class Aws::ConfigService::Types::ConfigRule
An Config rule represents an Lambda function that you create for a custom rule or a predefined function for an Config managed rule. The function evaluates configuration items to assess whether your Amazon Web Services resources comply with your desired configurations. This function can run when Config detects a configuration change to an Amazon Web Services resource and at a periodic frequency that you choose (for example, every 24 hours).
<note markdown=“1”> You can use the Amazon Web Services CLI and Amazon Web Services SDKs if you want to create a rule that triggers evaluations for your resources when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties
.
</note>
For more information about developing and using Config rules, see [Evaluating Amazon Web Services resource Configurations with Config] in the *Config Developer Guide*.
[1]: docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html
@note When making an API call, you may pass ConfigRule
data as a hash: { config_rule_name: "ConfigRuleName", config_rule_arn: "StringWithCharLimit256", config_rule_id: "StringWithCharLimit64", description: "EmptiableStringWithCharLimit256", scope: { compliance_resource_types: ["StringWithCharLimit256"], tag_key: "StringWithCharLimit128", tag_value: "StringWithCharLimit256", compliance_resource_id: "BaseResourceId", }, source: { # required owner: "CUSTOM_LAMBDA", # required, accepts CUSTOM_LAMBDA, AWS source_identifier: "StringWithCharLimit256", # required source_details: [ { event_source: "aws.config", # accepts aws.config message_type: "ConfigurationItemChangeNotification", # accepts ConfigurationItemChangeNotification, ConfigurationSnapshotDeliveryCompleted, ScheduledNotification, OversizedConfigurationItemChangeNotification maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours }, ], }, input_parameters: "StringWithCharLimit1024", maximum_execution_frequency: "One_Hour", # accepts One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours config_rule_state: "ACTIVE", # accepts ACTIVE, DELETING, DELETING_RESULTS, EVALUATING created_by: "StringWithCharLimit256", }
@!attribute [rw] config_rule_name
The name that you assign to the Config rule. The name is required if you are adding a new rule. @return [String]
@!attribute [rw] config_rule_arn
The Amazon Resource Name (ARN) of the Config rule. @return [String]
@!attribute [rw] config_rule_id
The ID of the Config rule. @return [String]
@!attribute [rw] description
The description that you provide for the Config rule. @return [String]
@!attribute [rw] scope
Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes. <note markdown="1"> The scope can be empty. </note> @return [Types::Scope]
@!attribute [rw] source
Provides the rule owner (Amazon Web Services or customer), the rule identifier, and the notifications that cause the function to evaluate your Amazon Web Services resources. @return [Types::Source]
@!attribute [rw] input_parameters
A string, in JSON format, that is passed to the Config rule Lambda function. @return [String]
@!attribute [rw] maximum_execution_frequency
The maximum frequency with which Config runs evaluations for a rule. You can specify a value for `MaximumExecutionFrequency` when: * You are using an Config managed rule that is triggered at a periodic frequency. * Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties. <note markdown="1"> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter. </note> @return [String]
@!attribute [rw] config_rule_state
Indicates whether the Config rule is active or is currently being deleted by Config. It can also indicate the evaluation status for the Config rule. Config sets the state of the rule to `EVALUATING` temporarily after you use the `StartConfigRulesEvaluation` request to evaluate your resources against the Config rule. Config sets the state of the rule to `DELETING_RESULTS` temporarily after you use the `DeleteEvaluationResults` request to delete the current evaluation results for the Config rule. Config temporarily sets the state of a rule to `DELETING` after you use the `DeleteConfigRule` request to delete the rule. After Config deletes the rule, the rule and all of its evaluations are erased and are no longer available. @return [String]
@!attribute [rw] created_by
Service principal name of the service that created the rule. <note markdown="1"> The field is populated only if the service linked rule is created by a service. The field is empty if you create your own rule. </note> @return [String]
@see docs.aws.amazon.com/goto/WebAPI/config-2014-11-12/ConfigRule AWS API Documentation
Constants
- SENSITIVE