Module cfg

@pulumi/aws > cfg

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class AggregateAuthorization

extends CustomResource

Manages an AWS Config Aggregate Authorization

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cfg.AggregateAuthorization("example", {
    accountId: "123456789012",
    region: "eu-west-2",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_aggregate_authorization.html.markdown.

constructor

new AggregateAuthorization(name: string, args: AggregateAuthorizationArgs, opts?: pulumi.CustomResourceOptions)

Create a AggregateAuthorization resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AggregateAuthorizationState, opts?: pulumi.CustomResourceOptions): AggregateAuthorization

Get an existing AggregateAuthorization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of AggregateAuthorization. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

Account ID

property arn

public arn: pulumi.Output<string>;

The ARN of the authorization

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property region

public region: pulumi.Output<string>;

Region

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ConfigurationAggregator

extends CustomResource

Manages an AWS Config Configuration Aggregator

Example Usage

Account Based Aggregation

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const account = new aws.cfg.ConfigurationAggregator("account", {
    accountAggregationSource: {
        accountIds: ["123456789012"],
        regions: ["us-west-2"],
    },
});

Organization Based Aggregation

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const organizationRole = new aws.iam.Role("organization", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`,
});
const organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("organization", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
    role: organizationRole.name,
});
const organizationConfigurationAggregator = new aws.cfg.ConfigurationAggregator("organization", {
    organizationAggregationSource: {
        allRegions: true,
        roleArn: organizationRole.arn,
    },
}, {dependsOn: [organizationRolePolicyAttachment]});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_configuration_aggregator.html.markdown.

constructor

new ConfigurationAggregator(name: string, args?: ConfigurationAggregatorArgs, opts?: pulumi.CustomResourceOptions)

Create a ConfigurationAggregator resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ConfigurationAggregatorState, opts?: pulumi.CustomResourceOptions): ConfigurationAggregator

Get an existing ConfigurationAggregator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ConfigurationAggregator. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountAggregationSource

public accountAggregationSource: pulumi.Output<{
    accountIds: string[];
    allRegions: undefined | false | true;
    regions: string[];
} | undefined>;

The account(s) to aggregate config data from as documented below.

property arn

public arn: pulumi.Output<string>;

The ARN of the aggregator

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the configuration aggregator.

property organizationAggregationSource

public organizationAggregationSource: pulumi.Output<{
    allRegions: undefined | false | true;
    regions: string[];
    roleArn: string;
} | undefined>;

The organization to aggregate config data from as documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class DeliveryChannel

extends CustomResource

Provides an AWS Config Delivery Channel.

Note: Delivery Channel requires a Configuration Recorder to be present. Use of dependsOn (as shown below) is recommended to avoid race conditions.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const bucket = new aws.s3.Bucket("b", {
    forceDestroy: true,
});
const fooRecorder = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const fooDeliveryChannel = new aws.cfg.DeliveryChannel("foo", {
    s3BucketName: bucket.bucket,
}, {dependsOn: [fooRecorder]});
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}",
        "${bucket.arn}/*"
      ]
    }
  ]
}
`,
    role: role.id,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_delivery_channel.html.markdown.

constructor

new DeliveryChannel(name: string, args: DeliveryChannelArgs, opts?: pulumi.CustomResourceOptions)

Create a DeliveryChannel resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DeliveryChannelState, opts?: pulumi.CustomResourceOptions): DeliveryChannel

Get an existing DeliveryChannel resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of DeliveryChannel. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

public s3BucketName: pulumi.Output<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

public s3KeyPrefix: pulumi.Output<string | undefined>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

public snapshotDeliveryProperties: pulumi.Output<{
    deliveryFrequency: undefined | string;
} | undefined>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

public snsTopicArn: pulumi.Output<string | undefined>;

The ARN of the SNS topic that AWS Config delivers notifications to.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Recorder

extends CustomResource

Provides an AWS Config Configuration Recorder. Please note that this resource does not start the created recorder automatically.

Note: Starting the Configuration Recorder requires a delivery channel (while delivery channel creation requires Configuration Recorder). This is why aws.cfg.RecorderStatus is a separate resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const foo = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_configuration_recorder.html.markdown.

constructor

new Recorder(name: string, args: RecorderArgs, opts?: pulumi.CustomResourceOptions)

Create a Recorder resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RecorderState, opts?: pulumi.CustomResourceOptions): Recorder

Get an existing Recorder resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Recorder. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

public recordingGroup: pulumi.Output<{
    allSupported: undefined | false | true;
    includeGlobalResourceTypes: undefined | false | true;
    resourceTypes: string[];
}>;

Recording group - see below.

property roleArn

public roleArn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RecorderStatus

extends CustomResource

Manages status (recording / stopped) of an AWS Config Configuration Recorder.

