All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.aws.cfg.kotlin.Rule.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 6.65.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.aws.cfg.kotlin

import com.pulumi.aws.cfg.kotlin.outputs.RuleEvaluationMode
import com.pulumi.aws.cfg.kotlin.outputs.RuleScope
import com.pulumi.aws.cfg.kotlin.outputs.RuleSource
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Deprecated
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import com.pulumi.aws.cfg.kotlin.outputs.RuleEvaluationMode.Companion.toKotlin as ruleEvaluationModeToKotlin
import com.pulumi.aws.cfg.kotlin.outputs.RuleScope.Companion.toKotlin as ruleScopeToKotlin
import com.pulumi.aws.cfg.kotlin.outputs.RuleSource.Companion.toKotlin as ruleSourceToKotlin

/**
 * Builder for [Rule].
 */
@PulumiTagMarker
public class RuleResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: RuleArgs = RuleArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend RuleArgsBuilder.() -> Unit) {
        val builder = RuleArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): Rule {
        val builtJavaResource = com.pulumi.aws.cfg.Rule(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return Rule(builtJavaResource)
    }
}

/**
 * Provides an AWS Config Rule.
 * > **Note:** Config Rule requires an existing Configuration Recorder to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.
 * ## Example Usage
 * ### AWS Managed Rules
 * AWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const assumeRole = aws.iam.getPolicyDocument({
 *     statements: [{
 *         effect: "Allow",
 *         principals: [{
 *             type: "Service",
 *             identifiers: ["config.amazonaws.com"],
 *         }],
 *         actions: ["sts:AssumeRole"],
 *     }],
 * });
 * const rRole = new aws.iam.Role("r", {
 *     name: "my-awsconfig-role",
 *     assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
 * });
 * const foo = new aws.cfg.Recorder("foo", {
 *     name: "example",
 *     roleArn: rRole.arn,
 * });
 * const r = new aws.cfg.Rule("r", {
 *     name: "example",
 *     source: {
 *         owner: "AWS",
 *         sourceIdentifier: "S3_BUCKET_VERSIONING_ENABLED",
 *     },
 * }, {
 *     dependsOn: [foo],
 * });
 * const p = aws.iam.getPolicyDocument({
 *     statements: [{
 *         effect: "Allow",
 *         actions: ["config:Put*"],
 *         resources: ["*"],
 *     }],
 * });
 * const pRolePolicy = new aws.iam.RolePolicy("p", {
 *     name: "my-awsconfig-policy",
 *     role: rRole.id,
 *     policy: p.then(p => p.json),
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * assume_role = aws.iam.get_policy_document(statements=[{
 *     "effect": "Allow",
 *     "principals": [{
 *         "type": "Service",
 *         "identifiers": ["config.amazonaws.com"],
 *     }],
 *     "actions": ["sts:AssumeRole"],
 * }])
 * r_role = aws.iam.Role("r",
 *     name="my-awsconfig-role",
 *     assume_role_policy=assume_role.json)
 * foo = aws.cfg.Recorder("foo",
 *     name="example",
 *     role_arn=r_role.arn)
 * r = aws.cfg.Rule("r",
 *     name="example",
 *     source={
 *         "owner": "AWS",
 *         "source_identifier": "S3_BUCKET_VERSIONING_ENABLED",
 *     },
 *     opts = pulumi.ResourceOptions(depends_on=[foo]))
 * p = aws.iam.get_policy_document(statements=[{
 *     "effect": "Allow",
 *     "actions": ["config:Put*"],
 *     "resources": ["*"],
 * }])
 * p_role_policy = aws.iam.RolePolicy("p",
 *     name="my-awsconfig-policy",
 *     role=r_role.id,
 *     policy=p.json)
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
 *     {
 *         Statements = new[]
 *         {
 *             new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
 *             {
 *                 Effect = "Allow",
 *                 Principals = new[]
 *                 {
 *                     new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
 *                     {
 *                         Type = "Service",
 *                         Identifiers = new[]
 *                         {
 *                             "config.amazonaws.com",
 *                         },
 *                     },
