@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
128 lines • 6.46 kB
JavaScript
;
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.OrganizationCustomPolicyRule = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Manages a Config Organization Custom Policy Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the `aws_config_organization_managed__rule` resource.
*
* > **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excludedAccounts` argument.
*
* ## Example Usage
*
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.cfg.OrganizationCustomPolicyRule("example", {
* name: "example_rule_name",
* policyRuntime: "guard-2.x.x",
* policyText: `let status = ['ACTIVE']
*
* rule tableisactive when
* resourceType == \\"AWS::DynamoDB::Table\\" {
* configuration.tableStatus == %status
* }
*
* rule checkcompliance when
* resourceType == \\"AWS::DynamoDB::Table\\"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == \\"ENABLED\\"
* }
* `,
* resourceTypesScopes: ["AWS::DynamoDB::Table"],
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import a Config Organization Custom Policy Rule using the `name` argument. For example:
*
* ```sh
* $ pulumi import aws:cfg/organizationCustomPolicyRule:OrganizationCustomPolicyRule example example_rule_name
* ```
*/
class OrganizationCustomPolicyRule extends pulumi.CustomResource {
/**
* Get an existing OrganizationCustomPolicyRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new OrganizationCustomPolicyRule(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of OrganizationCustomPolicyRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === OrganizationCustomPolicyRule.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["arn"] = state?.arn;
resourceInputs["debugLogDeliveryAccounts"] = state?.debugLogDeliveryAccounts;
resourceInputs["description"] = state?.description;
resourceInputs["excludedAccounts"] = state?.excludedAccounts;
resourceInputs["inputParameters"] = state?.inputParameters;
resourceInputs["maximumExecutionFrequency"] = state?.maximumExecutionFrequency;
resourceInputs["name"] = state?.name;
resourceInputs["policyRuntime"] = state?.policyRuntime;
resourceInputs["policyText"] = state?.policyText;
resourceInputs["region"] = state?.region;
resourceInputs["resourceIdScope"] = state?.resourceIdScope;
resourceInputs["resourceTypesScopes"] = state?.resourceTypesScopes;
resourceInputs["tagKeyScope"] = state?.tagKeyScope;
resourceInputs["tagValueScope"] = state?.tagValueScope;
resourceInputs["triggerTypes"] = state?.triggerTypes;
}
else {
const args = argsOrState;
if (args?.policyRuntime === undefined && !opts.urn) {
throw new Error("Missing required property 'policyRuntime'");
}
if (args?.policyText === undefined && !opts.urn) {
throw new Error("Missing required property 'policyText'");
}
if (args?.triggerTypes === undefined && !opts.urn) {
throw new Error("Missing required property 'triggerTypes'");
}
resourceInputs["debugLogDeliveryAccounts"] = args?.debugLogDeliveryAccounts;
resourceInputs["description"] = args?.description;
resourceInputs["excludedAccounts"] = args?.excludedAccounts;
resourceInputs["inputParameters"] = args?.inputParameters;
resourceInputs["maximumExecutionFrequency"] = args?.maximumExecutionFrequency;
resourceInputs["name"] = args?.name;
resourceInputs["policyRuntime"] = args?.policyRuntime;
resourceInputs["policyText"] = args?.policyText;
resourceInputs["region"] = args?.region;
resourceInputs["resourceIdScope"] = args?.resourceIdScope;
resourceInputs["resourceTypesScopes"] = args?.resourceTypesScopes;
resourceInputs["tagKeyScope"] = args?.tagKeyScope;
resourceInputs["tagValueScope"] = args?.tagValueScope;
resourceInputs["triggerTypes"] = args?.triggerTypes;
resourceInputs["arn"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(OrganizationCustomPolicyRule.__pulumiType, name, resourceInputs, opts);
}
}
exports.OrganizationCustomPolicyRule = OrganizationCustomPolicyRule;
/** @internal */
OrganizationCustomPolicyRule.__pulumiType = 'aws:cfg/organizationCustomPolicyRule:OrganizationCustomPolicyRule';
//# sourceMappingURL=organizationCustomPolicyRule.js.map