Resource: aws_config_organization_custom_policy_rule

Manages a Config Organization Custom Policy Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the aws_config_organization_managed__rule resource.

Example Usage

Basic Usage

resource "aws_config_organization_custom_policy_rule" "example" {
  name = "example_rule_name"

  policy_runtime = "guard-2.x.x"
  policy_text    = <<-EOF
  let status = ['ACTIVE']

  rule tableisactive when
      resourceType == "AWS::DynamoDB::Table" {
      configuration.tableStatus == %status
  }

  rule checkcompliance when
      resourceType == "AWS::DynamoDB::Table"
      tableisactive {
          let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
          %pitr == "ENABLED"
      }
  EOF

  resource_types_scope = ["AWS::DynamoDB::Table"]
}

Argument Reference

The following arguments are required:

The following arguments are optional:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import a Config Organization Custom Policy Rule using the name argument. For example:

import {
  to = aws_config_organization_custom_policy_rule.example
  id = "example_rule_name"
}

Using terraform import, import a Config Organization Custom Policy Rule using the name argument. For example:

% terraform import aws_config_organization_custom_policy_rule.example example_rule_name