aws-cdk-lib.aws_config.AccessKeysRotated

class AccessKeysRotated (construct)

LanguageType name
.NETAmazon.CDK.AWS.Config.AccessKeysRotated
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#AccessKeysRotated
Javasoftware.amazon.awscdk.services.config.AccessKeysRotated
Pythonaws_cdk.aws_config.AccessKeysRotated
TypeScript (source)aws-cdk-lib » aws_config » AccessKeysRotated

Implements IConstruct, IDependable, IResource, IRule

Checks whether the active access keys are rotated within the number of days specified in maxAge.

See also: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html

Example

// compliant if access keys have been rotated within the last 90 days
new config.AccessKeysRotated(this, 'AccessKeyRotated');

Initializer

new AccessKeysRotated(scope: Construct, id: string, props?: AccessKeysRotatedProps)

Parameters

  • scope Construct
  • id string
  • props AccessKeysRotatedProps

Construct Props

NameTypeDescription
configRuleName?stringA name for the AWS Config rule.
description?stringA description about this AWS Config rule.
inputParameters?{ [string]: any }Input parameter values that are passed to the AWS Config rule.
maxAge?DurationThe maximum number of days within which the access keys must be rotated.
maximumExecutionFrequency?MaximumExecutionFrequencyThe maximum frequency at which the AWS Config rule runs evaluations.
ruleScope?RuleScopeDefines which resources trigger an evaluation for an AWS Config rule.

configRuleName?

Type: string (optional, default: CloudFormation generated name)

A name for the AWS Config rule.


description?

Type: string (optional, default: No description)

A description about this AWS Config rule.


inputParameters?

Type: { [string]: any } (optional, default: No input parameters)

Input parameter values that are passed to the AWS Config rule.


maxAge?

Type: Duration (optional, default: Duration.days(90))

The maximum number of days within which the access keys must be rotated.


maximumExecutionFrequency?

Type: MaximumExecutionFrequency (optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)

The maximum frequency at which the AWS Config rule runs evaluations.


ruleScope?

Type: RuleScope (optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)

Defines which resources trigger an evaluation for an AWS Config rule.

Properties

NameTypeDescription
configRuleArnstringThe arn of the rule.
configRuleComplianceTypestringThe compliance status of the rule.
configRuleIdstringThe id of the rule.
configRuleNamestringThe name of the rule.
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.

configRuleArn

Type: string

The arn of the rule.


configRuleComplianceType

Type: string

The compliance status of the rule.


configRuleId

Type: string

The id of the rule.


configRuleName

Type: string

The name of the rule.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
onComplianceChange(id, options?)Defines an EventBridge event rule which triggers for rule compliance events.
onEvent(id, options?)Defines an EventBridge event rule which triggers for rule events.
onReEvaluationStatus(id, options?)Defines an EventBridge event rule which triggers for rule re-evaluation status events.
toString()Returns a string representation of this construct.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


onComplianceChange(id, options?)

public onComplianceChange(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule compliance events.


onEvent(id, options?)

public onEvent(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule events.

Use rule.addEventPattern(pattern) to specify a filter.


onReEvaluationStatus(id, options?)

public onReEvaluationStatus(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule re-evaluation status events.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.