aws-cdk-lib.aws_config.CustomPolicyProps

interface CustomPolicyProps

LanguageType name
.NETAmazon.CDK.AWS.Config.CustomPolicyProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CustomPolicyProps
Javasoftware.amazon.awscdk.services.config.CustomPolicyProps
Pythonaws_cdk.aws_config.CustomPolicyProps
TypeScript (source)aws-cdk-lib » aws_config » CustomPolicyProps

Construction properties for a CustomPolicy.

Example

const samplePolicyText = `
# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables
let status = ['ACTIVE']

rule tableisactive when
    resourceType == "AWS::DynamoDB::Table" {
    configuration.tableStatus == %status
}

rule checkcompliance when
    resourceType == "AWS::DynamoDB::Table"
    tableisactive {
        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
        %pitr == "ENABLED"
}
`;

new config.CustomPolicy(this, "Custom", {
  policyText: samplePolicyText,
  enableDebugLog: true,
  ruleScope: config.RuleScope.fromResources([
    config.ResourceType.DYNAMODB_TABLE,
  ]),
});

Properties

NameTypeDescription
policyTextstringThe policy definition containing the logic for your AWS Config Custom Policy rule.
configRuleName?stringA name for the AWS Config rule.
description?stringA description about this AWS Config rule.
enableDebugLog?booleanThe boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
inputParameters?{ [string]: any }Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?MaximumExecutionFrequencyThe maximum frequency at which the AWS Config rule runs evaluations.
ruleScope?RuleScopeDefines which resources trigger an evaluation for an AWS Config rule.

policyText

Type: string

The policy definition containing the logic for your AWS Config Custom Policy rule.


configRuleName?

Type: string (optional, default: CloudFormation generated name)

A name for the AWS Config rule.


description?

Type: string (optional, default: No description)

A description about this AWS Config rule.


enableDebugLog?

Type: boolean (optional, default: false)

The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.


inputParameters?

Type: { [string]: any } (optional, default: No input parameters)

Input parameter values that are passed to the AWS Config rule.


maximumExecutionFrequency?

Type: MaximumExecutionFrequency (optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)

The maximum frequency at which the AWS Config rule runs evaluations.


ruleScope?

Type: RuleScope (optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)

Defines which resources trigger an evaluation for an AWS Config rule.