AWS::Config::ConformancePack - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Config::ConformancePack

A conformance pack is a collection of Amazon Config rules and remediation actions that can be easily deployed in an account and a region. ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Config::ConformancePack",
  "Properties" : {
      "ConformancePackInputParameters" : [ ConformancePackInputParameter, ... ],
      "ConformancePackName" : String,
      "DeliveryS3Bucket" : String,
      "DeliveryS3KeyPrefix" : String,
      "TemplateBody" : String,
      "TemplateS3Uri" : String,
      "TemplateSSMDocumentDetails" : TemplateSSMDocumentDetails
    }
}

Properties

ConformancePackInputParameters

A list of ConformancePackInputParameter objects.

Required: No

Type: Array of ConformancePackInputParameter

Minimum: 0

Maximum: 60

Update requires: No interruption

ConformancePackName

Name of the conformance pack you want to create.

Required: Yes

Type: String

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Minimum: 1

Maximum: 256

Update requires: Replacement

DeliveryS3Bucket

The name of the Amazon S3 bucket where Amazon Config stores conformance pack templates.

Required: No

Type: String

Minimum: 0

Maximum: 63

Update requires: No interruption

DeliveryS3KeyPrefix

The prefix for the Amazon S3 bucket.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

TemplateBody

A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

Note

You can only use a YAML template with two resource types: config rule (AWS::Config::ConfigRule) and a remediation action (AWS::Config::RemediationConfiguration).

Required: No

Type: String

Minimum: 1

Maximum: 51200

Update requires: No interruption

TemplateS3Uri

Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.

Note

You must have access to read Amazon S3 bucket.

Required: No

Type: String

Pattern: s3://.*

Minimum: 1

Maximum: 1024

Update requires: No interruption

TemplateSSMDocumentDetails

An object that contains the name or Amazon Resource Name (ARN) of the Amazon Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.

Required: No

Type: TemplateSSMDocumentDetails

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the conformance pack.

For more information about using the Ref function, see Ref.

Examples

Conformance Pack

The following example creates a conformance pack.

JSON


{
    "Resources": {
        "ConformancePack": {
            "Type": "AWS::Config::ConformancePack",
            "Properties": {
                "ConformancePackName": "ConformancePackName",
                "DeliveryS3Bucket": "DeliveryS3Bucket",
                "TemplateS3Uri": "s3://bucketname/prefix"            
            }
        }
    }
}

YAML


---
AWSTemplateFormatVersion: 2010-09-09
Resources:
    CloudFormationCanaryPack:
        Type: AWS::Config::ConformancePack
        Properties:
          ConformancePackName: ConformancePackName
          DeliveryS3Bucket: DeliveryS3Bucket
          TemplateS3Uri: s3://bucketname/prefix