 *                 },
 *                 Actions = new[]
 *                 {
 *                     "sts:AssumeRole",
 *                 },
 *             },
 *         },
 *     });
 *     var rRole = new Aws.Iam.Role("r", new()
 *     {
 *         Name = "my-awsconfig-role",
 *         AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
 *     });
 *     var foo = new Aws.Cfg.Recorder("foo", new()
 *     {
 *         Name = "example",
 *         RoleArn = rRole.Arn,
 *     });
 *     var r = new Aws.Cfg.Rule("r", new()
 *     {
 *         Name = "example",
 *         Source = new Aws.Cfg.Inputs.RuleSourceArgs
 *         {
 *             Owner = "AWS",
 *             SourceIdentifier = "S3_BUCKET_VERSIONING_ENABLED",
 *         },
 *     }, new CustomResourceOptions
 *     {
 *         DependsOn =
 *         {
 *             foo,
 *         },
 *     });
 *     var p = Aws.Iam.GetPolicyDocument.Invoke(new()
 *     {
 *         Statements = new[]
 *         {
 *             new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
 *             {
 *                 Effect = "Allow",
 *                 Actions = new[]
 *                 {
 *                     "config:Put*",
 *                 },
 *                 Resources = new[]
 *                 {
 *                     "*",
 *                 },
 *             },
 *         },
 *     });
 *     var pRolePolicy = new Aws.Iam.RolePolicy("p", new()
 *     {
 *         Name = "my-awsconfig-policy",
 *         Role = rRole.Id,
 *         Policy = p.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
 * 			Statements: []iam.GetPolicyDocumentStatement{
 * 				{
 * 					Effect: pulumi.StringRef("Allow"),
 * 					Principals: []iam.GetPolicyDocumentStatementPrincipal{
 * 						{
 * 							Type: "Service",
 * 							Identifiers: []string{
 * 								"config.amazonaws.com",
 * 							},
 * 						},
 * 					},
 * 					Actions: []string{
 * 						"sts:AssumeRole",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		rRole, err := iam.NewRole(ctx, "r", &iam.RoleArgs{
 * 			Name:             pulumi.String("my-awsconfig-role"),
 * 			AssumeRolePolicy: pulumi.String(assumeRole.Json),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		foo, err := cfg.NewRecorder(ctx, "foo", &cfg.RecorderArgs{
 * 			Name:    pulumi.String("example"),
 * 			RoleArn: rRole.Arn,
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = cfg.NewRule(ctx, "r", &cfg.RuleArgs{
 * 			Name: pulumi.String("example"),
 * 			Source: &cfg.RuleSourceArgs{
 * 				Owner:            pulumi.String("AWS"),
 * 				SourceIdentifier: pulumi.String("S3_BUCKET_VERSIONING_ENABLED"),
 * 			},
 * 		}, pulumi.DependsOn([]pulumi.Resource{
 * 			foo,
 * 		}))
 * 		if err != nil {
 * 			return err
 * 		}
 * 		p, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
 * 			Statements: []iam.GetPolicyDocumentStatement{
 * 				{
 * 					Effect: pulumi.StringRef("Allow"),
 * 					Actions: []string{
 * 						"config:Put*",
 * 					},
 * 					Resources: []string{
 * 						"*",
 * 					},
 * 				},
 * 			},
 * 		}, nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = iam.NewRolePolicy(ctx, "p", &iam.RolePolicyArgs{
 * 			Name:   pulumi.String("my-awsconfig-policy"),
 * 			Role:   rRole.ID(),
 * 			Policy: pulumi.String(p.Json),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.iam.IamFunctions;
 * import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
 * import com.pulumi.aws.iam.Role;
 * import com.pulumi.aws.iam.RoleArgs;
 * import com.pulumi.aws.cfg.Recorder;
 * import com.pulumi.aws.cfg.RecorderArgs;
 * import com.pulumi.aws.cfg.Rule;
 * import com.pulumi.aws.cfg.RuleArgs;
 * import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
 * import com.pulumi.aws.iam.RolePolicy;
 * import com.pulumi.aws.iam.RolePolicyArgs;
 * import com.pulumi.resources.CustomResourceOptions;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
 *             .statements(GetPolicyDocumentStatementArgs.builder()
 *                 .effect("Allow")
 *                 .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
 *                     .type("Service")
 *                     .identifiers("config.amazonaws.com")
