Resource: aws_config_organization_custom_rule

Manages a Config Organization Custom Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule resource.

Example Usage

resource "aws_lambda_permission" "example" {
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.example.arn
  principal     = "config.amazonaws.com"
  statement_id  = "AllowExecutionFromConfig"
}

resource "aws_organizations_organization" "example" {
  aws_service_access_principals = ["config-multiaccountsetup.amazonaws.com"]
  feature_set                   = "ALL"
}

resource "aws_config_organization_custom_rule" "example" {
  depends_on = [
    aws_lambda_permission.example,
    aws_organizations_organization.example,
  ]

  lambda_function_arn = aws_lambda_function.example.arn
  name                = "example"
  trigger_types       = ["ConfigurationItemChangeNotification"]
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import Config Organization Custom Rules using the name. For example:

import {
  to = aws_config_organization_custom_rule.example
  id = "example"
}

Using terraform import, import Config Organization Custom Rules using the name. For example:

% terraform import aws_config_organization_custom_rule.example example