AWS::Config::OrganizationConfigRule OrganizationCustomPolicyRuleMetadata - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Config::OrganizationConfigRule OrganizationCustomPolicyRuleMetadata

An object that specifies metadata for your organization's Amazon Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon resource, and organization trigger types that initiate Amazon Config to evaluate Amazon resources against a rule.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "DebugLogDeliveryAccounts" : [ String, ... ], "Description" : String, "InputParameters" : String, "MaximumExecutionFrequency" : String, "OrganizationConfigRuleTriggerTypes" : [ String, ... ], "PolicyText" : String, "ResourceIdScope" : String, "ResourceTypesScope" : [ String, ... ], "Runtime" : String, "TagKeyScope" : String, "TagValueScope" : String }

Properties

DebugLogDeliveryAccounts

A list of accounts that you can enable debug logging for your organization Amazon Config Custom Policy rule. List is null when debug logging is enabled for all accounts.

Required: No

Type: Array of String

Minimum: 0

Maximum: 1000

Update requires: No interruption

Description

The description that you provide for your organization Amazon Config Custom Policy rule.

Required: No

Type: String

Minimum: 0

Maximum: 256

Update requires: No interruption

InputParameters

A string, in JSON format, that is passed to your organization Amazon Config Custom Policy rule.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

MaximumExecutionFrequency

The maximum frequency with which Amazon Config runs evaluations for a rule. Your Amazon Config Custom Policy rule is triggered when Amazon Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

Required: No

Type: String

Allowed values: One_Hour | Three_Hours | Six_Hours | Twelve_Hours | TwentyFour_Hours

Update requires: No interruption

OrganizationConfigRuleTriggerTypes

The type of notification that initiates Amazon Config to run an evaluation for a rule. For Amazon Config Custom Policy rules, Amazon Config supports change-initiated notification types:

  • ConfigurationItemChangeNotification - Initiates an evaluation when Amazon Config delivers a configuration item as a result of a resource change.

  • OversizedConfigurationItemChangeNotification - Initiates an evaluation when Amazon Config delivers an oversized configuration item. Amazon Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.

Required: No

Type: Array of String

Update requires: No interruption

PolicyText

The policy definition containing the logic for your organization Amazon Config Custom Policy rule.

Required: Yes

Type: String

Minimum: 0

Maximum: 10000

Update requires: No interruption

ResourceIdScope

The ID of the Amazon resource that was evaluated.

Required: No

Type: String

Minimum: 1

Maximum: 768

Update requires: No interruption

ResourceTypesScope

The type of the Amazon resource that was evaluated.

Required: No

Type: Array of String

Minimum: 0

Maximum: 100

Update requires: No interruption

Runtime

The runtime system for your organization Amazon Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Amazon Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.

Required: Yes

Type: String

Pattern: guard\-2\.x\.x

Minimum: 1

Maximum: 64

Update requires: No interruption

TagKeyScope

One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

Required: No

Type: String

Minimum: 1

Maximum: 128

Update requires: No interruption

TagValueScope

The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption