The CDK Construct Library for AWS::Config

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Amazon Web Services
  • Requires: Python >=3.6
Report project as malware

Project description

The CDK Construct Library for AWS Config

This module is part of the AWS Cloud Development Kit project.

Supported:

  • Config rules

Not supported

  • Configuration recoder
  • Delivery channel
  • Aggregation

Rules

AWS managed rules

To set up a managed rule, define a ManagedRule and specify its identifier:

new ManagedRule(this, 'AccessKeysRotated', {
  identifier: 'ACCESS_KEYS_ROTATED'
});

Available identifiers and parameters are listed in the List of AWS Config Managed Rules.

Higher level constructs for managed rules are available, see Managed Rules. Prefer to use those constructs when available (PRs welcome to add more of those).

Custom rules

To set up a custom rule, define a CustomRule and specify the Lambda Function to run and the trigger types:

new CustomRule(this, 'CustomRule', {
  lambdaFunction: myFn,
  configurationChanges: true,
  periodic: true
});

Restricting the scope

By default rules are triggered by changes to all resources. Use the scopeToResource(), scopeToResources() or scopeToTag() methods to restrict the scope of both managed and custom rules:

const sshRule = new ManagedRule(this, 'SSH', {
  identifier: 'INCOMING_SSH_DISABLED'
});

// Restrict to a specific security group
rule.scopeToResource('AWS::EC2::SecurityGroup', 'sg-1234567890abcdefgh');

const customRule = new CustomRule(this, 'CustomRule', {
  lambdaFunction: myFn,
  configurationChanges: true
});

// Restrict to a specific tag
customRule.scopeToTag('Cost Center', 'MyApp');

Only one type of scope restriction can be added to a rule (the last call to scopeToXxx() sets the scope).

Events

To define Amazon CloudWatch event rules, use the onComplianceChange() or onReEvaluationStatus() methods:

const rule = new CloudFormationStackDriftDetectionCheck(this, 'Drift');
rule.onComplianceChange('TopicEvent', {
  target: new targets.SnsTopic(topic))
});

Example

Creating custom and managed rules with scope restriction and events:

    // A custom rule that runs on configuration changes of EC2 instances
    const fn = new lambda.Function(this, 'CustomFunction', {
      code: lambda.AssetCode.inline('exports.handler = (event) => console.log(event);'),
      handler: 'index.handler',
      runtime: lambda.Runtime.NodeJS810
    });

    const customRule = new config.CustomRule(this, 'Custom', {
      configurationChanges: true,
      lambdaFunction: fn
    });

    customRule.scopeToResource('AWS::EC2::Instance');

    // A rule to detect stacks drifts
    const driftRule = new config.CloudFormationStackDriftDetectionCheck(this, 'Drift');

    // Topic for compliance events
    const complianceTopic = new sns.Topic(this, 'ComplianceTopic');

    // Send notification on compliance change
    driftRule.onComplianceChange('ComplianceChange', {
      target: new targets.SnsTopic(complianceTopic)
    });

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for aws-cdk from gravatar.com aws-cdk Avatar for osa-amazon from gravatar.com osa-amazon

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Amazon Web Services
  • Requires: Python >=3.6

