AWS::Config::ConfigRule CustomPolicyDetails

Provides the runtime system, policy definition, and whether debug logging enabled. You can specify the following CustomPolicyDetails parameter values only for AWS Config Custom Policy rules.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "EnableDebugLogDelivery" : Boolean, "PolicyRuntime" : String, "PolicyText" : String }

YAML

EnableDebugLogDelivery: Boolean PolicyRuntime: String PolicyText: String

Properties

EnableDebugLogDelivery

The boolean expression for enabling debug logging for your AWS Config Custom Policy rule. The default value is false.

Required: No

Type: Boolean

Update requires: No interruption

PolicyRuntime

The runtime system for your AWS Config Custom Policy rule. Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.

Required: No

Type: String

Minimum: 1

Maximum: 64

Pattern: guard\-2\.x\.x

Update requires: No interruption

PolicyText

The policy definition containing the logic for your AWS Config Custom Policy rule.

Required: No

Type: String

Minimum: 0

Maximum: 10000

Update requires: No interruption