 *                     .build())
 *                 .actions("sts:AssumeRole")
 *                 .build())
 *             .build());
 *         var rRole = new Role("rRole", RoleArgs.builder()
 *             .name("my-awsconfig-role")
 *             .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
 *             .build());
 *         var foo = new Recorder("foo", RecorderArgs.builder()
 *             .name("example")
 *             .roleArn(rRole.arn())
 *             .build());
 *         var r = new Rule("r", RuleArgs.builder()
 *             .name("example")
 *             .source(RuleSourceArgs.builder()
 *                 .owner("AWS")
 *                 .sourceIdentifier("S3_BUCKET_VERSIONING_ENABLED")
 *                 .build())
 *             .build(), CustomResourceOptions.builder()
 *                 .dependsOn(foo)
 *                 .build());
 *         final var p = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
 *             .statements(GetPolicyDocumentStatementArgs.builder()
 *                 .effect("Allow")
 *                 .actions("config:Put*")
 *                 .resources("*")
 *                 .build())
 *             .build());
 *         var pRolePolicy = new RolePolicy("pRolePolicy", RolePolicyArgs.builder()
 *             .name("my-awsconfig-policy")
 *             .role(rRole.id())
 *             .policy(p.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   r:
 *     type: aws:cfg:Rule
 *     properties:
 *       name: example
 *       source:
 *         owner: AWS
 *         sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED
 *     options:
 *       dependson:
 *         - ${foo}
 *   foo:
 *     type: aws:cfg:Recorder
 *     properties:
 *       name: example
 *       roleArn: ${rRole.arn}
 *   rRole:
 *     type: aws:iam:Role
 *     name: r
 *     properties:
 *       name: my-awsconfig-role
 *       assumeRolePolicy: ${assumeRole.json}
 *   pRolePolicy:
 *     type: aws:iam:RolePolicy
 *     name: p
 *     properties:
 *       name: my-awsconfig-policy
 *       role: ${rRole.id}
 *       policy: ${p.json}
 * variables:
 *   assumeRole:
 *     fn::invoke:
 *       Function: aws:iam:getPolicyDocument
 *       Arguments:
 *         statements:
 *           - effect: Allow
 *             principals:
 *               - type: Service
 *                 identifiers:
 *                   - config.amazonaws.com
 *             actions:
 *               - sts:AssumeRole
 *   p:
 *     fn::invoke:
 *       Function: aws:iam:getPolicyDocument
 *       Arguments:
 *         statements:
 *           - effect: Allow
 *             actions:
 *               - config:Put*
 *             resources:
 *               - '*'
 * ```
 * 
 * ### Custom Rules
 * Custom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g., via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const example = new aws.cfg.Recorder("example", {});
 * const exampleFunction = new aws.lambda.Function("example", {});
 * const examplePermission = new aws.lambda.Permission("example", {
 *     action: "lambda:InvokeFunction",
 *     "function": exampleFunction.arn,
 *     principal: "config.amazonaws.com",
 *     statementId: "AllowExecutionFromConfig",
 * });
 * const exampleRule = new aws.cfg.Rule("example", {source: {
 *     owner: "CUSTOM_LAMBDA",
 *     sourceIdentifier: exampleFunction.arn,
 * }}, {
 *     dependsOn: [
 *         example,
 *         examplePermission,
 *     ],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * example = aws.cfg.Recorder("example")
 * example_function = aws.lambda_.Function("example")
 * example_permission = aws.lambda_.Permission("example",
 *     action="lambda:InvokeFunction",
 *     function=example_function.arn,
 *     principal="config.amazonaws.com",
 *     statement_id="AllowExecutionFromConfig")
 * example_rule = aws.cfg.Rule("example", source={
 *     "owner": "CUSTOM_LAMBDA",
 *     "source_identifier": example_function.arn,
 * },
 * opts = pulumi.ResourceOptions(depends_on=[
 *         example,
 *         example_permission,
 *     ]))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var example = new Aws.Cfg.Recorder("example");
