aws-cdk-lib.aws_config.CloudFormationStackDriftDetectionCheckProps

interface CloudFormationStackDriftDetectionCheckProps

LanguageType name
.NETAmazon.CDK.AWS.Config.CloudFormationStackDriftDetectionCheckProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CloudFormationStackDriftDetectionCheckProps
Javasoftware.amazon.awscdk.services.config.CloudFormationStackDriftDetectionCheckProps
Pythonaws_cdk.aws_config.CloudFormationStackDriftDetectionCheckProps
TypeScript (source)aws-cdk-lib » aws_config » CloudFormationStackDriftDetectionCheckProps

Construction properties for a CloudFormationStackDriftDetectionCheck.

Example

// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
new config.CloudFormationStackDriftDetectionCheck(this, 'Drift', {
  ownStackOnly: true, // checks only the stack containing the rule
});

Properties

NameTypeDescription
configRuleName?stringA name for the AWS Config rule.
description?stringA description about this AWS Config rule.
inputParameters?{ [string]: any }Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?MaximumExecutionFrequencyThe maximum frequency at which the AWS Config rule runs evaluations.
ownStackOnly?booleanWhether to check only the stack where this rule is deployed.
role?IRoleThe IAM role to use for this rule.
ruleScope?RuleScopeDefines which resources trigger an evaluation for an AWS Config rule.

configRuleName?

Type: string (optional, default: CloudFormation generated name)

A name for the AWS Config rule.


description?

Type: string (optional, default: No description)

A description about this AWS Config rule.


inputParameters?

Type: { [string]: any } (optional, default: No input parameters)

Input parameter values that are passed to the AWS Config rule.


maximumExecutionFrequency?

Type: MaximumExecutionFrequency (optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)

The maximum frequency at which the AWS Config rule runs evaluations.


ownStackOnly?

Type: boolean (optional, default: false)

Whether to check only the stack where this rule is deployed.


role?

Type: IRole (optional, default: A role will be created)

The IAM role to use for this rule.

It must have permissions to detect drift for AWS CloudFormation stacks. Ensure to attach config.amazonaws.com trusted permissions and ReadOnlyAccess policy permissions. For specific policy permissions, refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.


ruleScope?

Type: RuleScope (optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)

Defines which resources trigger an evaluation for an AWS Config rule.