aws-cdk-lib.aws_config.ManagedRule

class ManagedRule (construct)

LanguageType name
.NETAmazon.CDK.AWS.Config.ManagedRule
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#ManagedRule
Javasoftware.amazon.awscdk.services.config.ManagedRule
Pythonaws_cdk.aws_config.ManagedRule
TypeScript (source)aws-cdk-lib » aws_config » ManagedRule

Implements IConstruct, IDependable, IResource, IRule

A new managed rule.

Example

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
new config.ManagedRule(this, 'AccessKeysRotated', {
  identifier: config.ManagedRuleIdentifiers.ACCESS_KEYS_ROTATED,
  inputParameters: {
    maxAccessKeyAge: 60, // default is 90 days
  },

  // default is 24 hours
  maximumExecutionFrequency: config.MaximumExecutionFrequency.TWELVE_HOURS,
});

Initializer

new ManagedRule(scope: Construct, id: string, props: ManagedRuleProps)

Parameters

  • scope Construct
  • id string
  • props ManagedRuleProps

Construct Props

NameTypeDescription
identifierstringThe identifier of the AWS managed rule.
configRuleName?stringA name for the AWS Config rule.
description?stringA description about this AWS Config rule.
inputParameters?{ [string]: any }Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?MaximumExecutionFrequencyThe maximum frequency at which the AWS Config rule runs evaluations.
ruleScope?RuleScopeDefines which resources trigger an evaluation for an AWS Config rule.

identifier

Type: string

The identifier of the AWS managed rule.

See also: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html


configRuleName?

Type: string (optional, default: CloudFormation generated name)

A name for the AWS Config rule.


description?

Type: string (optional, default: No description)

A description about this AWS Config rule.


inputParameters?

Type: { [string]: any } (optional, default: No input parameters)

Input parameter values that are passed to the AWS Config rule.


maximumExecutionFrequency?

Type: MaximumExecutionFrequency (optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)

The maximum frequency at which the AWS Config rule runs evaluations.


ruleScope?

Type: RuleScope (optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)

Defines which resources trigger an evaluation for an AWS Config rule.

Properties

NameTypeDescription
configRuleArnstringThe arn of the rule.
configRuleComplianceTypestringThe compliance status of the rule.
configRuleIdstringThe id of the rule.
configRuleNamestringThe name of the rule.
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.
isCustomWithChanges?boolean
isManaged?boolean
ruleScope?RuleScope

configRuleArn

Type: string

The arn of the rule.


configRuleComplianceType

Type: string

The compliance status of the rule.


configRuleId

Type: string

The id of the rule.


configRuleName

Type: string

The name of the rule.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.


isCustomWithChanges?

Type: boolean (optional)


isManaged?

Type: boolean (optional)


ruleScope?

Type: RuleScope (optional)

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
onComplianceChange(id, options?)Defines an EventBridge event rule which triggers for rule compliance events.
onEvent(id, options?)Defines an EventBridge event rule which triggers for rule events.
onReEvaluationStatus(id, options?)Defines an EventBridge event rule which triggers for rule re-evaluation status events.
toString()Returns a string representation of this construct.
static fromConfigRuleName(scope, id, configRuleName)Imports an existing rule.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


onComplianceChange(id, options?)

public onComplianceChange(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule compliance events.


onEvent(id, options?)

public onEvent(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule events.

Use rule.addEventPattern(pattern) to specify a filter.


onReEvaluationStatus(id, options?)

public onReEvaluationStatus(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule re-evaluation status events.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromConfigRuleName(scope, id, configRuleName)

public static fromConfigRuleName(scope: Construct, id: string, configRuleName: string): IRule

Parameters

  • scope Construct
  • id string
  • configRuleName string — the name of the rule.

Returns

  • IRule

Imports an existing rule.