Manages a Config Organization Managed Rule. More information about these rules can be found in the Enabling AWS Config Rules Across all Accounts in Your Organization and AWS Config Managed Rules documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the aws_config_organization_custom_rule
resource.
resource "aws_organizations_organization" "example" {
aws_service_access_principals = ["config-multiaccountsetup.amazonaws.com"]
feature_set = "ALL"
}
resource "aws_config_organization_managed_rule" "example" {
depends_on = [aws_organizations_organization.example]
name = "example"
rule_identifier = "IAM_PASSWORD_POLICY"
}
This resource supports the following arguments:
name
- (Required) The name of the rulerule_identifier
- (Required) Identifier of an available AWS Config Managed Rule to call. For available values, see the List of AWS Config Managed Rules documentationdescription
- (Optional) Description of the ruleexcluded_accounts
- (Optional) List of AWS account identifiers to exclude from the ruleinput_parameters
- (Optional) A string in JSON format that is passed to the AWS Config Rule Lambda Functionmaximum_execution_frequency
- (Optional) The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to TwentyFour_Hours
for periodic frequency triggered rules. Valid values: One_Hour
, Three_Hours
, Six_Hours
, Twelve_Hours
, or TwentyFour_Hours
.resource_id_scope
- (Optional) Identifier of the AWS resource to evaluateresource_types_scope
- (Optional) List of types of AWS resources to evaluatetag_key_scope
- (Optional, Required if tag_value_scope
is configured) Tag key of AWS resources to evaluatetag_value_scope
- (Optional) Tag value of AWS resources to evaluateThis resource exports the following attributes in addition to the arguments above:
arn
- Amazon Resource Name (ARN) of the rulecreate
- (Default 5m
)delete
- (Default 5m
)update
- (Default 5m
)In Terraform v1.5.0 and later, use an import
block to import Config Organization Managed Rules using the name. For example:
import {
to = aws_config_organization_managed_rule.example
id = "example"
}
Using terraform import
, import Config Organization Managed Rules using the name. For example:
% terraform import aws_config_organization_managed_rule.example example