config_rule
Gets an individual config_rule resource
Overview
| Name | config_rule |
| Type | Resource |
| Description | config_rule |
| Id | awscc.config.config_rule |
Fields
| Name | Datatype | Description |
|---|---|---|
config_rule_id | string | |
description | string | The description that you provide for the CC rule. |
scope | object | Defines which resources can trigger an evaluation for the rule. The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.<br/> The scope can be empty. |
config_rule_name | string | A name for the CC rule. If you don't specify a name, CFN generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html). |
arn | string | |
compliance | object | Indicates whether an AWS resource or CC rule is compliant and provides the number of contributors that affect the compliance. |
maximum_execution_frequency | string | The maximum frequency with which CC runs evaluations for a rule. You can specify a value for ``MaximumExecutionFrequency`` when:<br/> + You are using an AWS managed rule that is triggered at a periodic frequency.<br/> + Your custom rule is triggered when CC delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html).<br/> <br/> By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the ``MaximumExecutionFrequency`` parameter. |
source | object | Provides the rule owner (```` for managed rules, ``CUSTOM_POLICY`` for Custom Policy rules, and ``CUSTOM_LAMBDA`` for Custom Lambda rules), the rule identifier, and the notifications that cause the function to evaluate your AWS resources. |
input_parameters | object | A string, in JSON format, that is passed to the CC rule Lambda function. |
evaluation_modes | array | The modes the CC rule can be evaluated in. The valid values are distinct objects. By default, the value is Detective evaluation mode only. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
config_rule_id,
description,
scope,
config_rule_name,
arn,
compliance,
maximum_execution_frequency,
source,
input_parameters,
evaluation_modes
FROM awscc.config.config_rule
WHERE data__Identifier = '<ConfigRuleName>';
Permissions
To operate on the config_rule resource, the following permissions are required:
Read
config:DescribeConfigRules,
config:DescribeComplianceByConfigRule
Delete
config:DeleteConfigRule,
config:DescribeConfigRules
Update
config:PutConfigRule,
config:DescribeConfigRules