AWS::Config::ConfigRule Source

Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to CUSTOM_POLICY.

Required: No

Type: CustomPolicyDetails

Update requires: No interruption

Indicates whether Amazon or the customer owns and manages the Amazon Config rule.

Amazon Config Managed Rules are predefined rules owned by Amazon. For more information, see Amazon Config Managed Rules in the Amazon Config developer guide.

Amazon Config Custom Rules are rules that you can develop either with Guard (CUSTOM_POLICY) or Amazon Lambda (CUSTOM_LAMBDA). For more information, see Amazon Config Custom Rules in the Amazon Config developer guide.

Required: Yes

Type: String

Allowed values: AWS | CUSTOM_LAMBDA | CUSTOM_POLICY

Update requires: No interruption

Provides the source and the message types that cause Amazon Config to evaluate your Amazon resources against a rule. It also provides the frequency with which you want Amazon Config to run evaluations for the rule if the trigger type is periodic.

If the owner is set to CUSTOM_POLICY, the only acceptable values for the Amazon Config rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification.

Required: No

Type: Array of SourceDetail

Minimum: 0

Maximum: 25

Update requires: No interruption

For Amazon Config Managed rules, a predefined identifier from a list. For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of Amazon Config Managed Rules.

For Amazon Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's Amazon Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name.

For Amazon Config Custom Policy rules, this field will be ignored.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption