cfg

package
v3.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AggregateAuthorization

type AggregateAuthorization struct {
	pulumi.CustomResourceState

	// Account ID
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// The ARN of the authorization
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Region
	Region pulumi.StringOutput `pulumi:"region"`
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Manages an AWS Config Aggregate Authorization

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cfg.NewAggregateAuthorization(ctx, "example", &cfg.AggregateAuthorizationArgs{
			AccountId: pulumi.String("123456789012"),
			Region:    pulumi.String("eu-west-2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAggregateAuthorization

func GetAggregateAuthorization(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AggregateAuthorizationState, opts ...pulumi.ResourceOption) (*AggregateAuthorization, error)

GetAggregateAuthorization gets an existing AggregateAuthorization resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAggregateAuthorization

func NewAggregateAuthorization(ctx *pulumi.Context,
	name string, args *AggregateAuthorizationArgs, opts ...pulumi.ResourceOption) (*AggregateAuthorization, error)

NewAggregateAuthorization registers a new resource with the given unique name, arguments, and options.

type AggregateAuthorizationArgs

type AggregateAuthorizationArgs struct {
	// Account ID
	AccountId pulumi.StringInput
	// Region
	Region pulumi.StringInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a AggregateAuthorization resource.

func (AggregateAuthorizationArgs) ElementType

func (AggregateAuthorizationArgs) ElementType() reflect.Type

type AggregateAuthorizationState

type AggregateAuthorizationState struct {
	// Account ID
	AccountId pulumi.StringPtrInput
	// The ARN of the authorization
	Arn pulumi.StringPtrInput
	// Region
	Region pulumi.StringPtrInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

func (AggregateAuthorizationState) ElementType

type ConfigurationAggregator

type ConfigurationAggregator struct {
	pulumi.CustomResourceState

	// The account(s) to aggregate config data from as documented below.
	AccountAggregationSource ConfigurationAggregatorAccountAggregationSourcePtrOutput `pulumi:"accountAggregationSource"`
	// The ARN of the aggregator
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The name of the configuration aggregator.
	Name pulumi.StringOutput `pulumi:"name"`
	// The organization to aggregate config data from as documented below.
	OrganizationAggregationSource ConfigurationAggregatorOrganizationAggregationSourcePtrOutput `pulumi:"organizationAggregationSource"`
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Manages an AWS Config Configuration Aggregator

## Example Usage ### Account Based Aggregation

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cfg.NewConfigurationAggregator(ctx, "account", &cfg.ConfigurationAggregatorArgs{
			AccountAggregationSource: &cfg.ConfigurationAggregatorAccountAggregationSourceArgs{
				AccountIds: pulumi.StringArray{
					pulumi.String("123456789012"),
				},
				Regions: pulumi.StringArray{
					pulumi.String("us-west-2"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Organization Based Aggregation

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		organizationRole, err := iam.NewRole(ctx, "organizationRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Sid\": \"\",\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Action\": \"sts:AssumeRole\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		organizationRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, "organizationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
			Role:      organizationRole.Name,
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewConfigurationAggregator(ctx, "organizationConfigurationAggregator", &cfg.ConfigurationAggregatorArgs{
			OrganizationAggregationSource: &cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{
				AllRegions: pulumi.Bool(true),
				RoleArn:    organizationRole.Arn,
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			organizationRolePolicyAttachment,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetConfigurationAggregator

func GetConfigurationAggregator(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ConfigurationAggregatorState, opts ...pulumi.ResourceOption) (*ConfigurationAggregator, error)

GetConfigurationAggregator gets an existing ConfigurationAggregator resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewConfigurationAggregator

func NewConfigurationAggregator(ctx *pulumi.Context,
	name string, args *ConfigurationAggregatorArgs, opts ...pulumi.ResourceOption) (*ConfigurationAggregator, error)

NewConfigurationAggregator registers a new resource with the given unique name, arguments, and options.

type ConfigurationAggregatorAccountAggregationSource

type ConfigurationAggregatorAccountAggregationSource struct {
	// List of 12-digit account IDs of the account(s) being aggregated.
	AccountIds []string `pulumi:"accountIds"`
	// If true, aggregate existing AWS Config regions and future regions.
	AllRegions *bool `pulumi:"allRegions"`
	// List of source regions being aggregated.
	Regions []string `pulumi:"regions"`
}

type ConfigurationAggregatorAccountAggregationSourceArgs

type ConfigurationAggregatorAccountAggregationSourceArgs struct {
	// List of 12-digit account IDs of the account(s) being aggregated.
	AccountIds pulumi.StringArrayInput `pulumi:"accountIds"`
	// If true, aggregate existing AWS Config regions and future regions.
	AllRegions pulumi.BoolPtrInput `pulumi:"allRegions"`
	// List of source regions being aggregated.
	Regions pulumi.StringArrayInput `pulumi:"regions"`
}

func (ConfigurationAggregatorAccountAggregationSourceArgs) ElementType

func (ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourceOutput

func (i ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourceOutput() ConfigurationAggregatorAccountAggregationSourceOutput

func (ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourceOutputWithContext

func (i ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourceOutputWithContext(ctx context.Context) ConfigurationAggregatorAccountAggregationSourceOutput

func (ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourcePtrOutput

func (i ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourcePtrOutput() ConfigurationAggregatorAccountAggregationSourcePtrOutput

func (ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext

func (i ConfigurationAggregatorAccountAggregationSourceArgs) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorAccountAggregationSourcePtrOutput

type ConfigurationAggregatorAccountAggregationSourceInput

type ConfigurationAggregatorAccountAggregationSourceInput interface {
	pulumi.Input

	ToConfigurationAggregatorAccountAggregationSourceOutput() ConfigurationAggregatorAccountAggregationSourceOutput
	ToConfigurationAggregatorAccountAggregationSourceOutputWithContext(context.Context) ConfigurationAggregatorAccountAggregationSourceOutput
}

ConfigurationAggregatorAccountAggregationSourceInput is an input type that accepts ConfigurationAggregatorAccountAggregationSourceArgs and ConfigurationAggregatorAccountAggregationSourceOutput values. You can construct a concrete instance of `ConfigurationAggregatorAccountAggregationSourceInput` via:

ConfigurationAggregatorAccountAggregationSourceArgs{...}

type ConfigurationAggregatorAccountAggregationSourceOutput

type ConfigurationAggregatorAccountAggregationSourceOutput struct{ *pulumi.OutputState }

func (ConfigurationAggregatorAccountAggregationSourceOutput) AccountIds

List of 12-digit account IDs of the account(s) being aggregated.

func (ConfigurationAggregatorAccountAggregationSourceOutput) AllRegions

If true, aggregate existing AWS Config regions and future regions.

func (ConfigurationAggregatorAccountAggregationSourceOutput) ElementType

func (ConfigurationAggregatorAccountAggregationSourceOutput) Regions

List of source regions being aggregated.

func (ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourceOutput

func (ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourceOutputWithContext

func (o ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourceOutputWithContext(ctx context.Context) ConfigurationAggregatorAccountAggregationSourceOutput

func (ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutput

func (o ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutput() ConfigurationAggregatorAccountAggregationSourcePtrOutput

func (ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext

func (o ConfigurationAggregatorAccountAggregationSourceOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorAccountAggregationSourcePtrOutput

type ConfigurationAggregatorAccountAggregationSourcePtrInput

type ConfigurationAggregatorAccountAggregationSourcePtrInput interface {
	pulumi.Input

	ToConfigurationAggregatorAccountAggregationSourcePtrOutput() ConfigurationAggregatorAccountAggregationSourcePtrOutput
	ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext(context.Context) ConfigurationAggregatorAccountAggregationSourcePtrOutput
}

ConfigurationAggregatorAccountAggregationSourcePtrInput is an input type that accepts ConfigurationAggregatorAccountAggregationSourceArgs, ConfigurationAggregatorAccountAggregationSourcePtr and ConfigurationAggregatorAccountAggregationSourcePtrOutput values. You can construct a concrete instance of `ConfigurationAggregatorAccountAggregationSourcePtrInput` via:

        ConfigurationAggregatorAccountAggregationSourceArgs{...}

or:

        nil

type ConfigurationAggregatorAccountAggregationSourcePtrOutput

type ConfigurationAggregatorAccountAggregationSourcePtrOutput struct{ *pulumi.OutputState }

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) AccountIds

List of 12-digit account IDs of the account(s) being aggregated.

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) AllRegions

If true, aggregate existing AWS Config regions and future regions.

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) Elem

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) ElementType

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) Regions

List of source regions being aggregated.

