The CDK Construct Library for AWS::Config

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers

Project description

AWS Config Construct Library

---
Features Stability
CFN Resources Stable
Higher level constructs for Config Rules Developer Preview
Higher level constructs for initial set-up (delivery channel & configuration recorder) Not Implemented

CFN Resources: All classes with the Cfn prefix in this module (CFN Resources) are always stable and safe to use.

Developer Preview: Higher level constructs in this module that are marked as developer preview have completed their phase of active development and are looking for adoption and feedback. While the same caveats around non-backward compatible as Experimental constructs apply, they will undergo fewer breaking changes. Just as with Experimental constructs, these are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes.

This module is part of the AWS Cloud Development Kit project.

Initial Setup

Before using the constructs provided in this module, you need to set up AWS Config in the region in which it will be used. This setup includes the one-time creation of the following resources per region:

  • ConfigurationRecorder: Configure which resources will be recorded for config changes.
  • DeliveryChannel: Configure where to store the recorded data.

Following are the guides to setup AWS Config:

Rules

AWS managed rules

To set up a managed rule, define a ManagedRule and specify its identifier:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
ManagedRule(self, "AccessKeysRotated",
    identifier="ACCESS_KEYS_ROTATED"
)

Available identifiers and parameters are listed in the List of AWS Config Managed Rules.

Higher level constructs for managed rules are available, see Managed Rules. Prefer to use those constructs when available (PRs welcome to add more of those).

Custom rules

To set up a custom rule, define a CustomRule and specify the Lambda Function to run and the trigger types:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
CustomRule(self, "CustomRule",
    lambda_function=my_fn,
    configuration_changes=True,
    periodic=True
)

Restricting the scope

By default rules are triggered by changes to all resources.

Use the scopeToResource(), scopeToResources() or scopeToTag() APIs to restrict the scope of both managed and custom rules:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
ssh_rule = ManagedRule(self, "SSH",
    identifier="INCOMING_SSH_DISABLED"
)

# Restrict to a specific security group
rule.scope_to_resource("AWS::EC2::SecurityGroup", "sg-1234567890abcdefgh")

custom_rule = CustomRule(self, "CustomRule",
    lambda_function=my_fn,
    configuration_changes=True
)

# Restrict to a specific tag
custom_rule.scope_to_tag("Cost Center", "MyApp")

Only one type of scope restriction can be added to a rule (the last call to scopeToXxx() sets the scope).

Events

To define Amazon CloudWatch event rules, use the onComplianceChange() or onReEvaluationStatus() methods:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
rule = CloudFormationStackDriftDetectionCheck(self, "Drift")
rule.on_compliance_change("TopicEvent",
    target=targets.SnsTopic(topic)
)

Example

The following example creates a custom rule that runs on configuration changes to EC2 instances and publishes compliance events to an SNS topic.

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_config as config
import aws_cdk.aws_lambda as lambda_

# A custom rule that runs on configuration changes of EC2 instances
fn = lambda_.Function(self, "CustomFunction",
    code=lambda_.AssetCode.from_inline("exports.handler = (event) => console.log(event);"),
    handler="index.handler",
    runtime=lambda_.Runtime.NODEJS_10_X
)

custom_rule = config.CustomRule(self, "Custom",
    configuration_changes=True,
    lambda_function=fn
)

custom_rule.scope_to_resource("AWS::EC2::Instance")

# A rule to detect stack drifts
drift_rule = config.CloudFormationStackDriftDetectionCheck(self, "Drift")

# Topic to which compliance notification events will be published
compliance_topic = sns.Topic(self, "ComplianceTopic")

# Send notification on compliance change
drift_rule.on_compliance_change("ComplianceChange",
    target=targets.SnsTopic(compliance_topic)
)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: OSI Approved (Apache-2.0)
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

1.204.0

1.203.0

1.202.0

1.201.0

1.200.0

1.199.0

1.198.1

1.198.0

1.197.0

1.196.0

1.195.0

1.194.0

1.193.0

1.192.0

1.191.0

1.190.0

1.189.0

1.188.0

1.187.0

1.186.1

1.186.0

1.185.0

1.184.1

1.184.0

1.183.0

1.182.0

1.181.1

1.181.0

1.180.0

1.179.0

1.178.0

1.177.0

1.176.0

1.175.0

1.174.0

1.173.0

1.172.0

1.171.0

1.170.1

1.170.0

1.169.0

1.168.0

1.167.0

1.166.1

1.165.0

1.164.0

1.163.2

1.163.1

1.163.0

1.162.0

1.161.0

1.160.0

1.159.0

1.158.0

1.157.0

1.156.1

1.156.0

1.155.0

1.154.0

1.153.1

1.153.0

1.152.0

1.151.0

1.150.0

1.149.0

1.148.0

1.147.0

1.146.0

1.145.0

1.144.0

1.143.0

1.142.0

1.141.0

1.140.0

1.139.0

1.138.2

1.138.1

1.138.0

1.137.0

1.136.0

1.135.0

1.134.0

1.133.0

1.132.0

1.131.0

1.130.0

1.129.0

1.128.0

1.127.0

1.126.0

1.125.0

1.124.0

1.123.0

1.122.0

1.121.0

1.120.0

1.119.0

1.118.0

1.117.0

1.116.0

1.115.0

1.114.0

1.113.0

1.112.0

1.111.0

1.110.1

1.110.0

1.109.0

1.108.1

1.108.0

1.107.0

1.106.1

1.106.0

1.105.0

1.104.0

1.103.0

1.102.0

1.101.0

1.100.0

1.99.0

1.98.0

1.97.0

1.96.0

1.95.2

1.95.1

1.95.0

1.94.1

1.94.0

1.93.0

1.92.0

1.91.0

1.90.1

1.90.0

1.89.0

1.88.0

1.87.1

1.87.0

1.86.0

1.85.0

1.84.0

1.83.0

1.82.0

1.81.0

1.80.0

1.79.0

1.78.0

1.77.0

1.76.0

1.75.0

1.74.0

1.73.0

1.72.0

1.71.0

1.70.0

1.69.0

1.68.0

This version

1.67.0

1.66.0

1.65.0

1.64.1

1.64.0

1.63.0

1.62.0

1.61.1

1.61.0

1.60.0

1.59.0

1.58.0

1.57.0

1.56.0

1.55.0

1.54.0

1.53.0

1.52.0

1.51.0

1.50.0

1.49.1

1.49.0

1.48.0

1.47.1

1.47.0

1.46.0

1.45.0

1.44.0

1.43.0

1.42.1

1.42.0

1.41.0

1.40.0

1.39.0

1.38.0

1.37.0

1.36.1

1.36.0

1.35.0

1.34.1

1.34.0

1.33.1

1.33.0

1.32.2

1.32.1

1.32.0

1.31.0

1.30.0

1.29.0

1.28.0

1.27.0

1.26.0

1.25.0

1.24.0

1.23.0

1.22.0

1.21.1

1.21.0

1.20.0

1.19.0

1.18.0

1.17.1

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.1

1.10.0

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.39.0

0.38.0

0.37.0

0.36.2

0.36.1

0.36.0

0.35.0

0.34.0

0.33.0

0.32.0

0.31.0

0.30.0

0.29.0

0.28.0

0.27.0

0.26.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-config-1.67.0.tar.gz (102.0 kB view hashes)

Uploaded Source

Built Distribution

aws_cdk.aws_config-1.67.0-py3-none-any.whl (100.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page