aws-cdk-lib.aws_config.CfnConfigRule.SourceProperty

interface SourceProperty

LanguageType name
.NETAmazon.CDK.AWS.Config.CfnConfigRule.SourceProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CfnConfigRule_SourceProperty
Javasoftware.amazon.awscdk.services.config.CfnConfigRule.SourceProperty
Pythonaws_cdk.aws_config.CfnConfigRule.SourceProperty
TypeScript aws-cdk-lib » aws_config » CfnConfigRule » SourceProperty

Provides the CustomPolicyDetails, the rule owner ( AWS for managed rules, CUSTOM_POLICY for Custom Policy rules, and CUSTOM_LAMBDA for Custom Lambda rules), the rule identifier, and the events that cause the evaluation of your AWS resources.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_config as config } from 'aws-cdk-lib';
const sourceProperty: config.CfnConfigRule.SourceProperty = {
  owner: 'owner',

  // the properties below are optional
  customPolicyDetails: {
    enableDebugLogDelivery: false,
    policyRuntime: 'policyRuntime',
    policyText: 'policyText',
  },
  sourceDetails: [{
    eventSource: 'eventSource',
    messageType: 'messageType',

    // the properties below are optional
    maximumExecutionFrequency: 'maximumExecutionFrequency',
  }],
  sourceIdentifier: 'sourceIdentifier',
};

Properties

NameTypeDescription
ownerstringIndicates whether AWS or the customer owns and manages the AWS Config rule.
customPolicyDetails?IResolvable | CustomPolicyDetailsPropertyProvides the runtime system, policy definition, and whether debug logging is enabled.
sourceDetails?IResolvable | IResolvable | SourceDetailProperty[]Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.
sourceIdentifier?stringFor AWS Config Managed rules, a predefined identifier from a list.

owner

Type: string

Indicates whether AWS or the customer owns and manages the AWS Config rule.

AWS Config Managed Rules are predefined rules owned by AWS . For more information, see AWS Config Managed Rules in the AWS Config developer guide .

AWS Config Custom Rules are rules that you can develop either with Guard ( CUSTOM_POLICY ) or AWS Lambda ( CUSTOM_LAMBDA ). For more information, see AWS Config Custom Rules in the AWS Config developer guide .


customPolicyDetails?

Type: IResolvable | CustomPolicyDetailsProperty (optional)

Provides the runtime system, policy definition, and whether debug logging is enabled.

Required when owner is set to CUSTOM_POLICY .


sourceDetails?

Type: IResolvable | IResolvable | SourceDetailProperty[] (optional)

Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.

If the owner is set to CUSTOM_POLICY , the only acceptable values for the AWS Config rule trigger message type are ConfigurationItemChangeNotification and OversizedConfigurationItemChangeNotification .


sourceIdentifier?

Type: string (optional)

For AWS Config Managed rules, a predefined identifier from a list.

For example, IAM_PASSWORD_POLICY is a managed rule. To reference a managed rule, see List of AWS Config Managed Rules .

For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name .

For AWS Config Custom Policy rules, this field will be ignored.