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutput

func (ConfigurationAggregatorAccountAggregationSourcePtrOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext

func (o ConfigurationAggregatorAccountAggregationSourcePtrOutput) ToConfigurationAggregatorAccountAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorAccountAggregationSourcePtrOutput

type ConfigurationAggregatorArgs

type ConfigurationAggregatorArgs struct {
	// The account(s) to aggregate config data from as documented below.
	AccountAggregationSource ConfigurationAggregatorAccountAggregationSourcePtrInput
	// The name of the configuration aggregator.
	Name pulumi.StringPtrInput
	// The organization to aggregate config data from as documented below.
	OrganizationAggregationSource ConfigurationAggregatorOrganizationAggregationSourcePtrInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a ConfigurationAggregator resource.

func (ConfigurationAggregatorArgs) ElementType

type ConfigurationAggregatorOrganizationAggregationSource

type ConfigurationAggregatorOrganizationAggregationSource struct {
	// If true, aggregate existing AWS Config regions and future regions.
	AllRegions *bool `pulumi:"allRegions"`
	// List of source regions being aggregated.
	Regions []string `pulumi:"regions"`
	// ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.
	RoleArn string `pulumi:"roleArn"`
}

type ConfigurationAggregatorOrganizationAggregationSourceArgs

type ConfigurationAggregatorOrganizationAggregationSourceArgs struct {
	// If true, aggregate existing AWS Config regions and future regions.
	AllRegions pulumi.BoolPtrInput `pulumi:"allRegions"`
	// List of source regions being aggregated.
	Regions pulumi.StringArrayInput `pulumi:"regions"`
	// ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.
	RoleArn pulumi.StringInput `pulumi:"roleArn"`
}

func (ConfigurationAggregatorOrganizationAggregationSourceArgs) ElementType

func (ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourceOutput

func (ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourceOutputWithContext

func (i ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourceOutputWithContext(ctx context.Context) ConfigurationAggregatorOrganizationAggregationSourceOutput

func (ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutput

func (i ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutput() ConfigurationAggregatorOrganizationAggregationSourcePtrOutput

func (ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext

func (i ConfigurationAggregatorOrganizationAggregationSourceArgs) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorOrganizationAggregationSourcePtrOutput

type ConfigurationAggregatorOrganizationAggregationSourceInput

type ConfigurationAggregatorOrganizationAggregationSourceInput interface {
	pulumi.Input

	ToConfigurationAggregatorOrganizationAggregationSourceOutput() ConfigurationAggregatorOrganizationAggregationSourceOutput
	ToConfigurationAggregatorOrganizationAggregationSourceOutputWithContext(context.Context) ConfigurationAggregatorOrganizationAggregationSourceOutput
}

ConfigurationAggregatorOrganizationAggregationSourceInput is an input type that accepts ConfigurationAggregatorOrganizationAggregationSourceArgs and ConfigurationAggregatorOrganizationAggregationSourceOutput values. You can construct a concrete instance of `ConfigurationAggregatorOrganizationAggregationSourceInput` via:

ConfigurationAggregatorOrganizationAggregationSourceArgs{...}

type ConfigurationAggregatorOrganizationAggregationSourceOutput

type ConfigurationAggregatorOrganizationAggregationSourceOutput struct{ *pulumi.OutputState }

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) AllRegions

If true, aggregate existing AWS Config regions and future regions.

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) ElementType

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) Regions

List of source regions being aggregated.

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) RoleArn

ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourceOutput

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourceOutputWithContext

func (o ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourceOutputWithContext(ctx context.Context) ConfigurationAggregatorOrganizationAggregationSourceOutput

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutput

func (ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext

func (o ConfigurationAggregatorOrganizationAggregationSourceOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorOrganizationAggregationSourcePtrOutput

type ConfigurationAggregatorOrganizationAggregationSourcePtrInput

type ConfigurationAggregatorOrganizationAggregationSourcePtrInput interface {
	pulumi.Input

	ToConfigurationAggregatorOrganizationAggregationSourcePtrOutput() ConfigurationAggregatorOrganizationAggregationSourcePtrOutput
	ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext(context.Context) ConfigurationAggregatorOrganizationAggregationSourcePtrOutput
}

ConfigurationAggregatorOrganizationAggregationSourcePtrInput is an input type that accepts ConfigurationAggregatorOrganizationAggregationSourceArgs, ConfigurationAggregatorOrganizationAggregationSourcePtr and ConfigurationAggregatorOrganizationAggregationSourcePtrOutput values. You can construct a concrete instance of `ConfigurationAggregatorOrganizationAggregationSourcePtrInput` via:

        ConfigurationAggregatorOrganizationAggregationSourceArgs{...}

or:

        nil

type ConfigurationAggregatorOrganizationAggregationSourcePtrOutput

type ConfigurationAggregatorOrganizationAggregationSourcePtrOutput struct{ *pulumi.OutputState }

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) AllRegions

If true, aggregate existing AWS Config regions and future regions.

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) Elem

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) ElementType

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) Regions

List of source regions being aggregated.

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) RoleArn

ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutput

func (ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext

func (o ConfigurationAggregatorOrganizationAggregationSourcePtrOutput) ToConfigurationAggregatorOrganizationAggregationSourcePtrOutputWithContext(ctx context.Context) ConfigurationAggregatorOrganizationAggregationSourcePtrOutput

type ConfigurationAggregatorState

type ConfigurationAggregatorState struct {
	// The account(s) to aggregate config data from as documented below.
	AccountAggregationSource ConfigurationAggregatorAccountAggregationSourcePtrInput
	// The ARN of the aggregator
	Arn pulumi.StringPtrInput
	// The name of the configuration aggregator.
	Name pulumi.StringPtrInput
	// The organization to aggregate config data from as documented below.
	OrganizationAggregationSource ConfigurationAggregatorOrganizationAggregationSourcePtrInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

func (ConfigurationAggregatorState) ElementType

type DeliveryChannel

type DeliveryChannel struct {
	pulumi.CustomResourceState

	// The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringOutput `pulumi:"name"`
	// The name of the S3 bucket used to store the configuration history.
	S3BucketName pulumi.StringOutput `pulumi:"s3BucketName"`
	// The prefix for the specified S3 bucket.
	S3KeyPrefix pulumi.StringPtrOutput `pulumi:"s3KeyPrefix"`
	// Options for how AWS Config delivers configuration snapshots. See below
	SnapshotDeliveryProperties DeliveryChannelSnapshotDeliveryPropertiesPtrOutput `pulumi:"snapshotDeliveryProperties"`
	// The ARN of the SNS topic that AWS Config delivers notifications to.
	SnsTopicArn pulumi.StringPtrOutput `pulumi:"snsTopicArn"`
}

Provides an AWS Config Delivery Channel.

> **Note:** Delivery Channel requires a `Configuration Recorder` to be present. Use of `dependsOn` (as shown below) is recommended to avoid race conditions.

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		fooRecorder, err := cfg.NewRecorder(ctx, "fooRecorder", &cfg.RecorderArgs{
			RoleArn: role.Arn,
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewDeliveryChannel(ctx, "fooDeliveryChannel", &cfg.DeliveryChannelArgs{
			S3BucketName: bucket.Bucket,
		}, pulumi.DependsOn([]pulumi.Resource{
			fooRecorder,
		}))
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "rolePolicy", &iam.RolePolicyArgs{
			Role: role.ID(),
			Policy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {
				bucketArn := _args[0].(string)
				bucketArn1 := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"s3:*\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": [\n", "        \"", bucketArn, "\",\n", "        \"", bucketArn1, "/*\"\n", "      ]\n", "    }\n", "  ]\n", "}\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetDeliveryChannel

func GetDeliveryChannel(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DeliveryChannelState, opts ...pulumi.ResourceOption) (*DeliveryChannel, error)

GetDeliveryChannel gets an existing DeliveryChannel resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDeliveryChannel

func NewDeliveryChannel(ctx *pulumi.Context,
	name string, args *DeliveryChannelArgs, opts ...pulumi.ResourceOption) (*DeliveryChannel, error)

NewDeliveryChannel registers a new resource with the given unique name, arguments, and options.

type DeliveryChannelArgs

type DeliveryChannelArgs struct {
	// The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringPtrInput
	// The name of the S3 bucket used to store the configuration history.
	S3BucketName pulumi.StringInput
	// The prefix for the specified S3 bucket.
	S3KeyPrefix pulumi.StringPtrInput
	// Options for how AWS Config delivers configuration snapshots. See below
	SnapshotDeliveryProperties DeliveryChannelSnapshotDeliveryPropertiesPtrInput
	// The ARN of the SNS topic that AWS Config delivers notifications to.
	SnsTopicArn pulumi.StringPtrInput
}

The set of arguments for constructing a DeliveryChannel resource.

