UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

87 lines 6.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.ConfigRule = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html). * Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) in the *Developer Guide*. * There are two types of rules: *Managed Rules* and *Custom Rules*. You can use the ``ConfigRule`` resource to create both CC Managed Rules and CC Custom Rules. * CC Managed Rules are predefined, customizable rules created by CC. For a list of managed rules, see [List of Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). If you are adding an CC managed rule, you must specify the rule's identifier for the ``SourceIdentifier`` key. * CC Custom Rules are rules that you create from scratch. There are two ways to create CC custom rules: with Lambda functions ([Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/gettingstarted-concepts.html#gettingstarted-concepts-function)) and with CFNGUARDshort ([Guard GitHub Repository](https://docs.aws.amazon.com/https://github.com/aws-cloudformation/cloudformation-guard)), a policy-as-code language. CC custom rules created with LAMlong are called *Custom Lambda Rules* and CC custom rules created with CFNGUARDshort are called *Custom Policy Rules*. * If you are adding a new CC Custom LAM rule, you first need to create an LAMlong function that the rule invokes to evaluate your resources. When you use the ``ConfigRule`` resource to add a Custom LAM rule to CC, you must specify the Amazon Resource Name (ARN) that LAMlong assigns to the function. You specify the ARN in the ``SourceIdentifier`` key. This key is part of the ``Source`` object, which is part of the ``ConfigRule`` object. * For any new CC rule that you add, specify the ``ConfigRuleName`` in the ``ConfigRule`` object. Do not specify the ``ConfigRuleArn`` or the ``ConfigRuleId``. These values are generated by CC for new rules. * If you are updating a rule that you added previously, you can specify the rule by ``ConfigRuleName``, ``ConfigRuleId``, or ``ConfigRuleArn`` in the ``ConfigRule`` data type that you use in this request. * For more information about developing and using CC rules, see [Evaluating Resources with Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *Developer Guide*. */ class ConfigRule extends pulumi.CustomResource { /** * Get an existing ConfigRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, opts) { return new ConfigRule(name, undefined, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of ConfigRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === ConfigRule.__pulumiType; } /** * Create a ConfigRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { let resourceInputs = {}; opts = opts || {}; if (!opts.id) { if ((!args || args.source === undefined) && !opts.urn) { throw new Error("Missing required property 'source'"); } resourceInputs["compliance"] = args ? args.compliance : undefined; resourceInputs["configRuleName"] = args ? args.configRuleName : undefined; resourceInputs["description"] = args ? args.description : undefined; resourceInputs["evaluationModes"] = args ? args.evaluationModes : undefined; resourceInputs["inputParameters"] = args ? args.inputParameters : undefined; resourceInputs["maximumExecutionFrequency"] = args ? args.maximumExecutionFrequency : undefined; resourceInputs["scope"] = args ? args.scope : undefined; resourceInputs["source"] = args ? args.source : undefined; resourceInputs["arn"] = undefined /*out*/; resourceInputs["configRuleId"] = undefined /*out*/; } else { resourceInputs["arn"] = undefined /*out*/; resourceInputs["compliance"] = undefined /*out*/; resourceInputs["configRuleId"] = undefined /*out*/; resourceInputs["configRuleName"] = undefined /*out*/; resourceInputs["description"] = undefined /*out*/; resourceInputs["evaluationModes"] = undefined /*out*/; resourceInputs["inputParameters"] = undefined /*out*/; resourceInputs["maximumExecutionFrequency"] = undefined /*out*/; resourceInputs["scope"] = undefined /*out*/; resourceInputs["source"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const replaceOnChanges = { replaceOnChanges: ["configRuleName"] }; opts = pulumi.mergeOptions(opts, replaceOnChanges); super(ConfigRule.__pulumiType, name, resourceInputs, opts); } } exports.ConfigRule = ConfigRule; /** @internal */ ConfigRule.__pulumiType = 'aws-native:configuration:ConfigRule'; //# sourceMappingURL=configRule.js.map