Note: Starting Configuration Recorder requires a Delivery Channel to be present. Use of dependsOn (as shown below) is recommended to avoid race conditions.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const bucket = new aws.s3.Bucket("b", {});
const fooRecorder = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const fooDeliveryChannel = new aws.cfg.DeliveryChannel("foo", {
    s3BucketName: bucket.bucket,
});
const fooRecorderStatus = new aws.cfg.RecorderStatus("foo", {
    isEnabled: true,
}, {dependsOn: [fooDeliveryChannel]});
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "${bucket.arn}",
        "${bucket.arn}/*"
      ]
    }
  ]
}
`,
    role: role.id,
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("a", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
    role: role.name,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_configuration_recorder_status.html.markdown.

constructor

new RecorderStatus(name: string, args: RecorderStatusArgs, opts?: pulumi.CustomResourceOptions)

Create a RecorderStatus resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RecorderStatusState, opts?: pulumi.CustomResourceOptions): RecorderStatus

Get an existing RecorderStatus resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RecorderStatus. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property isEnabled

public isEnabled: pulumi.Output<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

public name: pulumi.Output<string>;

The name of the recorder

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Rule

extends CustomResource

Provides an AWS Config Rule.

Note: Config Rule requires an existing Configuration Recorder to be present. Use of dependsOn is recommended (as shown below) to avoid race conditions.

Example Usage

AWS Managed Rules

AWS managed rules can be used by setting the source owner to AWS and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the AWS Config Developer Guide.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const role = new aws.iam.Role("r", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "config.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const foo = new aws.cfg.Recorder("foo", {
    roleArn: role.arn,
});
const rule = new aws.cfg.Rule("r", {
    source: {
        owner: "AWS",
        sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
    },
}, {dependsOn: [foo]});
const rolePolicy = new aws.iam.RolePolicy("p", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
  	{
  		"Action": "config:Put*",
  		"Effect": "Allow",
  		"Resource": "*"

  	}
  ]
}
`,
    role: role.id,
});

Custom Rules

Custom rules can be used by setting the source owner to CUSTOM_LAMBDA and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g. via the aws.lambda.Permission resource. More information about custom rules can be found in the AWS Config Developer Guide.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRecorder = new aws.cfg.Recorder("example", {});
const exampleFunction = new aws.lambda.Function("example", {});
const examplePermission = new aws.lambda.Permission("example", {
    action: "lambda:InvokeFunction",
    function: exampleFunction.arn,
    principal: "config.amazonaws.com",
});
const exampleRule = new aws.cfg.Rule("example", {
    source: {
        owner: "CUSTOM_LAMBDA",
        sourceIdentifier: exampleFunction.arn,
    },
}, {dependsOn: [exampleRecorder, examplePermission]});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/config_config_rule.html.markdown.

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the config rule

property description

public description: pulumi.Output<string | undefined>;

Description of the rule

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property inputParameters

public inputParameters: pulumi.Output<string | undefined>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

public maximumExecutionFrequency: pulumi.Output<string | undefined>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

public name: pulumi.Output<string>;

The name of the rule

property ruleId

public ruleId: pulumi.Output<string>;

The ID of the config rule

property scope

public scope: pulumi.Output<{
    complianceResourceId: undefined | string;
    complianceResourceTypes: string[];
    tagKey: undefined | string;
    tagValue: undefined | string;
} | undefined>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

public source: pulumi.Output<{
    owner: string;
    sourceDetails: {
        eventSource: undefined | string;
        maximumExecutionFrequency: undefined | string;
        messageType: undefined | string;
    }[];
    sourceIdentifier: string;
}>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface AggregateAuthorizationArgs

The set of arguments for constructing a AggregateAuthorization resource.

property accountId

accountId: pulumi.Input<string>;

Account ID

property region

region: pulumi.Input<string>;

Region

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface AggregateAuthorizationState

Input properties used for looking up and filtering AggregateAuthorization resources.

property accountId

accountId?: pulumi.Input<string>;

Account ID

property arn

arn?: pulumi.Input<string>;

The ARN of the authorization

property region

region?: pulumi.Input<string>;

Region

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface ConfigurationAggregatorArgs

The set of arguments for constructing a ConfigurationAggregator resource.

property accountAggregationSource

accountAggregationSource?: pulumi.Input<{
    accountIds: pulumi.Input<pulumi.Input<string>[]>;
    allRegions: pulumi.Input<boolean>;
    regions: pulumi.Input<pulumi.Input<string>[]>;
}>;

The account(s) to aggregate config data from as documented below.

property name

name?: pulumi.Input<string>;

The name of the configuration aggregator.

property organizationAggregationSource

organizationAggregationSource?: pulumi.Input<{
    allRegions: pulumi.Input<boolean>;
    regions: pulumi.Input<pulumi.Input<string>[]>;
    roleArn: pulumi.Input<string>;
}>;

The organization to aggregate config data from as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface ConfigurationAggregatorState

Input properties used for looking up and filtering ConfigurationAggregator resources.

property accountAggregationSource

accountAggregationSource?: pulumi.Input<{
    accountIds: pulumi.Input<pulumi.Input<string>[]>;
    allRegions: pulumi.Input<boolean>;
    regions: pulumi.Input<pulumi.Input<string>[]>;
}>;

The account(s) to aggregate config data from as documented below.

property arn

arn?: pulumi.Input<string>;

The ARN of the aggregator

property name

name?: pulumi.Input<string>;

The name of the configuration aggregator.

property organizationAggregationSource

organizationAggregationSource?: pulumi.Input<{
    allRegions: pulumi.Input<boolean>;
    regions: pulumi.Input<pulumi.Input<string>[]>;
    roleArn: pulumi.Input<string>;
}>;

The organization to aggregate config data from as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface DeliveryChannelArgs

The set of arguments for constructing a DeliveryChannel resource.

property name

name?: pulumi.Input<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

s3BucketName: pulumi.Input<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

snapshotDeliveryProperties?: pulumi.Input<{
    deliveryFrequency: pulumi.Input<string>;
}>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

snsTopicArn?: pulumi.Input<string>;

The ARN of the SNS topic that AWS Config delivers notifications to.

interface DeliveryChannelState

Input properties used for looking up and filtering DeliveryChannel resources.

property name

name?: pulumi.Input<string>;

The name of the delivery channel. Defaults to default. Changing it recreates the resource.

property s3BucketName

s3BucketName?: pulumi.Input<string>;

The name of the S3 bucket used to store the configuration history.

property s3KeyPrefix

s3KeyPrefix?: pulumi.Input<string>;

The prefix for the specified S3 bucket.

property snapshotDeliveryProperties

snapshotDeliveryProperties?: pulumi.Input<{
    deliveryFrequency: pulumi.Input<string>;
}>;

Options for how AWS Config delivers configuration snapshots. See below

property snsTopicArn

snsTopicArn?: pulumi.Input<string>;

The ARN of the SNS topic that AWS Config delivers notifications to.

interface RecorderArgs

The set of arguments for constructing a Recorder resource.

property name

name?: pulumi.Input<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

recordingGroup?: pulumi.Input<{
    allSupported: pulumi.Input<boolean>;
    includeGlobalResourceTypes: pulumi.Input<boolean>;
    resourceTypes: pulumi.Input<pulumi.Input<string>[]>;
}>;

Recording group - see below.

property roleArn

roleArn: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

interface RecorderState

Input properties used for looking up and filtering Recorder resources.

property name

name?: pulumi.Input<string>;

The name of the recorder. Defaults to default. Changing it recreates the resource.

property recordingGroup

recordingGroup?: pulumi.Input<{
    allSupported: pulumi.Input<boolean>;
    includeGlobalResourceTypes: pulumi.Input<boolean>;
    resourceTypes: pulumi.Input<pulumi.Input<string>[]>;
}>;

Recording group - see below.

property roleArn

roleArn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the IAM role. used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.

interface RecorderStatusArgs

The set of arguments for constructing a RecorderStatus resource.

property isEnabled

isEnabled: pulumi.Input<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

name?: pulumi.Input<string>;

The name of the recorder

interface RecorderStatusState

Input properties used for looking up and filtering RecorderStatus resources.

property isEnabled

isEnabled?: pulumi.Input<boolean>;

Whether the configuration recorder should be enabled or disabled.

property name

name?: pulumi.Input<string>;

The name of the recorder

interface RuleArgs

The set of arguments for constructing a Rule resource.

property description

description?: pulumi.Input<string>;

Description of the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

name?: pulumi.Input<string>;

The name of the rule

property scope

scope?: pulumi.Input<{
    complianceResourceId: pulumi.Input<string>;
    complianceResourceTypes: pulumi.Input<pulumi.Input<string>[]>;
    tagKey: pulumi.Input<string>;
    tagValue: pulumi.Input<string>;
}>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

source: pulumi.Input<{
    owner: pulumi.Input<string>;
    sourceDetails: pulumi.Input<pulumi.Input<{
        eventSource: pulumi.Input<string>;
        maximumExecutionFrequency: pulumi.Input<string>;
        messageType: pulumi.Input<string>;
    }>[]>;
    sourceIdentifier: pulumi.Input<string>;
}>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface RuleState

Input properties used for looking up and filtering Rule resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the config rule

property description

description?: pulumi.Input<string>;

Description of the rule

property inputParameters

inputParameters?: pulumi.Input<string>;

A string in JSON format that is passed to the AWS Config rule Lambda function.

property maximumExecutionFrequency

maximumExecutionFrequency?: pulumi.Input<string>;

The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires messageType to be ScheduledNotification.

property name

name?: pulumi.Input<string>;

The name of the rule

property ruleId

ruleId?: pulumi.Input<string>;

The ID of the config rule

property scope

scope?: pulumi.Input<{
    complianceResourceId: pulumi.Input<string>;
    complianceResourceTypes: pulumi.Input<pulumi.Input<string>[]>;
    tagKey: pulumi.Input<string>;
    tagValue: pulumi.Input<string>;
}>;

Scope defines which resources can trigger an evaluation for the rule as documented below.

property source

source?: pulumi.Input<{
    owner: pulumi.Input<string>;
    sourceDetails: pulumi.Input<pulumi.Input<{
        eventSource: pulumi.Input<string>;
        maximumExecutionFrequency: pulumi.Input<string>;
        messageType: pulumi.Input<string>;
    }>[]>;
    sourceIdentifier: pulumi.Input<string>;
}>;

Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.