 *     var exampleFunction = new Aws.Lambda.Function("example");
 *     var examplePermission = new Aws.Lambda.Permission("example", new()
 *     {
 *         Action = "lambda:InvokeFunction",
 *         Function = exampleFunction.Arn,
 *         Principal = "config.amazonaws.com",
 *         StatementId = "AllowExecutionFromConfig",
 *     });
 *     var exampleRule = new Aws.Cfg.Rule("example", new()
 *     {
 *         Source = new Aws.Cfg.Inputs.RuleSourceArgs
 *         {
 *             Owner = "CUSTOM_LAMBDA",
 *             SourceIdentifier = exampleFunction.Arn,
 *         },
 *     }, new CustomResourceOptions
 *     {
 *         DependsOn =
 *         {
 *             example,
 *             examplePermission,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		example, err := cfg.NewRecorder(ctx, "example", nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		exampleFunction, err := lambda.NewFunction(ctx, "example", nil)
 * 		if err != nil {
 * 			return err
 * 		}
 * 		examplePermission, err := lambda.NewPermission(ctx, "example", &lambda.PermissionArgs{
 * 			Action:      pulumi.String("lambda:InvokeFunction"),
 * 			Function:    exampleFunction.Arn,
 * 			Principal:   pulumi.String("config.amazonaws.com"),
 * 			StatementId: pulumi.String("AllowExecutionFromConfig"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = cfg.NewRule(ctx, "example", &cfg.RuleArgs{
 * 			Source: &cfg.RuleSourceArgs{
 * 				Owner:            pulumi.String("CUSTOM_LAMBDA"),
 * 				SourceIdentifier: exampleFunction.Arn,
 * 			},
 * 		}, pulumi.DependsOn([]pulumi.Resource{
 * 			example,
 * 			examplePermission,
 * 		}))
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.cfg.Recorder;
 * import com.pulumi.aws.lambda.Function;
 * import com.pulumi.aws.lambda.Permission;
 * import com.pulumi.aws.lambda.PermissionArgs;
 * import com.pulumi.aws.cfg.Rule;
 * import com.pulumi.aws.cfg.RuleArgs;
 * import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
 * import com.pulumi.resources.CustomResourceOptions;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var example = new Recorder("example");
 *         var exampleFunction = new Function("exampleFunction");
 *         var examplePermission = new Permission("examplePermission", PermissionArgs.builder()
 *             .action("lambda:InvokeFunction")
 *             .function(exampleFunction.arn())
 *             .principal("config.amazonaws.com")
 *             .statementId("AllowExecutionFromConfig")
 *             .build());
 *         var exampleRule = new Rule("exampleRule", RuleArgs.builder()
 *             .source(RuleSourceArgs.builder()
 *                 .owner("CUSTOM_LAMBDA")
 *                 .sourceIdentifier(exampleFunction.arn())
 *                 .build())
 *             .build(), CustomResourceOptions.builder()
 *                 .dependsOn(
 *                     example,
 *                     examplePermission)
 *                 .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   example:
 *     type: aws:cfg:Recorder
 *   exampleFunction:
 *     type: aws:lambda:Function
 *     name: example
 *   examplePermission:
 *     type: aws:lambda:Permission
 *     name: example
 *     properties:
 *       action: lambda:InvokeFunction
 *       function: ${exampleFunction.arn}
 *       principal: config.amazonaws.com
 *       statementId: AllowExecutionFromConfig
 *   exampleRule:
 *     type: aws:cfg:Rule
 *     name: example
 *     properties:
 *       source:
 *         owner: CUSTOM_LAMBDA
 *         sourceIdentifier: ${exampleFunction.arn}
 *     options:
 *       dependson:
 *         - ${example}
 *         - ${examplePermission}
 * ```
 * 
 * ### Custom Policies
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const example = new aws.cfg.Rule("example", {
 *     name: "example",
 *     source: {
 *         owner: "CUSTOM_POLICY",
 *         sourceDetails: [{
 *             messageType: "ConfigurationItemChangeNotification",
 *         }],
 *         customPolicyDetails: {
 *             policyRuntime: "guard-2.x.x",
 *             policyText: `\x09  rule tableisactive when
 * \x09\x09  resourceType == "AWS::DynamoDB::Table" {
 * \x09\x09  configuration.tableStatus == ['ACTIVE']
 * \x09  }
 * \x09
 * \x09  rule checkcompliance when
 * \x09\x09  resourceType == "AWS::DynamoDB::Table"
 * \x09\x09  tableisactive {
 * \x09\x09\x09  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == "ENABLED"
 * \x09  }
 * `,
 *         },
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * example = aws.cfg.Rule("example",
 *     name="example",
 *     source={
 *         "owner": "CUSTOM_POLICY",
 *         "source_details": [{
 *             "message_type": "ConfigurationItemChangeNotification",
 *         }],
 *         "custom_policy_details": {
 *             "policy_runtime": "guard-2.x.x",
 *             "policy_text": """\x09  rule tableisactive when
 * \x09\x09  resourceType == "AWS::DynamoDB::Table" {
 * \x09\x09  configuration.tableStatus == ['ACTIVE']
 * \x09  }
 * \x09
 * \x09  rule checkcompliance when
 * \x09\x09  resourceType == "AWS::DynamoDB::Table"
 * \x09\x09  tableisactive {
 * \x09\x09\x09  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == "ENABLED"
 * \x09  }
 * """,
 *         },
 *     })
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var example = new Aws.Cfg.Rule("example", new()
 *     {
 *         Name = "example",
 *         Source = new Aws.Cfg.Inputs.RuleSourceArgs
 *         {
 *             Owner = "CUSTOM_POLICY",
 *             SourceDetails = new[]
 *             {
 *                 new Aws.Cfg.Inputs.RuleSourceSourceDetailArgs
 *                 {
 *                     MessageType = "ConfigurationItemChangeNotification",
 *                 },
 *             },
 *             CustomPolicyDetails = new Aws.Cfg.Inputs.RuleSourceCustomPolicyDetailsArgs
 *             {
 *                 PolicyRuntime = "guard-2.x.x",
 *                 PolicyText = @"	  rule tableisactive when
 * 		  resourceType == ""AWS::DynamoDB::Table"" {
 * 		  configuration.tableStatus == ['ACTIVE']
 * 	  }
 * 	  rule checkcompliance when
 * 		  resourceType == ""AWS::DynamoDB::Table""
 * 		  tableisactive {
 * 			  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == ""ENABLED""
 * 	  }
 * ",
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := cfg.NewRule(ctx, "example", &cfg.RuleArgs{
 * 			Name: pulumi.String("example"),
 * 			Source: &cfg.RuleSourceArgs{
 * 				Owner: pulumi.String("CUSTOM_POLICY"),
 * 				SourceDetails: cfg.RuleSourceSourceDetailArray{
 * 					&cfg.RuleSourceSourceDetailArgs{
 * 						MessageType: pulumi.String("ConfigurationItemChangeNotification"),
 * 					},
 * 				},
 * 				CustomPolicyDetails: &cfg.RuleSourceCustomPolicyDetailsArgs{
 * 					PolicyRuntime: pulumi.String("guard-2.x.x"),
 * 					PolicyText: pulumi.String(`	  rule tableisactive when
 * 		  resourceType == "AWS::DynamoDB::Table" {
 * 		  configuration.tableStatus == ['ACTIVE']
 * 	  }
 * 	  rule checkcompliance when
 * 		  resourceType == "AWS::DynamoDB::Table"
 * 		  tableisactive {
 * 			  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == "ENABLED"
 * 	  }
 * `),
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.cfg.Rule;
 * import com.pulumi.aws.cfg.RuleArgs;
 * import com.pulumi.aws.cfg.inputs.RuleSourceArgs;
 * import com.pulumi.aws.cfg.inputs.RuleSourceCustomPolicyDetailsArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var example = new Rule("example", RuleArgs.builder()
 *             .name("example")
 *             .source(RuleSourceArgs.builder()
 *                 .owner("CUSTOM_POLICY")
 *                 .sourceDetails(RuleSourceSourceDetailArgs.builder()
 *                     .messageType("ConfigurationItemChangeNotification")
 *                     .build())
 *                 .customPolicyDetails(RuleSourceCustomPolicyDetailsArgs.builder()
 *                     .policyRuntime("guard-2.x.x")
 *                     .policyText("""
 * 	  rule tableisactive when
 * 		  resourceType == "AWS::DynamoDB::Table" {
 * 		  configuration.tableStatus == ['ACTIVE']
 * 	  }
 * 	  rule checkcompliance when
 * 		  resourceType == "AWS::DynamoDB::Table"
 * 		  tableisactive {
 * 			  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == "ENABLED"
 * 	  }
 *                     """)
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   example:
 *     type: aws:cfg:Rule
 *     properties:
 *       name: example
 *       source:
 *         owner: CUSTOM_POLICY
 *         sourceDetails:
 *           - messageType: ConfigurationItemChangeNotification
 *         customPolicyDetails:
 *           policyRuntime: guard-2.x.x
 *           policyText: "\t  rule tableisactive when\n\t\t  resourceType == \"AWS::DynamoDB::Table\" {\n\t\t  configuration.tableStatus == ['ACTIVE']\n\t  }\n\t  \n\t  rule checkcompliance when\n\t\t  resourceType == \"AWS::DynamoDB::Table\"\n\t\t  tableisactive {\n\t\t\t  supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t  }\n"
 * ```
 * 
 * ## Import
 * Using `pulumi import`, import Config Rule using the name. For example:
 * ```sh
 * $ pulumi import aws:cfg/rule:Rule foo example
 * ```
 */
public class Rule internal constructor(
    override val javaResource: com.pulumi.aws.cfg.Rule,
) : KotlinCustomResource(javaResource, RuleMapper) {
    /**
     * The ARN of the config rule
     */
    public val arn: Output
        get() = javaResource.arn().applyValue({ args0 -> args0 })

    /**
     * Description of the rule
     */
    public val description: Output?
        get() = javaResource.description().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The modes the Config rule can be evaluated in. See Evaluation Mode for more details.
     */
    public val evaluationModes: Output>
        get() = javaResource.evaluationModes().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 -> ruleEvaluationModeToKotlin(args0) })
            })
        })

    /**
     * A string in JSON format that is passed to the AWS Config rule Lambda function.
     */
    public val inputParameters: Output?
        get() = javaResource.inputParameters().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The maximum frequency with which AWS Config runs evaluations for a rule.
     */
    public val maximumExecutionFrequency: Output?
        get() = javaResource.maximumExecutionFrequency().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The name of the rule
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The ID of the config rule
     */
    public val ruleId: Output
        get() = javaResource.ruleId().applyValue({ args0 -> args0 })

    /**
     * Scope defines which resources can trigger an evaluation for the rule. See Scope Below.
     */
    public val scope: Output?
        get() = javaResource.scope().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    ruleScopeToKotlin(args0)
                })
            }).orElse(null)
        })

    /**
     * Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources. See Source Below.
     */
    public val source: Output
        get() = javaResource.source().applyValue({ args0 ->
            args0.let({ args0 ->
                ruleSourceToKotlin(args0)
            })
        })

    /**
     * A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
     */
    public val tags: Output>?
        get() = javaResource.tags().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 ->
                    args0.key.to(args0.value)
                }).toMap()
            }).orElse(null)
        })

    /**
     * A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
     */
    @Deprecated(
        message = """
  Please use `tags` instead.
  """,
    )
    public val tagsAll: Output>
        get() = javaResource.tagsAll().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.key.to(args0.value)
            }).toMap()
        })
}

public object RuleMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.aws.cfg.Rule::class == javaResource::class

    override fun map(javaResource: Resource): Rule = Rule(javaResource as com.pulumi.aws.cfg.Rule)
}

/**
 * @see [Rule].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [Rule].
 */
public suspend fun rule(name: String, block: suspend RuleResourceBuilder.() -> Unit): Rule {
    val builder = RuleResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [Rule].
 * @param name The _unique_ name of the resulting resource.
 */
public fun rule(name: String): Rule {
    val builder = RuleResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy