@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)", date="2022-09-19T20:26:37.729Z") @Stability(value=Stable) public class CfnOrganizationConfigRule extends CfnResource implements IInspectable
An organization config rule that has information about config rules that AWS Config creates in member accounts. Only a master account and a delegated administrator can create or update an organization config rule.
OrganizationConfigRule resource enables organization service access through EnableAWSServiceAccess action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account. AWS Config verifies the existence of role with GetRole action.
When creating custom organization config rules using a centralized Lambda function, you will need to allow Lambda permissions to sub-accounts and you will need to create an IAM role will to pass to the Lambda function. For more information, see How to Centrally Manage AWS Config Rules across Multiple AWS Accounts .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.config.*;
CfnOrganizationConfigRule cfnOrganizationConfigRule = CfnOrganizationConfigRule.Builder.create(this, "MyCfnOrganizationConfigRule")
.organizationConfigRuleName("organizationConfigRuleName")
// the properties below are optional
.excludedAccounts(List.of("excludedAccounts"))
.organizationCustomCodeRuleMetadata(OrganizationCustomCodeRuleMetadataProperty.builder()
.codeText("codeText")
.runtime("runtime")
// the properties below are optional
.debugLogDeliveryAccounts(List.of("debugLogDeliveryAccounts"))
.description("description")
.inputParameters("inputParameters")
.maximumExecutionFrequency("maximumExecutionFrequency")
.organizationConfigRuleTriggerTypes(List.of("organizationConfigRuleTriggerTypes"))
.resourceIdScope("resourceIdScope")
.resourceTypesScope(List.of("resourceTypesScope"))
.tagKeyScope("tagKeyScope")
.tagValueScope("tagValueScope")
.build())
.organizationCustomRuleMetadata(OrganizationCustomRuleMetadataProperty.builder()
.lambdaFunctionArn("lambdaFunctionArn")
.organizationConfigRuleTriggerTypes(List.of("organizationConfigRuleTriggerTypes"))
// the properties below are optional
.description("description")
.inputParameters("inputParameters")
.maximumExecutionFrequency("maximumExecutionFrequency")
.resourceIdScope("resourceIdScope")
.resourceTypesScope(List.of("resourceTypesScope"))
.tagKeyScope("tagKeyScope")
.tagValueScope("tagValueScope")
.build())
.organizationManagedRuleMetadata(OrganizationManagedRuleMetadataProperty.builder()
.ruleIdentifier("ruleIdentifier")
// the properties below are optional
.description("description")
.inputParameters("inputParameters")
.maximumExecutionFrequency("maximumExecutionFrequency")
.resourceIdScope("resourceIdScope")
.resourceTypesScope(List.of("resourceTypesScope"))
.tagKeyScope("tagKeyScope")
.tagValueScope("tagValueScope")
.build())
.build();
| Modifier and Type | Class and Description |
|---|---|
static class |
CfnOrganizationConfigRule.Builder
A fluent builder for
CfnOrganizationConfigRule. |
static interface |
CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty
Example:
|
static interface |
CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty
An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.
|
static interface |
CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty
An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.
|
software.amazon.jsii.JsiiObject.InitializationModeIInspectable.Jsii$Default, IInspectable.Jsii$Proxy| Modifier and Type | Field and Description |
|---|---|
static String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
| Modifier | Constructor and Description |
|---|---|
|
CfnOrganizationConfigRule(software.constructs.Construct scope,
String id,
CfnOrganizationConfigRuleProps props)
Create a new `AWS::Config::OrganizationConfigRule`.
|
protected |
CfnOrganizationConfigRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnOrganizationConfigRule(software.amazon.jsii.JsiiObjectRef objRef) |
| Modifier and Type | Method and Description |
|---|---|
protected Map<String,Object> |
getCfnProperties() |
List<String> |
getExcludedAccounts()
A comma-separated list of accounts excluded from organization AWS Config rule.
|
String |
getOrganizationConfigRuleName()
The name that you assign to organization AWS Config rule.
|
Object |
getOrganizationCustomCodeRuleMetadata()
`AWS::Config::OrganizationConfigRule.OrganizationCustomCodeRuleMetadata`.
|
Object |
getOrganizationCustomRuleMetadata()
An `OrganizationCustomRuleMetadata` object.
|
Object |
getOrganizationManagedRuleMetadata()
An `OrganizationManagedRuleMetadata` object.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected Map<String,Object> |
renderProperties(Map<String,Object> props) |
void |
setExcludedAccounts(List<String> value)
A comma-separated list of accounts excluded from organization AWS Config rule.
|
void |
setOrganizationConfigRuleName(String value)
The name that you assign to organization AWS Config rule.
|
void |
setOrganizationCustomCodeRuleMetadata(CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty value)
`AWS::Config::OrganizationConfigRule.OrganizationCustomCodeRuleMetadata`.
|
void |
setOrganizationCustomCodeRuleMetadata(IResolvable value)
`AWS::Config::OrganizationConfigRule.OrganizationCustomCodeRuleMetadata`.
|
void |
setOrganizationCustomRuleMetadata(CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty value)
An `OrganizationCustomRuleMetadata` object.
|
void |
setOrganizationCustomRuleMetadata(IResolvable value)
An `OrganizationCustomRuleMetadata` object.
|
void |
setOrganizationManagedRuleMetadata(CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty value)
An `OrganizationManagedRuleMetadata` object.
|
void |
setOrganizationManagedRuleMetadata(IResolvable value)
An `OrganizationManagedRuleMetadata` object.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validatePropertiesgetRefgetCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdjsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet@Stability(value=Stable) public static final String CFN_RESOURCE_TYPE_NAME
protected CfnOrganizationConfigRule(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnOrganizationConfigRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
@Stability(value=Stable)
public CfnOrganizationConfigRule(@NotNull
software.constructs.Construct scope,
@NotNull
String id,
@NotNull
CfnOrganizationConfigRuleProps props)
scope - - scope in which this resource is defined. This parameter is required.id - - scoped id of the resource. This parameter is required.props - - resource properties. This parameter is required.@Stability(value=Stable)
public void inspect(@NotNull
TreeInspector inspector)
inspect in interface IInspectableinspector - - tree inspector to collect and process attributes. This parameter is required.@Stability(value=Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
renderProperties in class CfnResourceprops - This parameter is required.@Stability(value=Stable) @NotNull protected Map<String,Object> getCfnProperties()
getCfnProperties in class CfnResource@Stability(value=Stable) @NotNull public String getOrganizationConfigRuleName()
@Stability(value=Stable)
public void setOrganizationConfigRuleName(@NotNull
String value)
@Stability(value=Stable) @Nullable public List<String> getExcludedAccounts()
@Stability(value=Stable)
public void setExcludedAccounts(@Nullable
List<String> value)
@Stability(value=Stable) @Nullable public Object getOrganizationCustomCodeRuleMetadata()
@Stability(value=Stable)
public void setOrganizationCustomCodeRuleMetadata(@Nullable
CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty value)
@Stability(value=Stable)
public void setOrganizationCustomCodeRuleMetadata(@Nullable
IResolvable value)
@Stability(value=Stable) @Nullable public Object getOrganizationCustomRuleMetadata()
@Stability(value=Stable)
public void setOrganizationCustomRuleMetadata(@Nullable
CfnOrganizationConfigRule.OrganizationCustomRuleMetadataProperty value)
@Stability(value=Stable)
public void setOrganizationCustomRuleMetadata(@Nullable
IResolvable value)
@Stability(value=Stable) @Nullable public Object getOrganizationManagedRuleMetadata()
@Stability(value=Stable)
public void setOrganizationManagedRuleMetadata(@Nullable
CfnOrganizationConfigRule.OrganizationManagedRuleMetadataProperty value)
@Stability(value=Stable)
public void setOrganizationManagedRuleMetadata(@Nullable
IResolvable value)
Copyright © 2022. All rights reserved.