The CDK Construct Library for AWS::Config
AWS Config Construct Library<html></html>---
This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
This module is part of the AWS Cloud Development Kit project.
- Config rules
- Configuration recoder
- Delivery channel
AWS managed rules
To set up a managed rule, define a
ManagedRule and specify its identifier:
# Example may have issues. See https://github.com/aws/jsii/issues/826 ManagedRule(self, "AccessKeysRotated", identifier="ACCESS_KEYS_ROTATED" )
Available identifiers and parameters are listed in the List of AWS Config Managed Rules.
Higher level constructs for managed rules are available, see Managed Rules. Prefer to use those constructs when available (PRs welcome to add more of those).
To set up a custom rule, define a
CustomRule and specify the Lambda Function to run and the trigger types:
# Example may have issues. See https://github.com/aws/jsii/issues/826 CustomRule(self, "CustomRule", lambda_function=my_fn, configuration_changes=True, periodic=True )
Restricting the scope
By default rules are triggered by changes to all resources. Use the
scopeToTag() methods to restrict the scope of both managed and custom rules:
# Example may have issues. See https://github.com/aws/jsii/issues/826 ssh_rule = ManagedRule(self, "SSH", identifier="INCOMING_SSH_DISABLED" ) # Restrict to a specific security group rule.scope_to_resource("AWS::EC2::SecurityGroup", "sg-1234567890abcdefgh") custom_rule = CustomRule(self, "CustomRule", lambda_function=my_fn, configuration_changes=True ) # Restrict to a specific tag custom_rule.scope_to_tag("Cost Center", "MyApp")
Only one type of scope restriction can be added to a rule (the last call to
scopeToXxx() sets the scope).
To define Amazon CloudWatch event rules, use the
# Example may have issues. See https://github.com/aws/jsii/issues/826 rule = CloudFormationStackDriftDetectionCheck(self, "Drift") rule.on_compliance_change("TopicEvent", target=targets.SnsTopic(topic) )
Creating custom and managed rules with scope restriction and events:
# Example may have issues. See https://github.com/aws/jsii/issues/826 # A custom rule that runs on configuration changes of EC2 instances fn = lambda.Function(self, "CustomFunction", code=lambda.AssetCode.from_inline("exports.handler = (event) => console.log(event);"), handler="index.handler", runtime=lambda.Runtime.NODEJS_8_10 ) custom_rule = config.CustomRule(self, "Custom", configuration_changes=True, lambda_function=fn ) custom_rule.scope_to_resource("AWS::EC2::Instance") # A rule to detect stacks drifts drift_rule = config.CloudFormationStackDriftDetectionCheck(self, "Drift") # Topic for compliance events compliance_topic = sns.Topic(self, "ComplianceTopic") # Send notification on compliance change drift_rule.on_compliance_change("ComplianceChange", target=targets.SnsTopic(compliance_topic) )
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size aws_cdk.aws_config-1.13.0-py3-none-any.whl (87.4 kB)||File type Wheel||Python version py3||Upload date||Hashes View|
|Filename, size aws-cdk.aws-config-1.13.0.tar.gz (91.0 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for aws_cdk.aws_config-1.13.0-py3-none-any.whl
Hashes for aws-cdk.aws-config-1.13.0.tar.gz