func (DeliveryChannelArgs) ElementType

func (DeliveryChannelArgs) ElementType() reflect.Type

type DeliveryChannelSnapshotDeliveryProperties

type DeliveryChannelSnapshotDeliveryProperties struct {
	// - The frequency with which AWS Config recurringly delivers configuration snapshots.
	//   e.g. `One_Hour` or `Three_Hours`.
	//   Valid values are listed [here](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents).
	DeliveryFrequency *string `pulumi:"deliveryFrequency"`
}

type DeliveryChannelSnapshotDeliveryPropertiesArgs

type DeliveryChannelSnapshotDeliveryPropertiesArgs struct {
	// - The frequency with which AWS Config recurringly delivers configuration snapshots.
	//   e.g. `One_Hour` or `Three_Hours`.
	//   Valid values are listed [here](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents).
	DeliveryFrequency pulumi.StringPtrInput `pulumi:"deliveryFrequency"`
}

func (DeliveryChannelSnapshotDeliveryPropertiesArgs) ElementType

func (DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesOutput

func (i DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesOutput() DeliveryChannelSnapshotDeliveryPropertiesOutput

func (DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesOutputWithContext

func (i DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesOutputWithContext(ctx context.Context) DeliveryChannelSnapshotDeliveryPropertiesOutput

func (DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (i DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput() DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext

func (i DeliveryChannelSnapshotDeliveryPropertiesArgs) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext(ctx context.Context) DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

type DeliveryChannelSnapshotDeliveryPropertiesInput

type DeliveryChannelSnapshotDeliveryPropertiesInput interface {
	pulumi.Input

	ToDeliveryChannelSnapshotDeliveryPropertiesOutput() DeliveryChannelSnapshotDeliveryPropertiesOutput
	ToDeliveryChannelSnapshotDeliveryPropertiesOutputWithContext(context.Context) DeliveryChannelSnapshotDeliveryPropertiesOutput
}

DeliveryChannelSnapshotDeliveryPropertiesInput is an input type that accepts DeliveryChannelSnapshotDeliveryPropertiesArgs and DeliveryChannelSnapshotDeliveryPropertiesOutput values. You can construct a concrete instance of `DeliveryChannelSnapshotDeliveryPropertiesInput` via:

DeliveryChannelSnapshotDeliveryPropertiesArgs{...}

type DeliveryChannelSnapshotDeliveryPropertiesOutput

type DeliveryChannelSnapshotDeliveryPropertiesOutput struct{ *pulumi.OutputState }

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) DeliveryFrequency

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) ElementType

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesOutput

func (o DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesOutput() DeliveryChannelSnapshotDeliveryPropertiesOutput

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesOutputWithContext

func (o DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesOutputWithContext(ctx context.Context) DeliveryChannelSnapshotDeliveryPropertiesOutput

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (o DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput() DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext

func (o DeliveryChannelSnapshotDeliveryPropertiesOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext(ctx context.Context) DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

type DeliveryChannelSnapshotDeliveryPropertiesPtrInput

type DeliveryChannelSnapshotDeliveryPropertiesPtrInput interface {
	pulumi.Input

	ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput() DeliveryChannelSnapshotDeliveryPropertiesPtrOutput
	ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext(context.Context) DeliveryChannelSnapshotDeliveryPropertiesPtrOutput
}

DeliveryChannelSnapshotDeliveryPropertiesPtrInput is an input type that accepts DeliveryChannelSnapshotDeliveryPropertiesArgs, DeliveryChannelSnapshotDeliveryPropertiesPtr and DeliveryChannelSnapshotDeliveryPropertiesPtrOutput values. You can construct a concrete instance of `DeliveryChannelSnapshotDeliveryPropertiesPtrInput` via:

        DeliveryChannelSnapshotDeliveryPropertiesArgs{...}

or:

        nil

type DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

type DeliveryChannelSnapshotDeliveryPropertiesPtrOutput struct{ *pulumi.OutputState }

func (DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) DeliveryFrequency

func (DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) Elem

func (DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) ElementType

func (DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (o DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutput() DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

func (DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext

func (o DeliveryChannelSnapshotDeliveryPropertiesPtrOutput) ToDeliveryChannelSnapshotDeliveryPropertiesPtrOutputWithContext(ctx context.Context) DeliveryChannelSnapshotDeliveryPropertiesPtrOutput

type DeliveryChannelState

type DeliveryChannelState struct {
	// The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringPtrInput
	// The name of the S3 bucket used to store the configuration history.
	S3BucketName pulumi.StringPtrInput
	// The prefix for the specified S3 bucket.
	S3KeyPrefix pulumi.StringPtrInput
	// Options for how AWS Config delivers configuration snapshots. See below
	SnapshotDeliveryProperties DeliveryChannelSnapshotDeliveryPropertiesPtrInput
	// The ARN of the SNS topic that AWS Config delivers notifications to.
	SnsTopicArn pulumi.StringPtrInput
}

func (DeliveryChannelState) ElementType

func (DeliveryChannelState) ElementType() reflect.Type

type OrganizationCustomRule

type OrganizationCustomRule struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of the rule
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the rule
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayOutput `pulumi:"excludedAccounts"`
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrOutput `pulumi:"inputParameters"`
	// Amazon Resource Name (ARN) of the rule Lambda Function
	LambdaFunctionArn pulumi.StringOutput `pulumi:"lambdaFunctionArn"`
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrOutput `pulumi:"maximumExecutionFrequency"`
	// The name of the rule
	Name pulumi.StringOutput `pulumi:"name"`
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrOutput `pulumi:"resourceIdScope"`
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayOutput `pulumi:"resourceTypesScopes"`
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrOutput `pulumi:"tagKeyScope"`
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrOutput `pulumi:"tagValueScope"`
	// List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`
	TriggerTypes pulumi.StringArrayOutput `pulumi:"triggerTypes"`
}

Manages a Config Organization Custom Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the `aws_config_organization_managed__rule` resource.

> **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excludedAccounts` argument.

> **NOTE:** The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the `lambda.Permission` resource.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/lambda"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePermission, err := lambda.NewPermission(ctx, "examplePermission", &lambda.PermissionArgs{
			Action:    pulumi.String("lambda:InvokeFunction"),
			Function:  pulumi.Any(aws_lambda_function.Example.Arn),
			Principal: pulumi.String("config.amazonaws.com"),
		})
		if err != nil {
			return err
		}
		exampleOrganization, err := organizations.NewOrganization(ctx, "exampleOrganization", &organizations.OrganizationArgs{
			AwsServiceAccessPrincipals: pulumi.StringArray{
				pulumi.String("config-multiaccountsetup.amazonaws.com"),
			},
			FeatureSet: pulumi.String("ALL"),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewOrganizationCustomRule(ctx, "exampleOrganizationCustomRule", &cfg.OrganizationCustomRuleArgs{
			LambdaFunctionArn: pulumi.Any(aws_lambda_function.Example.Arn),
			TriggerTypes: pulumi.StringArray{
				pulumi.String("ConfigurationItemChangeNotification"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			examplePermission,
			exampleOrganization,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationCustomRule

func GetOrganizationCustomRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationCustomRuleState, opts ...pulumi.ResourceOption) (*OrganizationCustomRule, error)

GetOrganizationCustomRule gets an existing OrganizationCustomRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationCustomRule

func NewOrganizationCustomRule(ctx *pulumi.Context,
	name string, args *OrganizationCustomRuleArgs, opts ...pulumi.ResourceOption) (*OrganizationCustomRule, error)

NewOrganizationCustomRule registers a new resource with the given unique name, arguments, and options.

type OrganizationCustomRuleArgs

type OrganizationCustomRuleArgs struct {
	// Description of the rule
	Description pulumi.StringPtrInput
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayInput
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the rule Lambda Function
	LambdaFunctionArn pulumi.StringInput
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrInput
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayInput
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrInput
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrInput
	// List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`
	TriggerTypes pulumi.StringArrayInput
}

The set of arguments for constructing a OrganizationCustomRule resource.

func (OrganizationCustomRuleArgs) ElementType

func (OrganizationCustomRuleArgs) ElementType() reflect.Type

type OrganizationCustomRuleState

type OrganizationCustomRuleState struct {
	// Amazon Resource Name (ARN) of the rule
	Arn pulumi.StringPtrInput
	// Description of the rule
	Description pulumi.StringPtrInput
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayInput
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrInput
	// Amazon Resource Name (ARN) of the rule Lambda Function
	LambdaFunctionArn pulumi.StringPtrInput
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrInput
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayInput
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrInput
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrInput
	// List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`
	TriggerTypes pulumi.StringArrayInput
}

func (OrganizationCustomRuleState) ElementType

type OrganizationManagedRule

type OrganizationManagedRule struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of the rule
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the rule
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayOutput `pulumi:"excludedAccounts"`
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrOutput `pulumi:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrOutput `pulumi:"maximumExecutionFrequency"`
	// The name of the rule
	Name pulumi.StringOutput `pulumi:"name"`
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrOutput `pulumi:"resourceIdScope"`
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayOutput `pulumi:"resourceTypesScopes"`
	// Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation
	RuleIdentifier pulumi.StringOutput `pulumi:"ruleIdentifier"`
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrOutput `pulumi:"tagKeyScope"`
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrOutput `pulumi:"tagValueScope"`
}

Manages a Config Organization Managed Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the `cfg.OrganizationCustomRule` resource.

> **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excludedAccounts` argument.

> **NOTE:** Every Organization account except those configured in the `excludedAccounts` argument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also the `cfg.Recorder` resource.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleOrganization, err := organizations.NewOrganization(ctx, "exampleOrganization", &organizations.OrganizationArgs{
			AwsServiceAccessPrincipals: pulumi.StringArray{
				pulumi.String("config-multiaccountsetup.amazonaws.com"),
			},
			FeatureSet: pulumi.String("ALL"),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewOrganizationManagedRule(ctx, "exampleOrganizationManagedRule", &cfg.OrganizationManagedRuleArgs{
			RuleIdentifier: pulumi.String("IAM_PASSWORD_POLICY"),
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleOrganization,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetOrganizationManagedRule

func GetOrganizationManagedRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OrganizationManagedRuleState, opts ...pulumi.ResourceOption) (*OrganizationManagedRule, error)

GetOrganizationManagedRule gets an existing OrganizationManagedRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOrganizationManagedRule

func NewOrganizationManagedRule(ctx *pulumi.Context,
	name string, args *OrganizationManagedRuleArgs, opts ...pulumi.ResourceOption) (*OrganizationManagedRule, error)

NewOrganizationManagedRule registers a new resource with the given unique name, arguments, and options.

type OrganizationManagedRuleArgs

type OrganizationManagedRuleArgs struct {
	// Description of the rule
	Description pulumi.StringPtrInput
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayInput
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrInput
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrInput
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayInput
	// Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation
	RuleIdentifier pulumi.StringInput
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrInput
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrInput
}

The set of arguments for constructing a OrganizationManagedRule resource.

func (OrganizationManagedRuleArgs) ElementType

type OrganizationManagedRuleState

type OrganizationManagedRuleState struct {
	// Amazon Resource Name (ARN) of the rule
	Arn pulumi.StringPtrInput
	// Description of the rule
	Description pulumi.StringPtrInput
	// List of AWS account identifiers to exclude from the rule
	ExcludedAccounts pulumi.StringArrayInput
	// A string in JSON format that is passed to the AWS Config Rule Lambda Function
	InputParameters pulumi.StringPtrInput
	// The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// Identifier of the AWS resource to evaluate
	ResourceIdScope pulumi.StringPtrInput
	// List of types of AWS resources to evaluate
	ResourceTypesScopes pulumi.StringArrayInput
	// Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation
	RuleIdentifier pulumi.StringPtrInput
	// Tag key of AWS resources to evaluate
	TagKeyScope pulumi.StringPtrInput
	// Tag value of AWS resources to evaluate
	TagValueScope pulumi.StringPtrInput
}

func (OrganizationManagedRuleState) ElementType

type Recorder

type Recorder struct {
	pulumi.CustomResourceState

	// The name of the recorder. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringOutput `pulumi:"name"`
	// Recording group - see below.
	RecordingGroup RecorderRecordingGroupOutput `pulumi:"recordingGroup"`
	// Amazon Resource Name (ARN) of the IAM role.
	// used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account.
	// See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.
	RoleArn pulumi.StringOutput `pulumi:"roleArn"`
}

Provides an AWS Config Configuration Recorder. Please note that this resource **does not start** the created recorder automatically.

> **Note:** _Starting_ the Configuration Recorder requires a `delivery channel` (while delivery channel creation requires Configuration Recorder). This is why `cfg.RecorderStatus` is a separate resource.

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRecorder(ctx, "foo", &cfg.RecorderArgs{
			RoleArn: role.Arn,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRecorder

func GetRecorder(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RecorderState, opts ...pulumi.ResourceOption) (*Recorder, error)

GetRecorder gets an existing Recorder resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRecorder

func NewRecorder(ctx *pulumi.Context,
	name string, args *RecorderArgs, opts ...pulumi.ResourceOption) (*Recorder, error)

NewRecorder registers a new resource with the given unique name, arguments, and options.

type RecorderArgs

type RecorderArgs struct {
	// The name of the recorder. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringPtrInput
	// Recording group - see below.
	RecordingGroup RecorderRecordingGroupPtrInput
	// Amazon Resource Name (ARN) of the IAM role.
	// used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account.
	// See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.
	RoleArn pulumi.StringInput
}

The set of arguments for constructing a Recorder resource.

func (RecorderArgs) ElementType

func (RecorderArgs) ElementType() reflect.Type

type RecorderRecordingGroup

type RecorderRecordingGroup struct {
	// Specifies whether AWS Config records configuration changes
	// for every supported type of regional resource (which includes any new type that will become supported in the future).
	// Conflicts with `resourceTypes`. Defaults to `true`.
	AllSupported *bool `pulumi:"allSupported"`
	// Specifies whether AWS Config includes all supported types of *global resources*
	// with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`.
	IncludeGlobalResourceTypes *bool `pulumi:"includeGlobalResourceTypes"`
	// A list that specifies the types of AWS resources for which
	// AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`).
	// See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.
	ResourceTypes []string `pulumi:"resourceTypes"`
}

type RecorderRecordingGroupArgs

type RecorderRecordingGroupArgs struct {
	// Specifies whether AWS Config records configuration changes
	// for every supported type of regional resource (which includes any new type that will become supported in the future).
	// Conflicts with `resourceTypes`. Defaults to `true`.
	AllSupported pulumi.BoolPtrInput `pulumi:"allSupported"`
	// Specifies whether AWS Config includes all supported types of *global resources*
	// with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`.
	IncludeGlobalResourceTypes pulumi.BoolPtrInput `pulumi:"includeGlobalResourceTypes"`
	// A list that specifies the types of AWS resources for which
	// AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`).
	// See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.
	ResourceTypes pulumi.StringArrayInput `pulumi:"resourceTypes"`
}

func (RecorderRecordingGroupArgs) ElementType

func (RecorderRecordingGroupArgs) ElementType() reflect.Type

func (RecorderRecordingGroupArgs) ToRecorderRecordingGroupOutput

func (i RecorderRecordingGroupArgs) ToRecorderRecordingGroupOutput() RecorderRecordingGroupOutput

func (RecorderRecordingGroupArgs) ToRecorderRecordingGroupOutputWithContext

func (i RecorderRecordingGroupArgs) ToRecorderRecordingGroupOutputWithContext(ctx context.Context) RecorderRecordingGroupOutput

func (RecorderRecordingGroupArgs) ToRecorderRecordingGroupPtrOutput

func (i RecorderRecordingGroupArgs) ToRecorderRecordingGroupPtrOutput() RecorderRecordingGroupPtrOutput

func (RecorderRecordingGroupArgs) ToRecorderRecordingGroupPtrOutputWithContext

func (i RecorderRecordingGroupArgs) ToRecorderRecordingGroupPtrOutputWithContext(ctx context.Context) RecorderRecordingGroupPtrOutput

type RecorderRecordingGroupInput

type RecorderRecordingGroupInput interface {
	pulumi.Input

	ToRecorderRecordingGroupOutput() RecorderRecordingGroupOutput
	ToRecorderRecordingGroupOutputWithContext(context.Context) RecorderRecordingGroupOutput
}

RecorderRecordingGroupInput is an input type that accepts RecorderRecordingGroupArgs and RecorderRecordingGroupOutput values. You can construct a concrete instance of `RecorderRecordingGroupInput` via:

RecorderRecordingGroupArgs{...}

type RecorderRecordingGroupOutput

type RecorderRecordingGroupOutput struct{ *pulumi.OutputState }

func (RecorderRecordingGroupOutput) AllSupported

Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with `resourceTypes`. Defaults to `true`.

func (RecorderRecordingGroupOutput) ElementType

func (RecorderRecordingGroupOutput) IncludeGlobalResourceTypes

func (o RecorderRecordingGroupOutput) IncludeGlobalResourceTypes() pulumi.BoolPtrOutput

Specifies whether AWS Config includes all supported types of *global resources* with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`.

func (RecorderRecordingGroupOutput) ResourceTypes

A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`). See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.

func (RecorderRecordingGroupOutput) ToRecorderRecordingGroupOutput

func (o RecorderRecordingGroupOutput) ToRecorderRecordingGroupOutput() RecorderRecordingGroupOutput

func (RecorderRecordingGroupOutput) ToRecorderRecordingGroupOutputWithContext

func (o RecorderRecordingGroupOutput) ToRecorderRecordingGroupOutputWithContext(ctx context.Context) RecorderRecordingGroupOutput

func (RecorderRecordingGroupOutput) ToRecorderRecordingGroupPtrOutput

func (o RecorderRecordingGroupOutput) ToRecorderRecordingGroupPtrOutput() RecorderRecordingGroupPtrOutput

func (RecorderRecordingGroupOutput) ToRecorderRecordingGroupPtrOutputWithContext

func (o RecorderRecordingGroupOutput) ToRecorderRecordingGroupPtrOutputWithContext(ctx context.Context) RecorderRecordingGroupPtrOutput

type RecorderRecordingGroupPtrInput

type RecorderRecordingGroupPtrInput interface {
	pulumi.Input

	ToRecorderRecordingGroupPtrOutput() RecorderRecordingGroupPtrOutput
	ToRecorderRecordingGroupPtrOutputWithContext(context.Context) RecorderRecordingGroupPtrOutput
}

RecorderRecordingGroupPtrInput is an input type that accepts RecorderRecordingGroupArgs, RecorderRecordingGroupPtr and RecorderRecordingGroupPtrOutput values. You can construct a concrete instance of `RecorderRecordingGroupPtrInput` via:

        RecorderRecordingGroupArgs{...}

or:

        nil

type RecorderRecordingGroupPtrOutput

type RecorderRecordingGroupPtrOutput struct{ *pulumi.OutputState }

func (RecorderRecordingGroupPtrOutput) AllSupported

Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with `resourceTypes`. Defaults to `true`.

func (RecorderRecordingGroupPtrOutput) Elem

func (RecorderRecordingGroupPtrOutput) ElementType

func (RecorderRecordingGroupPtrOutput) IncludeGlobalResourceTypes

func (o RecorderRecordingGroupPtrOutput) IncludeGlobalResourceTypes() pulumi.BoolPtrOutput

Specifies whether AWS Config includes all supported types of *global resources* with the resources that it records. Requires `allSupported = true`. Conflicts with `resourceTypes`.

func (RecorderRecordingGroupPtrOutput) ResourceTypes

A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`). See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.

func (RecorderRecordingGroupPtrOutput) ToRecorderRecordingGroupPtrOutput

func (o RecorderRecordingGroupPtrOutput) ToRecorderRecordingGroupPtrOutput() RecorderRecordingGroupPtrOutput

func (RecorderRecordingGroupPtrOutput) ToRecorderRecordingGroupPtrOutputWithContext

func (o RecorderRecordingGroupPtrOutput) ToRecorderRecordingGroupPtrOutputWithContext(ctx context.Context) RecorderRecordingGroupPtrOutput

type RecorderState

type RecorderState struct {
	// The name of the recorder. Defaults to `default`. Changing it recreates the resource.
	Name pulumi.StringPtrInput
	// Recording group - see below.
	RecordingGroup RecorderRecordingGroupPtrInput
	// Amazon Resource Name (ARN) of the IAM role.
	// used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account.
	// See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.
	RoleArn pulumi.StringPtrInput
}

func (RecorderState) ElementType

func (RecorderState) ElementType() reflect.Type

type RecorderStatus

type RecorderStatus struct {
	pulumi.CustomResourceState

	// Whether the configuration recorder should be enabled or disabled.
	IsEnabled pulumi.BoolOutput `pulumi:"isEnabled"`
	// The name of the recorder
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages status (recording / stopped) of an AWS Config Configuration Recorder.

> **Note:** Starting Configuration Recorder requires a `Delivery Channel` to be present. Use of `dependsOn` (as shown below) is recommended to avoid race conditions.

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", nil)
		if err != nil {
			return err
		}
		fooDeliveryChannel, err := cfg.NewDeliveryChannel(ctx, "fooDeliveryChannel", &cfg.DeliveryChannelArgs{
			S3BucketName: bucket.Bucket,
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRecorderStatus(ctx, "fooRecorderStatus", &cfg.RecorderStatusArgs{
			IsEnabled: pulumi.Bool(true),
		}, pulumi.DependsOn([]pulumi.Resource{
			fooDeliveryChannel,
		}))
		if err != nil {
			return err
		}
		role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "rolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
			Role:      role.Name,
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSConfigRole"),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRecorder(ctx, "fooRecorder", &cfg.RecorderArgs{
			RoleArn: role.Arn,
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "rolePolicy", &iam.RolePolicyArgs{
			Role: role.ID(),
			Policy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {
				bucketArn := _args[0].(string)
				bucketArn1 := _args[1].(string)
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"s3:*\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": [\n", "        \"", bucketArn, "\",\n", "        \"", bucketArn1, "/*\"\n", "      ]\n", "    }\n", "  ]\n", "}\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRecorderStatus

func GetRecorderStatus(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RecorderStatusState, opts ...pulumi.ResourceOption) (*RecorderStatus, error)

GetRecorderStatus gets an existing RecorderStatus resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRecorderStatus

func NewRecorderStatus(ctx *pulumi.Context,
	name string, args *RecorderStatusArgs, opts ...pulumi.ResourceOption) (*RecorderStatus, error)

NewRecorderStatus registers a new resource with the given unique name, arguments, and options.

type RecorderStatusArgs

type RecorderStatusArgs struct {
	// Whether the configuration recorder should be enabled or disabled.
	IsEnabled pulumi.BoolInput
	// The name of the recorder
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a RecorderStatus resource.

func (RecorderStatusArgs) ElementType

func (RecorderStatusArgs) ElementType() reflect.Type

type RecorderStatusState

type RecorderStatusState struct {
	// Whether the configuration recorder should be enabled or disabled.
	IsEnabled pulumi.BoolPtrInput
	// The name of the recorder
	Name pulumi.StringPtrInput
}

func (RecorderStatusState) ElementType

func (RecorderStatusState) ElementType() reflect.Type

type RemediationConfiguration added in v3.4.0

type RemediationConfiguration struct {
	pulumi.CustomResourceState

	Arn pulumi.StringOutput `pulumi:"arn"`
	// The name of the AWS Config rule
	ConfigRuleName pulumi.StringOutput `pulumi:"configRuleName"`
	// Can be specified multiple times for each
	// parameter. Each parameter block supports fields documented below.
	Parameters RemediationConfigurationParameterArrayOutput `pulumi:"parameters"`
	// The type of a resource
	ResourceType pulumi.StringPtrOutput `pulumi:"resourceType"`
	// Target ID is the name of the public document
	TargetId pulumi.StringOutput `pulumi:"targetId"`
	// The type of the target. Target executes remediation. For example, SSM document
	TargetType pulumi.StringOutput `pulumi:"targetType"`
	// Version of the target. For example, version of the SSM document
	TargetVersion pulumi.StringPtrOutput `pulumi:"targetVersion"`
}

Provides an AWS Config Remediation Configuration.

> **Note:** Config Remediation Configuration requires an existing [Config Rule](https://www.terraform.io/docs/providers/aws/r/config_config_rule.html) to be present.

## Example Usage

AWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		thisRule, err := cfg.NewRule(ctx, "thisRule", &cfg.RuleArgs{
			Source: &cfg.RuleSourceArgs{
				Owner:            pulumi.String("AWS"),
				SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
			},
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRemediationConfiguration(ctx, "thisRemediationConfiguration", &cfg.RemediationConfigurationArgs{
			ConfigRuleName: thisRule.Name,
			ResourceType:   pulumi.String("AWS::S3::Bucket"),
			TargetType:     pulumi.String("SSM_DOCUMENT"),
			TargetId:       pulumi.String("AWS-EnableS3BucketEncryption"),
			TargetVersion:  pulumi.String("1"),
			Parameters: cfg.RemediationConfigurationParameterArray{
				&cfg.RemediationConfigurationParameterArgs{
					Name:        pulumi.String("AutomationAssumeRole"),
					StaticValue: pulumi.String("arn:aws:iam::875924563244:role/security_config"),
				},
				&cfg.RemediationConfigurationParameterArgs{
					Name:          pulumi.String("BucketName"),
					ResourceValue: pulumi.String("RESOURCE_ID"),
				},
				&cfg.RemediationConfigurationParameterArgs{
					Name:        pulumi.String("SSEAlgorithm"),
					StaticValue: pulumi.String("AES256"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRemediationConfiguration added in v3.4.0

func GetRemediationConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RemediationConfigurationState, opts ...pulumi.ResourceOption) (*RemediationConfiguration, error)

GetRemediationConfiguration gets an existing RemediationConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRemediationConfiguration added in v3.4.0

func NewRemediationConfiguration(ctx *pulumi.Context,
	name string, args *RemediationConfigurationArgs, opts ...pulumi.ResourceOption) (*RemediationConfiguration, error)

NewRemediationConfiguration registers a new resource with the given unique name, arguments, and options.

type RemediationConfigurationArgs added in v3.4.0

type RemediationConfigurationArgs struct {
	// The name of the AWS Config rule
	ConfigRuleName pulumi.StringInput
	// Can be specified multiple times for each
	// parameter. Each parameter block supports fields documented below.
	Parameters RemediationConfigurationParameterArrayInput
	// The type of a resource
	ResourceType pulumi.StringPtrInput
	// Target ID is the name of the public document
	TargetId pulumi.StringInput
	// The type of the target. Target executes remediation. For example, SSM document
	TargetType pulumi.StringInput
	// Version of the target. For example, version of the SSM document
	TargetVersion pulumi.StringPtrInput
}

The set of arguments for constructing a RemediationConfiguration resource.

func (RemediationConfigurationArgs) ElementType added in v3.4.0

type RemediationConfigurationParameter added in v3.4.0

type RemediationConfigurationParameter struct {
	// The name of the attribute.
	Name string `pulumi:"name"`
	// The value is dynamic and changes at run-time.
	ResourceValue *string `pulumi:"resourceValue"`
	// The value is static and does not change at run-time.
	StaticValue *string `pulumi:"staticValue"`
}

type RemediationConfigurationParameterArgs added in v3.4.0

type RemediationConfigurationParameterArgs struct {
	// The name of the attribute.
	Name pulumi.StringInput `pulumi:"name"`
	// The value is dynamic and changes at run-time.
	ResourceValue pulumi.StringPtrInput `pulumi:"resourceValue"`
	// The value is static and does not change at run-time.
	StaticValue pulumi.StringPtrInput `pulumi:"staticValue"`
}

func (RemediationConfigurationParameterArgs) ElementType added in v3.4.0

func (RemediationConfigurationParameterArgs) ToRemediationConfigurationParameterOutput added in v3.4.0

func (i RemediationConfigurationParameterArgs) ToRemediationConfigurationParameterOutput() RemediationConfigurationParameterOutput

func (RemediationConfigurationParameterArgs) ToRemediationConfigurationParameterOutputWithContext added in v3.4.0

func (i RemediationConfigurationParameterArgs) ToRemediationConfigurationParameterOutputWithContext(ctx context.Context) RemediationConfigurationParameterOutput

type RemediationConfigurationParameterArray added in v3.4.0

type RemediationConfigurationParameterArray []RemediationConfigurationParameterInput

func (RemediationConfigurationParameterArray) ElementType added in v3.4.0

func (RemediationConfigurationParameterArray) ToRemediationConfigurationParameterArrayOutput added in v3.4.0

func (i RemediationConfigurationParameterArray) ToRemediationConfigurationParameterArrayOutput() RemediationConfigurationParameterArrayOutput

func (RemediationConfigurationParameterArray) ToRemediationConfigurationParameterArrayOutputWithContext added in v3.4.0

func (i RemediationConfigurationParameterArray) ToRemediationConfigurationParameterArrayOutputWithContext(ctx context.Context) RemediationConfigurationParameterArrayOutput

type RemediationConfigurationParameterArrayInput added in v3.4.0

type RemediationConfigurationParameterArrayInput interface {
	pulumi.Input

	ToRemediationConfigurationParameterArrayOutput() RemediationConfigurationParameterArrayOutput
	ToRemediationConfigurationParameterArrayOutputWithContext(context.Context) RemediationConfigurationParameterArrayOutput
}

RemediationConfigurationParameterArrayInput is an input type that accepts RemediationConfigurationParameterArray and RemediationConfigurationParameterArrayOutput values. You can construct a concrete instance of `RemediationConfigurationParameterArrayInput` via:

RemediationConfigurationParameterArray{ RemediationConfigurationParameterArgs{...} }

type RemediationConfigurationParameterArrayOutput added in v3.4.0

type RemediationConfigurationParameterArrayOutput struct{ *pulumi.OutputState }

func (RemediationConfigurationParameterArrayOutput) ElementType added in v3.4.0

func (RemediationConfigurationParameterArrayOutput) Index added in v3.4.0

func (RemediationConfigurationParameterArrayOutput) ToRemediationConfigurationParameterArrayOutput added in v3.4.0

func (o RemediationConfigurationParameterArrayOutput) ToRemediationConfigurationParameterArrayOutput() RemediationConfigurationParameterArrayOutput

func (RemediationConfigurationParameterArrayOutput) ToRemediationConfigurationParameterArrayOutputWithContext added in v3.4.0

func (o RemediationConfigurationParameterArrayOutput) ToRemediationConfigurationParameterArrayOutputWithContext(ctx context.Context) RemediationConfigurationParameterArrayOutput

type RemediationConfigurationParameterInput added in v3.4.0

type RemediationConfigurationParameterInput interface {
	pulumi.Input

	ToRemediationConfigurationParameterOutput() RemediationConfigurationParameterOutput
	ToRemediationConfigurationParameterOutputWithContext(context.Context) RemediationConfigurationParameterOutput
}

RemediationConfigurationParameterInput is an input type that accepts RemediationConfigurationParameterArgs and RemediationConfigurationParameterOutput values. You can construct a concrete instance of `RemediationConfigurationParameterInput` via:

RemediationConfigurationParameterArgs{...}

type RemediationConfigurationParameterOutput added in v3.4.0

type RemediationConfigurationParameterOutput struct{ *pulumi.OutputState }

func (RemediationConfigurationParameterOutput) ElementType added in v3.4.0

func (RemediationConfigurationParameterOutput) Name added in v3.4.0

The name of the attribute.

func (RemediationConfigurationParameterOutput) ResourceValue added in v3.4.0

The value is dynamic and changes at run-time.

func (RemediationConfigurationParameterOutput) StaticValue added in v3.4.0

The value is static and does not change at run-time.

func (RemediationConfigurationParameterOutput) ToRemediationConfigurationParameterOutput added in v3.4.0

func (o RemediationConfigurationParameterOutput) ToRemediationConfigurationParameterOutput() RemediationConfigurationParameterOutput

func (RemediationConfigurationParameterOutput) ToRemediationConfigurationParameterOutputWithContext added in v3.4.0

func (o RemediationConfigurationParameterOutput) ToRemediationConfigurationParameterOutputWithContext(ctx context.Context) RemediationConfigurationParameterOutput

type RemediationConfigurationState added in v3.4.0

type RemediationConfigurationState struct {
	Arn pulumi.StringPtrInput
	// The name of the AWS Config rule
	ConfigRuleName pulumi.StringPtrInput
	// Can be specified multiple times for each
	// parameter. Each parameter block supports fields documented below.
	Parameters RemediationConfigurationParameterArrayInput
	// The type of a resource
	ResourceType pulumi.StringPtrInput
	// Target ID is the name of the public document
	TargetId pulumi.StringPtrInput
	// The type of the target. Target executes remediation. For example, SSM document
	TargetType pulumi.StringPtrInput
	// Version of the target. For example, version of the SSM document
	TargetVersion pulumi.StringPtrInput
}

func (RemediationConfigurationState) ElementType added in v3.4.0

type Rule

type Rule struct {
	pulumi.CustomResourceState

	// The ARN of the config rule
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Description of the rule
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A string in JSON format that is passed to the AWS Config rule Lambda function.
	InputParameters pulumi.StringPtrOutput `pulumi:"inputParameters"`
	// The frequency that you want AWS Config to run evaluations for a rule that
	// is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.
	MaximumExecutionFrequency pulumi.StringPtrOutput `pulumi:"maximumExecutionFrequency"`
	// The name of the rule
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the config rule
	RuleId pulumi.StringOutput `pulumi:"ruleId"`
	// Scope defines which resources can trigger an evaluation for the rule as documented below.
	Scope RuleScopePtrOutput `pulumi:"scope"`
	// Source specifies the rule owner, the rule identifier, and the notifications that cause
	// the function to evaluate your AWS resources as documented below.
	Source RuleSourceOutput `pulumi:"source"`
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides an AWS Config Rule.

> **Note:** Config Rule requires an existing `Configuration Recorder` to be present. Use of `dependsOn` is recommended (as shown below) to avoid race conditions.

## Example Usage ### AWS Managed Rules

AWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"config.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		foo, err := cfg.NewRecorder(ctx, "foo", &cfg.RecorderArgs{
			RoleArn: role.Arn,
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRule(ctx, "rule", &cfg.RuleArgs{
			Source: &cfg.RuleSourceArgs{
				Owner:            pulumi.String("AWS"),
				SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			foo,
		}))
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "rolePolicy", &iam.RolePolicyArgs{
			Role: role.ID(),
			Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "  	{\n", "  		\"Action\": \"config:Put*\",\n", "  		\"Effect\": \"Allow\",\n", "  		\"Resource\": \"*\"\n", "\n", "  	}\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Rules

Custom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g. via the `lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/lambda"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRecorder, err := cfg.NewRecorder(ctx, "exampleRecorder", nil)
		if err != nil {
			return err
		}
		exampleFunction, err := lambda.NewFunction(ctx, "exampleFunction", nil)
		if err != nil {
			return err
		}
		examplePermission, err := lambda.NewPermission(ctx, "examplePermission", &lambda.PermissionArgs{
			Action:    pulumi.String("lambda:InvokeFunction"),
			Function:  exampleFunction.Arn,
			Principal: pulumi.String("config.amazonaws.com"),
		})
		if err != nil {
			return err
		}
		_, err = cfg.NewRule(ctx, "exampleRule", &cfg.RuleArgs{
			Source: &cfg.RuleSourceArgs{
				Owner:            pulumi.String("CUSTOM_LAMBDA"),
				SourceIdentifier: exampleFunction.Arn,
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleRecorder,
			examplePermission,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRule

func GetRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RuleState, opts ...pulumi.ResourceOption) (*Rule, error)

GetRule gets an existing Rule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRule

func NewRule(ctx *pulumi.Context,
	name string, args *RuleArgs, opts ...pulumi.ResourceOption) (*Rule, error)

NewRule registers a new resource with the given unique name, arguments, and options.

type RuleArgs

type RuleArgs struct {
	// Description of the rule
	Description pulumi.StringPtrInput
	// A string in JSON format that is passed to the AWS Config rule Lambda function.
	InputParameters pulumi.StringPtrInput
	// The frequency that you want AWS Config to run evaluations for a rule that
	// is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// Scope defines which resources can trigger an evaluation for the rule as documented below.
	Scope RuleScopePtrInput
	// Source specifies the rule owner, the rule identifier, and the notifications that cause
	// the function to evaluate your AWS resources as documented below.
	Source RuleSourceInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Rule resource.

func (RuleArgs) ElementType

func (RuleArgs) ElementType() reflect.Type

type RuleScope

type RuleScope struct {
	// The IDs of the only AWS resource that you want to trigger an evaluation for the rule.
	// If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`.
	ComplianceResourceId *string `pulumi:"complianceResourceId"`
	// A list of resource types of only those AWS resources that you want to trigger an
	// evaluation for the rule. e.g. `AWS::EC2::Instance`. You can only specify one type if you also specify
	// a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.
	ComplianceResourceTypes []string `pulumi:"complianceResourceTypes"`
	// The tag key that is applied to only those AWS resources that you want you
	// want to trigger an evaluation for the rule.
	TagKey *string `pulumi:"tagKey"`
	// The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
	TagValue *string `pulumi:"tagValue"`
}

type RuleScopeArgs

type RuleScopeArgs struct {
	// The IDs of the only AWS resource that you want to trigger an evaluation for the rule.
	// If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`.
	ComplianceResourceId pulumi.StringPtrInput `pulumi:"complianceResourceId"`
	// A list of resource types of only those AWS resources that you want to trigger an
	// evaluation for the rule. e.g. `AWS::EC2::Instance`. You can only specify one type if you also specify
	// a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.
	ComplianceResourceTypes pulumi.StringArrayInput `pulumi:"complianceResourceTypes"`
	// The tag key that is applied to only those AWS resources that you want you
	// want to trigger an evaluation for the rule.
	TagKey pulumi.StringPtrInput `pulumi:"tagKey"`
	// The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
	TagValue pulumi.StringPtrInput `pulumi:"tagValue"`
}

func (RuleScopeArgs) ElementType

func (RuleScopeArgs) ElementType() reflect.Type

func (RuleScopeArgs) ToRuleScopeOutput

func (i RuleScopeArgs) ToRuleScopeOutput() RuleScopeOutput

func (RuleScopeArgs) ToRuleScopeOutputWithContext

func (i RuleScopeArgs) ToRuleScopeOutputWithContext(ctx context.Context) RuleScopeOutput

func (RuleScopeArgs) ToRuleScopePtrOutput

func (i RuleScopeArgs) ToRuleScopePtrOutput() RuleScopePtrOutput

func (RuleScopeArgs) ToRuleScopePtrOutputWithContext

func (i RuleScopeArgs) ToRuleScopePtrOutputWithContext(ctx context.Context) RuleScopePtrOutput

type RuleScopeInput

type RuleScopeInput interface {
	pulumi.Input

	ToRuleScopeOutput() RuleScopeOutput
	ToRuleScopeOutputWithContext(context.Context) RuleScopeOutput
}

RuleScopeInput is an input type that accepts RuleScopeArgs and RuleScopeOutput values. You can construct a concrete instance of `RuleScopeInput` via:

RuleScopeArgs{...}

type RuleScopeOutput

type RuleScopeOutput struct{ *pulumi.OutputState }

func (RuleScopeOutput) ComplianceResourceId

func (o RuleScopeOutput) ComplianceResourceId() pulumi.StringPtrOutput

The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`.

func (RuleScopeOutput) ComplianceResourceTypes

func (o RuleScopeOutput) ComplianceResourceTypes() pulumi.StringArrayOutput

A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. `AWS::EC2::Instance`. You can only specify one type if you also specify a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.

func (RuleScopeOutput) ElementType

func (RuleScopeOutput) ElementType() reflect.Type

func (RuleScopeOutput) TagKey

The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.

func (RuleScopeOutput) TagValue

func (o RuleScopeOutput) TagValue() pulumi.StringPtrOutput

The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

func (RuleScopeOutput) ToRuleScopeOutput

func (o RuleScopeOutput) ToRuleScopeOutput() RuleScopeOutput

func (RuleScopeOutput) ToRuleScopeOutputWithContext

func (o RuleScopeOutput) ToRuleScopeOutputWithContext(ctx context.Context) RuleScopeOutput

func (RuleScopeOutput) ToRuleScopePtrOutput

func (o RuleScopeOutput) ToRuleScopePtrOutput() RuleScopePtrOutput

func (RuleScopeOutput) ToRuleScopePtrOutputWithContext

func (o RuleScopeOutput) ToRuleScopePtrOutputWithContext(ctx context.Context) RuleScopePtrOutput

type RuleScopePtrInput

type RuleScopePtrInput interface {
	pulumi.Input

	ToRuleScopePtrOutput() RuleScopePtrOutput
	ToRuleScopePtrOutputWithContext(context.Context) RuleScopePtrOutput
}

RuleScopePtrInput is an input type that accepts RuleScopeArgs, RuleScopePtr and RuleScopePtrOutput values. You can construct a concrete instance of `RuleScopePtrInput` via:

        RuleScopeArgs{...}

or:

        nil

func RuleScopePtr

func RuleScopePtr(v *RuleScopeArgs) RuleScopePtrInput

type RuleScopePtrOutput

type RuleScopePtrOutput struct{ *pulumi.OutputState }

func (RuleScopePtrOutput) ComplianceResourceId

func (o RuleScopePtrOutput) ComplianceResourceId() pulumi.StringPtrOutput

The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for `complianceResourceTypes`.

func (RuleScopePtrOutput) ComplianceResourceTypes

func (o RuleScopePtrOutput) ComplianceResourceTypes() pulumi.StringArrayOutput

A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. `AWS::EC2::Instance`. You can only specify one type if you also specify a resource ID for `complianceResourceId`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.

func (RuleScopePtrOutput) Elem

func (RuleScopePtrOutput) ElementType

func (RuleScopePtrOutput) ElementType() reflect.Type

func (RuleScopePtrOutput) TagKey

The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.

func (RuleScopePtrOutput) TagValue

The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.

func (RuleScopePtrOutput) ToRuleScopePtrOutput

func (o RuleScopePtrOutput) ToRuleScopePtrOutput() RuleScopePtrOutput

func (RuleScopePtrOutput) ToRuleScopePtrOutputWithContext

func (o RuleScopePtrOutput) ToRuleScopePtrOutputWithContext(ctx context.Context) RuleScopePtrOutput

type RuleSource

type RuleSource struct {
	// Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS` or `CUSTOM_LAMBDA`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the `lambda.Permission` resource.
	Owner string `pulumi:"owner"`
	// Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA`.
	SourceDetails []RuleSourceSourceDetail `pulumi:"sourceDetails"`
	// For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `lambda.Function` resource.
	SourceIdentifier string `pulumi:"sourceIdentifier"`
}

type RuleSourceArgs

type RuleSourceArgs struct {
	// Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS` or `CUSTOM_LAMBDA`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the `lambda.Permission` resource.
	Owner pulumi.StringInput `pulumi:"owner"`
	// Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA`.
	SourceDetails RuleSourceSourceDetailArrayInput `pulumi:"sourceDetails"`
	// For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `lambda.Function` resource.
	SourceIdentifier pulumi.StringInput `pulumi:"sourceIdentifier"`
}

func (RuleSourceArgs) ElementType

func (RuleSourceArgs) ElementType() reflect.Type

func (RuleSourceArgs) ToRuleSourceOutput

func (i RuleSourceArgs) ToRuleSourceOutput() RuleSourceOutput

func (RuleSourceArgs) ToRuleSourceOutputWithContext

func (i RuleSourceArgs) ToRuleSourceOutputWithContext(ctx context.Context) RuleSourceOutput

func (RuleSourceArgs) ToRuleSourcePtrOutput

func (i RuleSourceArgs) ToRuleSourcePtrOutput() RuleSourcePtrOutput

func (RuleSourceArgs) ToRuleSourcePtrOutputWithContext

func (i RuleSourceArgs) ToRuleSourcePtrOutputWithContext(ctx context.Context) RuleSourcePtrOutput

type RuleSourceInput

type RuleSourceInput interface {
	pulumi.Input

	ToRuleSourceOutput() RuleSourceOutput
	ToRuleSourceOutputWithContext(context.Context) RuleSourceOutput
}

RuleSourceInput is an input type that accepts RuleSourceArgs and RuleSourceOutput values. You can construct a concrete instance of `RuleSourceInput` via:

RuleSourceArgs{...}

type RuleSourceOutput

type RuleSourceOutput struct{ *pulumi.OutputState }

func (RuleSourceOutput) ElementType

func (RuleSourceOutput) ElementType() reflect.Type

func (RuleSourceOutput) Owner

Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS` or `CUSTOM_LAMBDA`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the `lambda.Permission` resource.

func (RuleSourceOutput) SourceDetails

Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA`.

