com.pulumi.aws.cfg.kotlin.OrganizationCustomPolicyRuleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.cfg.kotlin
import com.pulumi.aws.cfg.OrganizationCustomPolicyRuleArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Manages a Config Organization Custom Policy Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the `aws_config_organization_managed__rule` resource.
* > **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excluded_accounts` argument.
* ## Example Usage
* ### Basic Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.cfg.OrganizationCustomPolicyRule("example", {
* name: "example_rule_name",
* policyRuntime: "guard-2.x.x",
* policyText: `let status = ['ACTIVE']
* rule tableisactive when
* resourceType == "AWS::DynamoDB::Table" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == "AWS::DynamoDB::Table"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == "ENABLED"
* }
* `,
* resourceTypesScopes: ["AWS::DynamoDB::Table"],
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.cfg.OrganizationCustomPolicyRule("example",
* name="example_rule_name",
* policy_runtime="guard-2.x.x",
* policy_text="""let status = ['ACTIVE']
* rule tableisactive when
* resourceType == "AWS::DynamoDB::Table" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == "AWS::DynamoDB::Table"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == "ENABLED"
* }
* """,
* resource_types_scopes=["AWS::DynamoDB::Table"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.Cfg.OrganizationCustomPolicyRule("example", new()
* {
* Name = "example_rule_name",
* PolicyRuntime = "guard-2.x.x",
* PolicyText = @"let status = ['ACTIVE']
* rule tableisactive when
* resourceType == ""AWS::DynamoDB::Table"" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == ""AWS::DynamoDB::Table""
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == ""ENABLED""
* }
* ",
* ResourceTypesScopes = new[]
* {
* "AWS::DynamoDB::Table",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := cfg.NewOrganizationCustomPolicyRule(ctx, "example", &cfg.OrganizationCustomPolicyRuleArgs{
* Name: pulumi.String("example_rule_name"),
* PolicyRuntime: pulumi.String("guard-2.x.x"),
* PolicyText: pulumi.String(`let status = ['ACTIVE']
* rule tableisactive when
* resourceType == "AWS::DynamoDB::Table" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == "AWS::DynamoDB::Table"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == "ENABLED"
* }
* `),
* ResourceTypesScopes: pulumi.StringArray{
* pulumi.String("AWS::DynamoDB::Table"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.cfg.OrganizationCustomPolicyRule;
* import com.pulumi.aws.cfg.OrganizationCustomPolicyRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new OrganizationCustomPolicyRule("example", OrganizationCustomPolicyRuleArgs.builder()
* .name("example_rule_name")
* .policyRuntime("guard-2.x.x")
* .policyText("""
* let status = ['ACTIVE']
* rule tableisactive when
* resourceType == "AWS::DynamoDB::Table" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == "AWS::DynamoDB::Table"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == "ENABLED"
* }
* """)
* .resourceTypesScopes("AWS::DynamoDB::Table")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:cfg:OrganizationCustomPolicyRule
* properties:
* name: example_rule_name
* policyRuntime: guard-2.x.x
* policyText: |
* let status = ['ACTIVE']
* rule tableisactive when
* resourceType == "AWS::DynamoDB::Table" {
* configuration.tableStatus == %status
* }
* rule checkcompliance when
* resourceType == "AWS::DynamoDB::Table"
* tableisactive {
* let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus
* %pitr == "ENABLED"
* }
* resourceTypesScopes:
* - AWS::DynamoDB::Table
* ```
*
* ## Import
* Using `pulumi import`, import a Config Organization Custom Policy Rule using the `name` argument. For example:
* ```sh
* $ pulumi import aws:cfg/organizationCustomPolicyRule:OrganizationCustomPolicyRule example example_rule_name
* ```
* @property debugLogDeliveryAccounts List of AWS account identifiers to exclude from the rule
* @property description Description of the rule
* @property excludedAccounts List of AWS account identifiers to exclude from the rule
* @property inputParameters A string in JSON format that is passed to the AWS Config Rule Lambda Function
* @property maximumExecutionFrequency Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
* @property name name of the rule
* @property policyRuntime runtime system for your organization AWS Config Custom Policy rules
* @property policyText policy definition containing the logic for your organization AWS Config Custom Policy rule
* @property resourceIdScope Identifier of the AWS resource to evaluate
* @property resourceTypesScopes List of types of AWS resources to evaluate
* @property tagKeyScope Tag key of AWS resources to evaluate
* @property tagValueScope Tag value of AWS resources to evaluate
* @property triggerTypes List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`
* The following arguments are optional:
*/
public data class OrganizationCustomPolicyRuleArgs(
public val debugLogDeliveryAccounts: Output>? = null,
public val description: Output? = null,
public val excludedAccounts: Output>? = null,
public val inputParameters: Output? = null,
public val maximumExecutionFrequency: Output? = null,
public val name: Output? = null,
public val policyRuntime: Output? = null,
public val policyText: Output? = null,
public val resourceIdScope: Output? = null,
public val resourceTypesScopes: Output>? = null,
public val tagKeyScope: Output? = null,
public val tagValueScope: Output? = null,
public val triggerTypes: Output>? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.aws.cfg.OrganizationCustomPolicyRuleArgs =
com.pulumi.aws.cfg.OrganizationCustomPolicyRuleArgs.builder()
.debugLogDeliveryAccounts(
debugLogDeliveryAccounts?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.description(description?.applyValue({ args0 -> args0 }))
.excludedAccounts(excludedAccounts?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.inputParameters(inputParameters?.applyValue({ args0 -> args0 }))
.maximumExecutionFrequency(maximumExecutionFrequency?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.policyRuntime(policyRuntime?.applyValue({ args0 -> args0 }))
.policyText(policyText?.applyValue({ args0 -> args0 }))
.resourceIdScope(resourceIdScope?.applyValue({ args0 -> args0 }))
.resourceTypesScopes(resourceTypesScopes?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
.tagKeyScope(tagKeyScope?.applyValue({ args0 -> args0 }))
.tagValueScope(tagValueScope?.applyValue({ args0 -> args0 }))
.triggerTypes(triggerTypes?.applyValue({ args0 -> args0.map({ args0 -> args0 }) })).build()
}
/**
* Builder for [OrganizationCustomPolicyRuleArgs].
