Amazon Config Custom Rules - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon Config Custom Rules

You can use Guard Custom policy or Lambda functions to develop Custom Policy Rules or Custom Lambda Rules and add them to Amazon Config.

Guard is a policy-as-code language that allows you to write policies that are enforced by Amazon Config Custom Policy rules. Rules written using Guard can be created from the Amazon Config console or by using the Amazon Config rule APIs. Amazon Config Custom Policy rules allow you to create Amazon Config Custom rules without needing to use Java or Python to develop Lambda functions to manage your custom rules. Amazon Config Custom Policy rules are initiated by configuration changes. For more information about Guard, see the Guard GitHub Repository.

Custom Lambda rules provide you with the option to use Java or Python to create a Lambda function for a Amazon Config Custom rule. A Lambda function is custom code that you upload to Amazon Lambda, and it is invoked by events that are published to it by an event source. If the Lambda function is associated with an Amazon Config rule, Amazon Config invokes it when the rule is initiated. The Lambda function then evaluates the configuration information that is sent by Amazon Config, and it returns the evaluation results. For more information about Lambda functions, see Function and Event Sources in the Amazon Lambda Developer Guide.