aws-cdk-lib.aws_config.CustomRule

class CustomRule (construct)

LanguageType name
.NETAmazon.CDK.AWS.Config.CustomRule
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsconfig#CustomRule
Javasoftware.amazon.awscdk.services.config.CustomRule
Pythonaws_cdk.aws_config.CustomRule
TypeScript (source)aws-cdk-lib » aws_config » CustomRule

Implements IConstruct, IDependable, IResource, IRule

A new custom rule.

Example

// Lambda function containing logic that evaluates compliance with the rule.
const evalComplianceFn = new lambda.Function(this, "CustomFunction", {
  code: lambda.AssetCode.fromInline(
    "exports.handler = (event) => console.log(event);"
  ),
  handler: "index.handler",
  runtime: lambda.Runtime.NODEJS_18_X,
});

// A custom rule that runs on configuration changes of EC2 instances
const customRule = new config.CustomRule(this, "Custom", {
  configurationChanges: true,
  lambdaFunction: evalComplianceFn,
  ruleScope: config.RuleScope.fromResource(config.ResourceType.EC2_INSTANCE),
});

Initializer

new CustomRule(scope: Construct, id: string, props: CustomRuleProps)

Parameters

  • scope Construct
  • id string
  • props CustomRuleProps

Construct Props

NameTypeDescription
lambdaFunctionIFunctionThe Lambda function to run.
configRuleName?stringA name for the AWS Config rule.
configurationChanges?booleanWhether to run the rule on configuration changes.
description?stringA description about this AWS Config rule.
inputParameters?{ [string]: any }Input parameter values that are passed to the AWS Config rule.
maximumExecutionFrequency?MaximumExecutionFrequencyThe maximum frequency at which the AWS Config rule runs evaluations.
periodic?booleanWhether to run the rule on a fixed frequency.
ruleScope?RuleScopeDefines which resources trigger an evaluation for an AWS Config rule.

lambdaFunction

Type: IFunction

The Lambda function to run.


configRuleName?

Type: string (optional, default: CloudFormation generated name)

A name for the AWS Config rule.


configurationChanges?

Type: boolean (optional, default: false)

Whether to run the rule on configuration changes.


description?

Type: string (optional, default: No description)

A description about this AWS Config rule.


inputParameters?

Type: { [string]: any } (optional, default: No input parameters)

Input parameter values that are passed to the AWS Config rule.


maximumExecutionFrequency?

Type: MaximumExecutionFrequency (optional, default: MaximumExecutionFrequency.TWENTY_FOUR_HOURS)

The maximum frequency at which the AWS Config rule runs evaluations.


periodic?

Type: boolean (optional, default: false)

Whether to run the rule on a fixed frequency.


ruleScope?

Type: RuleScope (optional, default: evaluations for the rule are triggered when any resource in the recording group changes.)

Defines which resources trigger an evaluation for an AWS Config rule.

Properties

NameTypeDescription
configRuleArnstringThe arn of the rule.
configRuleComplianceTypestringThe compliance status of the rule.
configRuleIdstringThe id of the rule.
configRuleNamestringThe name of the rule.
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.
isCustomWithChanges?boolean
isManaged?boolean
ruleScope?RuleScope

configRuleArn

Type: string

The arn of the rule.


configRuleComplianceType

Type: string

The compliance status of the rule.


configRuleId

Type: string

The id of the rule.


configRuleName

Type: string

The name of the rule.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.


isCustomWithChanges?

Type: boolean (optional)


isManaged?

Type: boolean (optional)


ruleScope?

Type: RuleScope (optional)

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
onComplianceChange(id, options?)Defines an EventBridge event rule which triggers for rule compliance events.
onEvent(id, options?)Defines an EventBridge event rule which triggers for rule events.
onReEvaluationStatus(id, options?)Defines an EventBridge event rule which triggers for rule re-evaluation status events.
toString()Returns a string representation of this construct.
static fromConfigRuleName(scope, id, configRuleName)Imports an existing rule.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


onComplianceChange(id, options?)

public onComplianceChange(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule compliance events.


onEvent(id, options?)

public onEvent(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule events.

Use rule.addEventPattern(pattern) to specify a filter.


onReEvaluationStatus(id, options?)

public onReEvaluationStatus(id: string, options?: OnEventOptions): Rule

Parameters

  • id string
  • options OnEventOptions

Returns

  • Rule

Defines an EventBridge event rule which triggers for rule re-evaluation status events.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromConfigRuleName(scope, id, configRuleName)

public static fromConfigRuleName(scope: Construct, id: string, configRuleName: string): IRule

Parameters

  • scope Construct
  • id string
  • configRuleName string — the name of the rule.

Returns

  • IRule

Imports an existing rule.