UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

122 lines 6.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.OrganizationCustomRule = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Manages a Config Organization Custom Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the `aws_config_organization_managed__rule` resource. * * > **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excludedAccounts` argument. * * > **NOTE:** The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the `aws.lambda.Permission` resource. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.lambda.Permission("example", { * action: "lambda:InvokeFunction", * "function": exampleAwsLambdaFunction.arn, * principal: "config.amazonaws.com", * statementId: "AllowExecutionFromConfig", * }); * const exampleOrganization = new aws.organizations.Organization("example", { * awsServiceAccessPrincipals: ["config-multiaccountsetup.amazonaws.com"], * featureSet: "ALL", * }); * const exampleOrganizationCustomRule = new aws.cfg.OrganizationCustomRule("example", { * lambdaFunctionArn: exampleAwsLambdaFunction.arn, * name: "example", * triggerTypes: ["ConfigurationItemChangeNotification"], * }, { * dependsOn: [ * example, * exampleOrganization, * ], * }); * ``` * * ## Import * * Using `pulumi import`, import Config Organization Custom Rules using the name. For example: * * ```sh * $ pulumi import aws:cfg/organizationCustomRule:OrganizationCustomRule example example * ``` */ class OrganizationCustomRule extends pulumi.CustomResource { /** * Get an existing OrganizationCustomRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new OrganizationCustomRule(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of OrganizationCustomRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === OrganizationCustomRule.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["arn"] = state?.arn; resourceInputs["description"] = state?.description; resourceInputs["excludedAccounts"] = state?.excludedAccounts; resourceInputs["inputParameters"] = state?.inputParameters; resourceInputs["lambdaFunctionArn"] = state?.lambdaFunctionArn; resourceInputs["maximumExecutionFrequency"] = state?.maximumExecutionFrequency; resourceInputs["name"] = state?.name; resourceInputs["region"] = state?.region; resourceInputs["resourceIdScope"] = state?.resourceIdScope; resourceInputs["resourceTypesScopes"] = state?.resourceTypesScopes; resourceInputs["tagKeyScope"] = state?.tagKeyScope; resourceInputs["tagValueScope"] = state?.tagValueScope; resourceInputs["triggerTypes"] = state?.triggerTypes; } else { const args = argsOrState; if (args?.lambdaFunctionArn === undefined && !opts.urn) { throw new Error("Missing required property 'lambdaFunctionArn'"); } if (args?.triggerTypes === undefined && !opts.urn) { throw new Error("Missing required property 'triggerTypes'"); } resourceInputs["description"] = args?.description; resourceInputs["excludedAccounts"] = args?.excludedAccounts; resourceInputs["inputParameters"] = args?.inputParameters; resourceInputs["lambdaFunctionArn"] = args?.lambdaFunctionArn; resourceInputs["maximumExecutionFrequency"] = args?.maximumExecutionFrequency; resourceInputs["name"] = args?.name; resourceInputs["region"] = args?.region; resourceInputs["resourceIdScope"] = args?.resourceIdScope; resourceInputs["resourceTypesScopes"] = args?.resourceTypesScopes; resourceInputs["tagKeyScope"] = args?.tagKeyScope; resourceInputs["tagValueScope"] = args?.tagValueScope; resourceInputs["triggerTypes"] = args?.triggerTypes; resourceInputs["arn"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(OrganizationCustomRule.__pulumiType, name, resourceInputs, opts); } } exports.OrganizationCustomRule = OrganizationCustomRule; /** @internal */ OrganizationCustomRule.__pulumiType = 'aws:cfg/organizationCustomRule:OrganizationCustomRule'; //# sourceMappingURL=organizationCustomRule.js.map