func (RuleSourceOutput) SourceIdentifier

func (o RuleSourceOutput) SourceIdentifier() pulumi.StringOutput

For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `lambda.Function` resource.

func (RuleSourceOutput) ToRuleSourceOutput

func (o RuleSourceOutput) ToRuleSourceOutput() RuleSourceOutput

func (RuleSourceOutput) ToRuleSourceOutputWithContext

func (o RuleSourceOutput) ToRuleSourceOutputWithContext(ctx context.Context) RuleSourceOutput

func (RuleSourceOutput) ToRuleSourcePtrOutput

func (o RuleSourceOutput) ToRuleSourcePtrOutput() RuleSourcePtrOutput

func (RuleSourceOutput) ToRuleSourcePtrOutputWithContext

func (o RuleSourceOutput) ToRuleSourcePtrOutputWithContext(ctx context.Context) RuleSourcePtrOutput

type RuleSourcePtrInput

type RuleSourcePtrInput interface {
	pulumi.Input

	ToRuleSourcePtrOutput() RuleSourcePtrOutput
	ToRuleSourcePtrOutputWithContext(context.Context) RuleSourcePtrOutput
}

RuleSourcePtrInput is an input type that accepts RuleSourceArgs, RuleSourcePtr and RuleSourcePtrOutput values. You can construct a concrete instance of `RuleSourcePtrInput` via:

        RuleSourceArgs{...}

or:

        nil

func RuleSourcePtr

func RuleSourcePtr(v *RuleSourceArgs) RuleSourcePtrInput

type RuleSourcePtrOutput

type RuleSourcePtrOutput struct{ *pulumi.OutputState }

func (RuleSourcePtrOutput) Elem

func (RuleSourcePtrOutput) ElementType

func (RuleSourcePtrOutput) ElementType() reflect.Type

func (RuleSourcePtrOutput) Owner

Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS` or `CUSTOM_LAMBDA`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the `lambda.Permission` resource.

func (RuleSourcePtrOutput) SourceDetails

Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA`.

func (RuleSourcePtrOutput) SourceIdentifier

func (o RuleSourcePtrOutput) SourceIdentifier() pulumi.StringPtrOutput

For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `lambda.Function` resource.

func (RuleSourcePtrOutput) ToRuleSourcePtrOutput

func (o RuleSourcePtrOutput) ToRuleSourcePtrOutput() RuleSourcePtrOutput

func (RuleSourcePtrOutput) ToRuleSourcePtrOutputWithContext

func (o RuleSourcePtrOutput) ToRuleSourcePtrOutputWithContext(ctx context.Context) RuleSourcePtrOutput

type RuleSourceSourceDetail

type RuleSourceSourceDetail struct {
	// The source of the event, such as an AWS service, that triggers AWS Config
	// to evaluate your AWS resources. This defaults to `aws.config` and is the only valid value.
	EventSource *string `pulumi:"eventSource"`
	// The frequency that you want AWS Config to run evaluations for a rule that
	// is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.
	MaximumExecutionFrequency *string `pulumi:"maximumExecutionFrequency"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:
	MessageType *string `pulumi:"messageType"`
}

type RuleSourceSourceDetailArgs

type RuleSourceSourceDetailArgs struct {
	// The source of the event, such as an AWS service, that triggers AWS Config
	// to evaluate your AWS resources. This defaults to `aws.config` and is the only valid value.
	EventSource pulumi.StringPtrInput `pulumi:"eventSource"`
	// The frequency that you want AWS Config to run evaluations for a rule that
	// is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.
	MaximumExecutionFrequency pulumi.StringPtrInput `pulumi:"maximumExecutionFrequency"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:
	MessageType pulumi.StringPtrInput `pulumi:"messageType"`
}

func (RuleSourceSourceDetailArgs) ElementType

func (RuleSourceSourceDetailArgs) ElementType() reflect.Type

func (RuleSourceSourceDetailArgs) ToRuleSourceSourceDetailOutput

func (i RuleSourceSourceDetailArgs) ToRuleSourceSourceDetailOutput() RuleSourceSourceDetailOutput

func (RuleSourceSourceDetailArgs) ToRuleSourceSourceDetailOutputWithContext

func (i RuleSourceSourceDetailArgs) ToRuleSourceSourceDetailOutputWithContext(ctx context.Context) RuleSourceSourceDetailOutput

type RuleSourceSourceDetailArray

type RuleSourceSourceDetailArray []RuleSourceSourceDetailInput

func (RuleSourceSourceDetailArray) ElementType

func (RuleSourceSourceDetailArray) ToRuleSourceSourceDetailArrayOutput

func (i RuleSourceSourceDetailArray) ToRuleSourceSourceDetailArrayOutput() RuleSourceSourceDetailArrayOutput

func (RuleSourceSourceDetailArray) ToRuleSourceSourceDetailArrayOutputWithContext

func (i RuleSourceSourceDetailArray) ToRuleSourceSourceDetailArrayOutputWithContext(ctx context.Context) RuleSourceSourceDetailArrayOutput

type RuleSourceSourceDetailArrayInput

type RuleSourceSourceDetailArrayInput interface {
	pulumi.Input

	ToRuleSourceSourceDetailArrayOutput() RuleSourceSourceDetailArrayOutput
	ToRuleSourceSourceDetailArrayOutputWithContext(context.Context) RuleSourceSourceDetailArrayOutput
}

RuleSourceSourceDetailArrayInput is an input type that accepts RuleSourceSourceDetailArray and RuleSourceSourceDetailArrayOutput values. You can construct a concrete instance of `RuleSourceSourceDetailArrayInput` via:

RuleSourceSourceDetailArray{ RuleSourceSourceDetailArgs{...} }

type RuleSourceSourceDetailArrayOutput

type RuleSourceSourceDetailArrayOutput struct{ *pulumi.OutputState }

func (RuleSourceSourceDetailArrayOutput) ElementType

func (RuleSourceSourceDetailArrayOutput) Index

func (RuleSourceSourceDetailArrayOutput) ToRuleSourceSourceDetailArrayOutput

func (o RuleSourceSourceDetailArrayOutput) ToRuleSourceSourceDetailArrayOutput() RuleSourceSourceDetailArrayOutput

func (RuleSourceSourceDetailArrayOutput) ToRuleSourceSourceDetailArrayOutputWithContext

func (o RuleSourceSourceDetailArrayOutput) ToRuleSourceSourceDetailArrayOutputWithContext(ctx context.Context) RuleSourceSourceDetailArrayOutput

type RuleSourceSourceDetailInput

type RuleSourceSourceDetailInput interface {
	pulumi.Input

	ToRuleSourceSourceDetailOutput() RuleSourceSourceDetailOutput
	ToRuleSourceSourceDetailOutputWithContext(context.Context) RuleSourceSourceDetailOutput
}

RuleSourceSourceDetailInput is an input type that accepts RuleSourceSourceDetailArgs and RuleSourceSourceDetailOutput values. You can construct a concrete instance of `RuleSourceSourceDetailInput` via:

RuleSourceSourceDetailArgs{...}

type RuleSourceSourceDetailOutput

type RuleSourceSourceDetailOutput struct{ *pulumi.OutputState }

func (RuleSourceSourceDetailOutput) ElementType

func (RuleSourceSourceDetailOutput) EventSource

The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to `aws.config` and is the only valid value.

func (RuleSourceSourceDetailOutput) MaximumExecutionFrequency

func (o RuleSourceSourceDetailOutput) MaximumExecutionFrequency() pulumi.StringPtrOutput

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.

func (RuleSourceSourceDetailOutput) MessageType

The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:

func (RuleSourceSourceDetailOutput) ToRuleSourceSourceDetailOutput

func (o RuleSourceSourceDetailOutput) ToRuleSourceSourceDetailOutput() RuleSourceSourceDetailOutput

func (RuleSourceSourceDetailOutput) ToRuleSourceSourceDetailOutputWithContext

func (o RuleSourceSourceDetailOutput) ToRuleSourceSourceDetailOutputWithContext(ctx context.Context) RuleSourceSourceDetailOutput

type RuleState

type RuleState struct {
	// The ARN of the config rule
	Arn pulumi.StringPtrInput
	// Description of the rule
	Description pulumi.StringPtrInput
	// A string in JSON format that is passed to the AWS Config rule Lambda function.
	InputParameters pulumi.StringPtrInput
	// The frequency that you want AWS Config to run evaluations for a rule that
	// is triggered periodically. If specified, requires `messageType` to be `ScheduledNotification`.
	MaximumExecutionFrequency pulumi.StringPtrInput
	// The name of the rule
	Name pulumi.StringPtrInput
	// The ID of the config rule
	RuleId pulumi.StringPtrInput
	// Scope defines which resources can trigger an evaluation for the rule as documented below.
	Scope RuleScopePtrInput
	// Source specifies the rule owner, the rule identifier, and the notifications that cause
	// the function to evaluate your AWS resources as documented below.
	Source RuleSourcePtrInput
	// A map of tags to assign to the resource.
	Tags pulumi.StringMapInput
}

func (RuleState) ElementType

func (RuleState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL