AWS::Config::ConfigRule Source
Provides the CustomPolicyDetails, the rule owner (
Amazon
for managed rules, CUSTOM_POLICY
for Custom Policy rules, and CUSTOM_LAMBDA
for Custom Lambda rules), the rule
identifier, and the events that cause the evaluation of your Amazon
resources.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "CustomPolicyDetails" :
CustomPolicyDetails
, "Owner" :String
, "SourceDetails" :[ SourceDetail, ... ]
, "SourceIdentifier" :String
}
YAML
CustomPolicyDetails:
CustomPolicyDetails
Owner:String
SourceDetails:- SourceDetail
SourceIdentifier:String
Properties
CustomPolicyDetails
-
Provides the runtime system, policy definition, and whether debug logging is enabled. Required when owner is set to
CUSTOM_POLICY
.Required: No
Type: CustomPolicyDetails
Update requires: No interruption
Owner
-
Indicates whether Amazon or the customer owns and manages the Amazon Config rule.
Amazon Config Managed Rules are predefined rules owned by Amazon. For more information, see Amazon Config Managed Rules in the Amazon Config developer guide.
Amazon Config Custom Rules are rules that you can develop either with Guard (
CUSTOM_POLICY
) or Amazon Lambda (CUSTOM_LAMBDA
). For more information, see Amazon Config Custom Rules in the Amazon Config developer guide.Required: Yes
Type: String
Allowed values:
AWS | CUSTOM_LAMBDA | CUSTOM_POLICY
Update requires: No interruption
SourceDetails
-
Provides the source and the message types that cause Amazon Config to evaluate your Amazon resources against a rule. It also provides the frequency with which you want Amazon Config to run evaluations for the rule if the trigger type is periodic.
If the owner is set to
CUSTOM_POLICY
, the only acceptable values for the Amazon Config rule trigger message type areConfigurationItemChangeNotification
andOversizedConfigurationItemChangeNotification
.Required: No
Type: Array of SourceDetail
Minimum:
0
Maximum:
25
Update requires: No interruption
SourceIdentifier
-
For Amazon Config Managed rules, a predefined identifier from a list. For example,
IAM_PASSWORD_POLICY
is a managed rule. To reference a managed rule, see List of Amazon Config Managed Rules.For Amazon Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's Amazon Lambda function, such as
arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name
.For Amazon Config Custom Policy rules, this field will be ignored.
Required: No
Type: String
Minimum:
1
Maximum:
256
Update requires: No interruption