Release history Release notifications | RSS feed

1.204.0

1.203.0

1.202.0

1.201.0

1.200.0

1.199.0

1.198.1

1.198.0

1.197.0

1.196.0

1.195.0

1.194.0

1.193.0

1.192.0

1.191.0

1.190.0

1.189.0

1.188.0

1.187.0

1.186.1

1.186.0

1.185.0

1.184.1

1.184.0

1.183.0

1.182.0

1.181.1

1.181.0

1.180.0

1.179.0

1.178.0

1.177.0

1.176.0

1.175.0

1.174.0

1.173.0

1.172.0

1.171.0

1.170.1

1.170.0

1.169.0

1.168.0

1.167.0

1.166.1

1.165.0

1.164.0

1.163.2

1.163.1

1.163.0

1.162.0

1.161.0

1.160.0

1.159.0

1.158.0

1.157.0

1.156.1

1.156.0

1.155.0

1.154.0

1.153.1

1.153.0

1.152.0

1.151.0

1.150.0

1.149.0

1.148.0

1.147.0

1.146.0

1.145.0

1.144.0

1.143.0

1.142.0

1.141.0

1.140.0

1.139.0

1.138.2

1.138.1

1.138.0

1.137.0

1.136.0

1.135.0

1.134.0

1.133.0

1.132.0

1.131.0

1.130.0

1.129.0

1.128.0

1.127.0

1.126.0

1.125.0

1.124.0

1.123.0

1.122.0

1.121.0

1.120.0

1.119.0

1.118.0

1.117.0

1.116.0

1.115.0

1.114.0

1.113.0

1.112.0

1.111.0

1.110.1

1.110.0

1.109.0

1.108.1

1.108.0

1.107.0

1.106.1

1.106.0

1.105.0

1.104.0

1.103.0

1.102.0

1.101.0

1.100.0

1.99.0

1.98.0

1.97.0

1.96.0

1.95.2

1.95.1

1.95.0

1.94.1

1.94.0

1.93.0

1.92.0

1.91.0

1.90.1

1.90.0

1.89.0

1.88.0

1.87.1

1.87.0

1.86.0

1.85.0

1.84.0

1.83.0

1.82.0

1.81.0

1.80.0

1.79.0

1.78.0

1.77.0

1.76.0

1.75.0

1.74.0

1.73.0

1.72.0

1.71.0

1.70.0

1.69.0

1.68.0

1.67.0

1.66.0

1.65.0

1.64.1

1.64.0

1.63.0

1.62.0

1.61.1

1.61.0

1.60.0

1.59.0

1.58.0

1.57.0

1.56.0

1.55.0

1.54.0

1.53.0

1.52.0

1.51.0

1.50.0

1.49.1

1.49.0

1.48.0

1.47.1

1.47.0

1.46.0

1.45.0

1.44.0

1.43.0

1.42.1

1.42.0

1.41.0

1.40.0

1.39.0

1.38.0

1.37.0

1.36.1

1.36.0

1.35.0

1.34.1

1.34.0

1.33.1

1.33.0

1.32.2

1.32.1

1.32.0

1.31.0

1.30.0

1.29.0

1.28.0

1.27.0

1.26.0

1.25.0

1.24.0

1.23.0

1.22.0

1.21.1

1.21.0

1.20.0

1.19.0

1.18.0

1.17.1

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.0

1.11.0

1.10.1

1.10.0

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.39.0

0.38.0

0.37.0

0.36.2

0.36.1

0.36.0

0.35.0

0.34.0

0.33.0

This version

0.32.0

0.31.0

0.30.0

0.29.0

0.28.0

0.27.0

0.26.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cdk.aws-config-0.32.0.tar.gz (65.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aws_cdk.aws_config-0.32.0-py3-none-any.whl (63.4 kB view details)

Uploaded Python 3

File details

Details for the file aws-cdk.aws-config-0.32.0.tar.gz.

File metadata

  • Download URL: aws-cdk.aws-config-0.32.0.tar.gz
  • Upload date:
  • Size: 65.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.32.1 CPython/3.6.5

File hashes

Hashes for aws-cdk.aws-config-0.32.0.tar.gz
Algorithm Hash digest
SHA256 4a5bc3869e7f98e5d2682e6da630023795f53afe6cda8afa8ca0baf9367d5e69
MD5 db1b21eb269a02284c5364ee73b2ff6b
BLAKE2b-256 c0d4aef708c50c4954a4ac4752d1e71b743a19b9af999aed9b375fa52a73a4b0

See more details on using hashes here.

File details

Details for the file aws_cdk.aws_config-0.32.0-py3-none-any.whl.

File metadata

  • Download URL: aws_cdk.aws_config-0.32.0-py3-none-any.whl
  • Upload date:
  • Size: 63.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.0.1 requests-toolbelt/0.9.1 tqdm/4.32.1 CPython/3.6.5

File hashes

Hashes for aws_cdk.aws_config-0.32.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a8172c94866617d9edb29050754b71fa5127a4e085263d31921fd7503204a956
MD5 16b463ed88a5f995389aa9645d79260f
BLAKE2b-256 c663a528b8bac80ec4277377f5ecc575f2b63c46da5cbc6411758c0434d16b63

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page