*/
@PulumiTagMarker
public class OrganizationCustomPolicyRuleArgsBuilder internal constructor() {
private var debugLogDeliveryAccounts: Output>? = null
private var description: Output? = null
private var excludedAccounts: Output>? = null
private var inputParameters: Output? = null
private var maximumExecutionFrequency: Output? = null
private var name: Output? = null
private var policyRuntime: Output? = null
private var policyText: Output? = null
private var resourceIdScope: Output? = null
private var resourceTypesScopes: Output>? = null
private var tagKeyScope: Output? = null
private var tagValueScope: Output? = null
private var triggerTypes: Output>? = null
/**
* @param value List of AWS account identifiers to exclude from the rule
*/
@JvmName("lqorjviontmbtptg")
public suspend fun debugLogDeliveryAccounts(`value`: Output>) {
this.debugLogDeliveryAccounts = value
}
@JvmName("kiykskhxgmellflj")
public suspend fun debugLogDeliveryAccounts(vararg values: Output) {
this.debugLogDeliveryAccounts = Output.all(values.asList())
}
/**
* @param values List of AWS account identifiers to exclude from the rule
*/
@JvmName("tmgvgbwqcxhmtsmp")
public suspend fun debugLogDeliveryAccounts(values: List>) {
this.debugLogDeliveryAccounts = Output.all(values)
}
/**
* @param value Description of the rule
*/
@JvmName("bctqscofcemijqwn")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value List of AWS account identifiers to exclude from the rule
*/
@JvmName("dncgswqmpmamokhc")
public suspend fun excludedAccounts(`value`: Output>) {
this.excludedAccounts = value
}
@JvmName("pmnyrqidsotbkrit")
public suspend fun excludedAccounts(vararg values: Output) {
this.excludedAccounts = Output.all(values.asList())
}
/**
* @param values List of AWS account identifiers to exclude from the rule
*/
@JvmName("gjmchxhkhcqkmkxp")
public suspend fun excludedAccounts(values: List>) {
this.excludedAccounts = Output.all(values)
}
/**
* @param value A string in JSON format that is passed to the AWS Config Rule Lambda Function
*/
@JvmName("gpovjrkgtkhhgllg")
public suspend fun inputParameters(`value`: Output) {
this.inputParameters = value
}
/**
* @param value Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
*/
@JvmName("bqujgvlfqegfdndu")
public suspend fun maximumExecutionFrequency(`value`: Output) {
this.maximumExecutionFrequency = value
}
/**
* @param value name of the rule
*/
@JvmName("xtdywyioilqtomsd")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value runtime system for your organization AWS Config Custom Policy rules
*/
@JvmName("phwicfjqxvnjjpgv")
public suspend fun policyRuntime(`value`: Output) {
this.policyRuntime = value
}
/**
* @param value policy definition containing the logic for your organization AWS Config Custom Policy rule
*/
@JvmName("exyxqunnsisqqelg")
public suspend fun policyText(`value`: Output) {
this.policyText = value
}
/**
* @param value Identifier of the AWS resource to evaluate
*/
@JvmName("wucenyqgqtutondo")
public suspend fun resourceIdScope(`value`: Output) {
this.resourceIdScope = value
}
/**
* @param value List of types of AWS resources to evaluate
*/
@JvmName("voonthekthjjfbyp")
public suspend fun resourceTypesScopes(`value`: Output>) {
this.resourceTypesScopes = value
}
@JvmName("nfhltvtpanpflgrd")
public suspend fun resourceTypesScopes(vararg values: Output) {
this.resourceTypesScopes = Output.all(values.asList())
}
/**
* @param values List of types of AWS resources to evaluate
*/
@JvmName("wijiwtjplnteeimb")
public suspend fun resourceTypesScopes(values: List>) {
this.resourceTypesScopes = Output.all(values)
}
/**
* @param value Tag key of AWS resources to evaluate
*/
@JvmName("cexdppnpiulkjbvr")
public suspend fun tagKeyScope(`value`: Output) {
this.tagKeyScope = value
}
/**
* @param value Tag value of AWS resources to evaluate
*/
@JvmName("kfmlblpxildmoptp")
public suspend fun tagValueScope(`value`: Output) {
this.tagValueScope = value
}
/**
* @param value List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`
* The following arguments are optional:
*/
@JvmName("jldlelcwcecrdhjk")
public suspend fun triggerTypes(`value`: Output>) {
this.triggerTypes = value
}
@JvmName("ikmfiquhsxiwiacn")
public suspend fun triggerTypes(vararg values: Output) {
this.triggerTypes = Output.all(values.asList())
}
/**
* @param values List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`
* The following arguments are optional:
*/
@JvmName("geywlphgsfidnnnm")
public suspend fun triggerTypes(values: List>) {
this.triggerTypes = Output.all(values)
}
/**
* @param value List of AWS account identifiers to exclude from the rule
*/
@JvmName("ptyrcxwjpjbwpjih")
public suspend fun debugLogDeliveryAccounts(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.debugLogDeliveryAccounts = mapped
}
/**
* @param values List of AWS account identifiers to exclude from the rule
*/
@JvmName("lpbmewblxjmmcqfs")
public suspend fun debugLogDeliveryAccounts(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.debugLogDeliveryAccounts = mapped
}
/**
* @param value Description of the rule
*/
@JvmName("ncpjsjkpvbnqdxws")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value List of AWS account identifiers to exclude from the rule
*/
@JvmName("gqtjlbiaosmqobml")
public suspend fun excludedAccounts(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.excludedAccounts = mapped
}
/**
* @param values List of AWS account identifiers to exclude from the rule
*/
@JvmName("vhrwhyuvsayakoxo")
public suspend fun excludedAccounts(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.excludedAccounts = mapped
}
/**
* @param value A string in JSON format that is passed to the AWS Config Rule Lambda Function
*/
@JvmName("lngmnmunaheedkjv")
public suspend fun inputParameters(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.inputParameters = mapped
}
/**
* @param value Maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.
*/
@JvmName("bqygkudidqaydgay")
public suspend fun maximumExecutionFrequency(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maximumExecutionFrequency = mapped
}
/**
* @param value name of the rule
*/
@JvmName("ukykgangxoiehcik")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value runtime system for your organization AWS Config Custom Policy rules
*/
@JvmName("tsxqrhqswcbjmyqs")
public suspend fun policyRuntime(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyRuntime = mapped
}
/**
* @param value policy definition containing the logic for your organization AWS Config Custom Policy rule
*/
@JvmName("oytjspepvffvxtus")
public suspend fun policyText(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.policyText = mapped
}
/**
* @param value Identifier of the AWS resource to evaluate
*/
@JvmName("ocwohxwbylgkqisx")
public suspend fun resourceIdScope(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceIdScope = mapped
}
/**
* @param value List of types of AWS resources to evaluate
*/
@JvmName("vanmlqqydkdgvbbd")
public suspend fun resourceTypesScopes(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceTypesScopes = mapped
}
/**
* @param values List of types of AWS resources to evaluate
*/
@JvmName("mckmkmayffaelxhf")
public suspend fun resourceTypesScopes(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.resourceTypesScopes = mapped
}
/**
* @param value Tag key of AWS resources to evaluate
*/
@JvmName("mvjqnfeonarufeqb")
public suspend fun tagKeyScope(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tagKeyScope = mapped
}
/**
* @param value Tag value of AWS resources to evaluate
*/
@JvmName("cacxesnjiuflisql")
public suspend fun tagValueScope(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tagValueScope = mapped
}
/**
* @param value List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`
* The following arguments are optional:
*/
@JvmName("ltjmsyufwfidqnnw")
public suspend fun triggerTypes(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.triggerTypes = mapped
}
/**
* @param values List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`
* The following arguments are optional:
*/
@JvmName("yfxsdgfbmvnfulan")
public suspend fun triggerTypes(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.triggerTypes = mapped
}
internal fun build(): OrganizationCustomPolicyRuleArgs = OrganizationCustomPolicyRuleArgs(
debugLogDeliveryAccounts = debugLogDeliveryAccounts,
description = description,
excludedAccounts = excludedAccounts,
inputParameters = inputParameters,
maximumExecutionFrequency = maximumExecutionFrequency,
name = name,
policyRuntime = policyRuntime,
policyText = policyText,
resourceIdScope = resourceIdScope,
resourceTypesScopes = resourceTypesScopes,
tagKeyScope = tagKeyScope,
tagValueScope = tagValueScope,
triggerTypes = triggerTypes,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy