class Aws::ConfigService::Types::ConfigRule

An Config rule represents an Lambda function that you create for a custom rule or a predefined function for an Config managed rule. The function evaluates configuration items to assess whether your Amazon Web Services resources comply with your desired configurations. This function can run when Config detects a configuration change to an Amazon Web Services resource and at a periodic frequency that you choose (for example, every 24 hours).

<note markdown=“1”> You can use the Amazon Web Services CLI and Amazon Web Services SDKs if you want to create a rule that triggers evaluations for your resources when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

</note>

For more information about developing and using Config rules, see [Evaluating Amazon Web Services resource Configurations with Config] in the *Config Developer Guide*.

[1]: docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

@note When making an API call, you may pass ConfigRule

data as a hash:

    {
      config_rule_name: "ConfigRuleName",
      config_rule_arn: "StringWithCharLimit256",
      config_rule_id: "StringWithCharLimit64",
      description: "EmptiableStringWithCharLimit256",
      scope: {
        compliance_resource_types: ["StringWithCharLimit256"],
        tag_key: "StringWithCharLimit128",
        tag_value: "StringWithCharLimit256",
        compliance_resource_id: "BaseResourceId",
      },
      source: { # required
        owner: "CUSTOM_LAMBDA", # required, accepts CUSTOM_LAMBDA, AWS
        source_identifier: "StringWithCharLimit256", # required
        source_details: [
          {
            event_source: "aws.config", # accepts aws.config
            message_type: "ConfigurationItemChangeNotification", # accepts ConfigurationItemChangeNotification, ConfigurationSnapshotDeliveryCompleted, ScheduledNotification, OversizedConfigurationItemChangeNotification
            maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours
          },
        ],
      },
      input_parameters: "StringWithCharLimit1024",
      maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours
      config_rule_state: "ACTIVE", # accepts ACTIVE, DELETING, DELETING_RESULTS, EVALUATING
      created_by: "StringWithCharLimit256",
    }

@!attribute [rw] config_rule_name

The name that you assign to the Config rule. The name is required if
you are adding a new rule.
@return [String]

@!attribute [rw] config_rule_arn

The Amazon Resource Name (ARN) of the Config rule.
@return [String]

@!attribute [rw] config_rule_id

The ID of the Config rule.
@return [String]

@!attribute [rw] description

The description that you provide for the Config rule.
@return [String]

@!attribute [rw] scope

Defines which resources can trigger an evaluation for the rule. The
scope can include one or more resource types, a combination of one
resource type and one resource ID, or a combination of a tag key and
value. Specify a scope to constrain the resources that can trigger
an evaluation for the rule. If you do not specify a scope,
evaluations are triggered when any resource in the recording group
changes.

<note markdown="1"> The scope can be empty.

 </note>
@return [Types::Scope]

@!attribute [rw] source

Provides the rule owner (Amazon Web Services or customer), the rule
identifier, and the notifications that cause the function to
evaluate your Amazon Web Services resources.
@return [Types::Source]

@!attribute [rw] input_parameters

A string, in JSON format, that is passed to the Config rule Lambda
function.
@return [String]

@!attribute [rw] maximum_execution_frequency

The maximum frequency with which Config runs evaluations for a rule.
You can specify a value for `MaximumExecutionFrequency` when:

* You are using an Config managed rule that is triggered at a
  periodic frequency.

* Your custom rule is triggered when Config delivers the
  configuration snapshot. For more information, see
  ConfigSnapshotDeliveryProperties.

<note markdown="1"> By default, rules with a periodic trigger are evaluated every 24
hours. To change the frequency, specify a valid value for the
`MaximumExecutionFrequency` parameter.

 </note>
@return [String]

@!attribute [rw] config_rule_state

Indicates whether the Config rule is active or is currently being
deleted by Config. It can also indicate the evaluation status for
the Config rule.

Config sets the state of the rule to `EVALUATING` temporarily after
you use the `StartConfigRulesEvaluation` request to evaluate your
resources against the Config rule.

Config sets the state of the rule to `DELETING_RESULTS` temporarily
after you use the `DeleteEvaluationResults` request to delete the
current evaluation results for the Config rule.

Config temporarily sets the state of a rule to `DELETING` after you
use the `DeleteConfigRule` request to delete the rule. After Config
deletes the rule, the rule and all of its evaluations are erased and
are no longer available.
@return [String]

@!attribute [rw] created_by

Service principal name of the service that created the rule.

<note markdown="1"> The field is populated only if the service linked rule is created by
a service. The field is empty if you create your own rule.

 </note>
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/ConfigRule AWS API Documentation

Constants

SENSITIVE