceType
func ResourceType_WAF_RATE_BASED_RULE ¶
func ResourceType_WAF_RATE_BASED_RULE() ResourceType
func ResourceType_WAF_REGIONAL_RATE_BASED_RULE ¶
func ResourceType_WAF_REGIONAL_RATE_BASED_RULE() ResourceType
func ResourceType_WAF_REGIONAL_RULE ¶
func ResourceType_WAF_REGIONAL_RULE() ResourceType
func ResourceType_WAF_REGIONAL_RULE_GROUP ¶
func ResourceType_WAF_REGIONAL_RULE_GROUP() ResourceType
func ResourceType_WAF_REGIONAL_WEB_ACL ¶
func ResourceType_WAF_REGIONAL_WEB_ACL() ResourceType
func ResourceType_WAF_RULE ¶
func ResourceType_WAF_RULE() ResourceType
func ResourceType_WAF_RULE_GROUP ¶
func ResourceType_WAF_RULE_GROUP() ResourceType
func ResourceType_WAF_WEB_ACL ¶
func ResourceType_WAF_WEB_ACL() ResourceType
func ResourceType_WORKSPACES_CONNECTION_ALIAS ¶ added in v2.37.0
func ResourceType_WORKSPACES_CONNECTION_ALIAS() ResourceType
func ResourceType_WORKSPACES_WORKSPACE ¶ added in v2.37.0
func ResourceType_WORKSPACES_WORKSPACE() ResourceType
func ResourceType_XRAY_ENCRYPTION_CONFIGURATION ¶
func ResourceType_XRAY_ENCRYPTION_CONFIGURATION() ResourceType
type RuleProps ¶
type RuleProps struct {
// A name for the AWS Config rule.
// Default: - CloudFormation generated name.
//
ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
// A description about this AWS Config rule.
// Default: - No description.
//
Description *string `field:"optional" json:"description" yaml:"description"`
// The modes the AWS Config rule can be evaluated in.
//
// The valid values are distinct objects.
// Default: - Detective evaluation mode only.
//
EvaluationModes EvaluationMode `field:"optional" json:"evaluationModes" yaml:"evaluationModes"`
// Input parameter values that are passed to the AWS Config rule.
// Default: - No input parameters.
//
InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
// The maximum frequency at which the AWS Config rule runs evaluations.
// Default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS
//
MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
// Defines which resources trigger an evaluation for an AWS Config rule.
// Default: - evaluations for the rule are triggered when any resource in the recording group changes.
//
RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
}
Construction properties for a new rule.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
var evaluationMode evaluationMode
var inputParameters interface{}
var ruleScope ruleScope
ruleProps := &RuleProps{
ConfigRuleName: jsii.String("configRuleName"),
Description: jsii.String("description"),
EvaluationModes: evaluationMode,
InputParameters: map[string]interface{}{
"inputParametersKey": inputParameters,
},
MaximumExecutionFrequency: awscdk.Aws_config.MaximumExecutionFrequency_ONE_HOUR,
RuleScope: ruleScope,
}
type RuleScope ¶
type RuleScope interface {
// tag key applied to resources that will trigger evaluation of a rule.
Key() *string
// ID of the only AWS resource that will trigger evaluation of a rule.
ResourceId() *string
// Resource types that will trigger evaluation of a rule.
ResourceTypes() *[]ResourceType
// tag value applied to resources that will trigger evaluation of a rule.
Value() *string
}
Determines which resources trigger an evaluation of an AWS Config rule.
Example:
// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &FunctionProps{
Code: lambda.AssetCode_FromInline(jsii.String("exports.handler = (event) => console.log(event);")),
Handler: jsii.String("index.handler"),
Runtime: lambda.Runtime_NODEJS_18_X(),
})
// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &CustomRuleProps{
ConfigurationChanges: jsii.Boolean(true),
LambdaFunction: evalComplianceFn,
RuleScope: config.RuleScope_FromResource(config.ResourceType_EC2_INSTANCE()),
})
func RuleScope_FromResource ¶
func RuleScope_FromResource(resourceType ResourceType, resourceId *string) RuleScope
restricts scope of changes to a specific resource type or resource identifier.
func RuleScope_FromResources ¶
func RuleScope_FromResources(resourceTypes *[]ResourceType) RuleScope
restricts scope of changes to specific resource types.
func RuleScope_FromTag ¶
restricts scope of changes to a specific tag.
Source Files
¶
- AccessKeysRotated.go
- AccessKeysRotatedProps.go
- AccessKeysRotated__checks.go
- CfnAggregationAuthorization.go
- CfnAggregationAuthorizationProps.go
- CfnAggregationAuthorization__checks.go
- CfnConfigRule.go
- CfnConfigRuleProps.go
- CfnConfigRule_ComplianceProperty.go
- CfnConfigRule_CustomPolicyDetailsProperty.go
- CfnConfigRule_EvaluationModeConfigurationProperty.go
- CfnConfigRule_ScopeProperty.go
- CfnConfigRule_SourceDetailProperty.go
- CfnConfigRule_SourceProperty.go
- CfnConfigRule__checks.go
- CfnConfigurationAggregator.go
- CfnConfigurationAggregatorProps.go
- CfnConfigurationAggregator_AccountAggregationSourceProperty.go
- CfnConfigurationAggregator_OrganizationAggregationSourceProperty.go
- CfnConfigurationAggregator__checks.go
- CfnConfigurationRecorder.go
- CfnConfigurationRecorderProps.go
- CfnConfigurationRecorder_ExclusionByResourceTypesProperty.go
- CfnConfigurationRecorder_RecordingGroupProperty.go
- CfnConfigurationRecorder_RecordingModeOverrideProperty.go
- CfnConfigurationRecorder_RecordingModeProperty.go
- CfnConfigurationRecorder_RecordingStrategyProperty.go
- CfnConfigurationRecorder__checks.go
- CfnConformancePack.go
- CfnConformancePackProps.go
- CfnConformancePack_ConformancePackInputParameterProperty.go
- CfnConformancePack_TemplateSSMDocumentDetailsProperty.go
- CfnConformancePack__checks.go
- CfnDeliveryChannel.go
- CfnDeliveryChannelProps.go
- CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty.go
- CfnDeliveryChannel__checks.go
- CfnOrganizationConfigRule.go
- CfnOrganizationConfigRuleProps.go
- CfnOrganizationConfigRule_OrganizationCustomPolicyRuleMetadataProperty.go
- CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty.go
- CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty.go
- CfnOrganizationConfigRule__checks.go
- CfnOrganizationConformancePack.go
- CfnOrganizationConformancePackProps.go
- CfnOrganizationConformancePack_ConformancePackInputParameterProperty.go
- CfnOrganizationConformancePack__checks.go
- CfnRemediationConfiguration.go
- CfnRemediationConfigurationProps.go
- CfnRemediationConfiguration_ExecutionControlsProperty.go
- CfnRemediationConfiguration_RemediationParameterValueProperty.go
- CfnRemediationConfiguration_ResourceValueProperty.go
- CfnRemediationConfiguration_SsmControlsProperty.go
- CfnRemediationConfiguration_StaticValueProperty.go
- CfnRemediationConfiguration__checks.go
- CfnStoredQuery.go
- CfnStoredQueryProps.go
- CfnStoredQuery__checks.go
- CloudFormationStackDriftDetectionCheck.go
- CloudFormationStackDriftDetectionCheckProps.go
- CloudFormationStackDriftDetectionCheck__checks.go
- CloudFormationStackNotificationCheck.go
- CloudFormationStackNotificationCheckProps.go
- CloudFormationStackNotificationCheck__checks.go
- CustomPolicy.go
- CustomPolicyProps.go
- CustomPolicy__checks.go
- CustomRule.go
- CustomRuleProps.go
- CustomRule__checks.go
- EvaluationMode.go
- EvaluationMode__checks.go
- IRule.go
- IRule__checks.go
- ManagedRule.go
- ManagedRuleIdentifiers.go
- ManagedRuleProps.go
- ManagedRule__checks.go
- MaximumExecutionFrequency.go
- ResourceType.go
- ResourceType__checks.go
- RuleProps.go
- RuleScope.go
- RuleScope__checks.go
- main.go
Directories
Click to show internal directories.
Click to hide internal directories.