awsconfig

package
v1.168.0-devpreview Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 9, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

README

AWS Config Construct Library

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

This module is part of the AWS Cloud Development Kit project.

Initial Setup

Before using the constructs provided in this module, you need to set up AWS Config in the region in which it will be used. This setup includes the one-time creation of the following resources per region:

  • ConfigurationRecorder: Configure which resources will be recorded for config changes.
  • DeliveryChannel: Configure where to store the recorded data.

The following guides provide the steps for getting started with AWS Config:

Rules

AWS Config can evaluate the configuration settings of your AWS resources by creating AWS Config rules, which represent your ideal configuration settings.

See Evaluating Resources with AWS Config Rules to learn more about AWS Config rules.

AWS Managed Rules

AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.

For example, you could create a managed rule that checks whether active access keys are rotated within the number of days specified.

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	inputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_TWELVE_HOURS,
})

Identifiers for AWS managed rules are available through static constants in the ManagedRuleIdentifiers class. You can find supported input parameters in the List of AWS Config Managed Rules.

The following higher level constructs for AWS managed rules are available.

Access Key rotation

Checks whether your active access keys are rotated within the number of days specified.

// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))
CloudFormation Stack drift detection

Checks whether your CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration.

// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &cloudFormationStackDriftDetectionCheckProps{
	ownStackOnly: jsii.Boolean(true),
})
CloudFormation Stack notifications

Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &cloudFormationStackNotificationCheckProps{
	topics: []iTopic{
		topic1,
		topic2,
	},
})
Custom rules

You can develop custom rules and add them to AWS Config. You associate each custom rule with an AWS Lambda function, which contains the logic that evaluates whether your AWS resources comply with the rule.

Triggers

AWS Lambda executes functions in response to events that are published by AWS Services. The function for a custom Config rule receives an event that is published by AWS Config, and is responsible for evaluating the compliance of the rule.

Evaluations can be triggered by configuration changes, periodically, or both. To create a custom rule, define a CustomRule and specify the Lambda Function to run and the trigger types.

var evalComplianceFn function


config.NewCustomRule(this, jsii.String("CustomRule"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	periodic: jsii.Boolean(true),

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_SIX_HOURS,
})

When the trigger for a rule occurs, the Lambda function is invoked by publishing an event. See example events for AWS Config Rules

The AWS documentation has examples of Lambda functions for evaluations that are triggered by configuration changes and triggered periodically

Scope

By default rules are triggered by changes to all resources.

Use the RuleScope APIs (fromResource(), fromResources() or fromTag()) to restrict the scope of both managed and custom rules:

var evalComplianceFn function
sshRule := config.NewManagedRule(this, jsii.String("SSH"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED(),
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_SECURITY_GROUP(), jsii.String("sg-1234567890abcdefgh")),
})
customRule := config.NewCustomRule(this, jsii.String("Lambda"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromResources([]*resourceType{
		config.*resourceType_CLOUDFORMATION_STACK(),
		config.*resourceType_S3_BUCKET(),
	}),
})

tagRule := config.NewCustomRule(this, jsii.String("CostCenterTagRule"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromTag(jsii.String("Cost Center"), jsii.String("MyApp")),
})
Events

You can define Amazon EventBridge event rules which trigger when a compliance check fails or when a rule is re-evaluated.

Use the onComplianceChange() APIs to trigger an EventBridge event when a compliance check of your AWS Config Rule fails:

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &onEventOptions{
	target: targets.NewSnsTopic(complianceTopic),
})

Use the onReEvaluationStatus() status to trigger an EventBridge event when an AWS Config rule is re-evaluated.

// Topic to which re-evaluation notification events will be published
reEvaluationTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onReEvaluationStatus(jsii.String("ReEvaluationEvent"), &onEventOptions{
	target: targets.NewSnsTopic(reEvaluationTopic),
})
Example

The following example creates a custom rule that evaluates whether EC2 instances are compliant. Compliance events are published to an SNS topic.

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &functionProps{
	code: lambda.assetCode.fromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	handler: jsii.String("index.handler"),
	runtime: lambda.runtime_NODEJS_12_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &customRuleProps{
	configurationChanges: jsii.Boolean(true),
	lambdaFunction: evalComplianceFn,
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_INSTANCE()),
})

// A rule to detect stack drifts
driftRule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

// Send notification on compliance change events
driftRule.onComplianceChange(jsii.String("ComplianceChange"), &onEventOptions{
	target: targets.NewSnsTopic(complianceTopic),
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessKeysRotated_IsConstruct 

func AccessKeysRotated_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func AccessKeysRotated_IsResource 

func AccessKeysRotated_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME 

func CfnAggregationAuthorization_CFN_RESOURCE_TYPE_NAME() *string

func CfnAggregationAuthorization_IsCfnElement 

func CfnAggregationAuthorization_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnAggregationAuthorization_IsCfnResource 

func CfnAggregationAuthorization_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnAggregationAuthorization_IsConstruct 

func CfnAggregationAuthorization_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnConfigRule_CFN_RESOURCE_TYPE_NAME 

func CfnConfigRule_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigRule_IsCfnElement 

func CfnConfigRule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnConfigRule_IsCfnResource 

func CfnConfigRule_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnConfigRule_IsConstruct 

func CfnConfigRule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME 

func CfnConfigurationAggregator_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigurationAggregator_IsCfnElement 

func CfnConfigurationAggregator_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnConfigurationAggregator_IsCfnResource 

func CfnConfigurationAggregator_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnConfigurationAggregator_IsConstruct 

func CfnConfigurationAggregator_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME 

func CfnConfigurationRecorder_CFN_RESOURCE_TYPE_NAME() *string

func CfnConfigurationRecorder_IsCfnElement 

func CfnConfigurationRecorder_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnConfigurationRecorder_IsCfnResource 

func CfnConfigurationRecorder_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnConfigurationRecorder_IsConstruct 

func CfnConfigurationRecorder_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnConformancePack_CFN_RESOURCE_TYPE_NAME 

func CfnConformancePack_CFN_RESOURCE_TYPE_NAME() *string

func CfnConformancePack_IsCfnElement 

func CfnConformancePack_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnConformancePack_IsCfnResource 

func CfnConformancePack_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnConformancePack_IsConstruct 

func CfnConformancePack_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME 

func CfnDeliveryChannel_CFN_RESOURCE_TYPE_NAME() *string

func CfnDeliveryChannel_IsCfnElement 

func CfnDeliveryChannel_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnDeliveryChannel_IsCfnResource 

func CfnDeliveryChannel_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnDeliveryChannel_IsConstruct 

func CfnDeliveryChannel_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME 

func CfnOrganizationConfigRule_CFN_RESOURCE_TYPE_NAME() *string

func CfnOrganizationConfigRule_IsCfnElement 

func CfnOrganizationConfigRule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnOrganizationConfigRule_IsCfnResource 

func CfnOrganizationConfigRule_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnOrganizationConfigRule_IsConstruct 

func CfnOrganizationConfigRule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME 

func CfnOrganizationConformancePack_CFN_RESOURCE_TYPE_NAME() *string

func CfnOrganizationConformancePack_IsCfnElement 

func CfnOrganizationConformancePack_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnOrganizationConformancePack_IsCfnResource 

func CfnOrganizationConformancePack_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnOrganizationConformancePack_IsConstruct 

func CfnOrganizationConformancePack_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME 

func CfnRemediationConfiguration_CFN_RESOURCE_TYPE_NAME() *string

func CfnRemediationConfiguration_IsCfnElement 

func CfnRemediationConfiguration_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnRemediationConfiguration_IsCfnResource 

func CfnRemediationConfiguration_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnRemediationConfiguration_IsConstruct 

func CfnRemediationConfiguration_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME 

func CfnStoredQuery_CFN_RESOURCE_TYPE_NAME() *string

func CfnStoredQuery_IsCfnElement 

func CfnStoredQuery_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnStoredQuery_IsCfnResource 

func CfnStoredQuery_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnStoredQuery_IsConstruct 

func CfnStoredQuery_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CloudFormationStackDriftDetectionCheck_IsConstruct 

func CloudFormationStackDriftDetectionCheck_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CloudFormationStackDriftDetectionCheck_IsResource 

func CloudFormationStackDriftDetectionCheck_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func CloudFormationStackNotificationCheck_IsConstruct 

func CloudFormationStackNotificationCheck_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CloudFormationStackNotificationCheck_IsResource 

func CloudFormationStackNotificationCheck_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func CustomRule_IsConstruct 

func CustomRule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CustomRule_IsResource 

func CustomRule_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED 

func ManagedRuleIdentifiers_ACCESS_KEYS_ROTATED() *string

func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS 

func ManagedRuleIdentifiers_ACCOUNT_PART_OF_ORGANIZATIONS() *string

func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK 

func ManagedRuleIdentifiers_ACM_CERTIFICATE_EXPIRATION_CHECK() *string

func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED 

func ManagedRuleIdentifiers_ALB_HTTP_DROP_INVALID_HEADER_ENABLED() *string

func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK 

func ManagedRuleIdentifiers_ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK() *string

func ManagedRuleIdentifiers_ALB_WAF_ENABLED 

func ManagedRuleIdentifiers_ALB_WAF_ENABLED() *string

func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED 

func ManagedRuleIdentifiers_API_GW_CACHE_ENABLED_AND_ENCRYPTED() *string

func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK 

func ManagedRuleIdentifiers_API_GW_ENDPOINT_TYPE_CHECK() *string

func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED 

func ManagedRuleIdentifiers_API_GW_EXECUTION_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID 

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_ID() *string

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG 

func ManagedRuleIdentifiers_APPROVED_AMIS_BY_TAG() *string

func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED 

func ManagedRuleIdentifiers_AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED() *string

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK 

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK 

func ManagedRuleIdentifiers_CLOUDFORMATION_STACK_NOTIFICATION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED 

func ManagedRuleIdentifiers_CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED 

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED 

func ManagedRuleIdentifiers_CLOUDFRONT_ORIGIN_FAILOVER_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED 

func ManagedRuleIdentifiers_CLOUDFRONT_SNI_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS 

func ManagedRuleIdentifiers_CLOUDFRONT_VIEWER_POLICY_HTTPS() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED 

func ManagedRuleIdentifiers_CLOUDTRAIL_MULTI_REGION_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED 

func ManagedRuleIdentifiers_CLOUDTRAIL_S3_DATAEVENTS_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED 

func ManagedRuleIdentifiers_CLOUDTRAIL_SECURITY_TRAIL_ENABLED() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK 

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_ACTION_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK 

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_RESOURCE_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK 

func ManagedRuleIdentifiers_CLOUDWATCH_ALARM_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED 

func ManagedRuleIdentifiers_CLOUDWATCH_LOG_GROUP_ENCRYPTED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED 

func ManagedRuleIdentifiers_CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED 

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED 

func ManagedRuleIdentifiers_CLOUD_TRAIL_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED 

func ManagedRuleIdentifiers_CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED() *string

func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED 

func ManagedRuleIdentifiers_CMK_BACKING_KEY_ROTATION_ENABLED() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK 

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK() *string

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK 

func ManagedRuleIdentifiers_CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK() *string

func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK 

func ManagedRuleIdentifiers_CODEPIPELINE_DEPLOYMENT_COUNT_CHECK() *string

func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK 

func ManagedRuleIdentifiers_CODEPIPELINE_REGION_FANOUT_CHECK() *string

func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK 

func ManagedRuleIdentifiers_CW_LOGGROUP_RETENTION_PERIOD_CHECK() *string

func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED 

func ManagedRuleIdentifiers_DAX_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC 

func ManagedRuleIdentifiers_DMS_REPLICATION_NOT_PUBLIC() *string

func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED 

func ManagedRuleIdentifiers_DYNAMODB_AUTOSCALING_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN 

func ManagedRuleIdentifiers_DYNAMODB_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED 

func ManagedRuleIdentifiers_DYNAMODB_PITR_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS 

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTED_KMS() *string

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED 

func ManagedRuleIdentifiers_DYNAMODB_TABLE_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK 

func ManagedRuleIdentifiers_DYNAMODB_THROUGHPUT_LIMIT_CHECK() *string

func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES 

func ManagedRuleIdentifiers_EBS_ENCRYPTED_VOLUMES() *string

func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN 

func ManagedRuleIdentifiers_EBS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE 

func ManagedRuleIdentifiers_EBS_OPTIMIZED_INSTANCE() *string

func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK 

func ManagedRuleIdentifiers_EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK() *string

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY 

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TENANCY() *string

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE 

func ManagedRuleIdentifiers_EC2_DESIRED_INSTANCE_TYPE() *string

func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT 

func ManagedRuleIdentifiers_EC2_EBS_ENCRYPTION_BY_DEFAULT() *string

func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK 

func ManagedRuleIdentifiers_EC2_IMDSV2_CHECK() *string

func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC 

func ManagedRuleIdentifiers_EC2_INSTANCES_IN_VPC() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED 

func ManagedRuleIdentifiers_EC2_INSTANCE_DETAILED_MONITORING_ENABLED() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM 

func ManagedRuleIdentifiers_EC2_INSTANCE_MANAGED_BY_SSM() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP 

func ManagedRuleIdentifiers_EC2_INSTANCE_NO_PUBLIC_IP() *string

func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED 

func ManagedRuleIdentifiers_EC2_INSTANCE_PROFILE_ATTACHED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK() *string

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK 

func ManagedRuleIdentifiers_EC2_MANAGED_INSTANCE_PLATFORM_CHECK() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED 

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC 

func ManagedRuleIdentifiers_EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC() *string

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI 

func ManagedRuleIdentifiers_EC2_SECURITY_GROUP_ATTACHED_TO_ENI() *string

func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE 

func ManagedRuleIdentifiers_EC2_STOPPED_INSTANCE() *string

func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK 

func ManagedRuleIdentifiers_EC2_VOLUME_INUSE_CHECK() *string

func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK 

func ManagedRuleIdentifiers_EFS_ENCRYPTED_CHECK() *string

func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN 

func ManagedRuleIdentifiers_EFS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_EIP_ATTACHED 

func ManagedRuleIdentifiers_EIP_ATTACHED() *string

func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS 

func ManagedRuleIdentifiers_EKS_ENDPOINT_NO_PUBLIC_ACCESS() *string

func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED 

func ManagedRuleIdentifiers_EKS_SECRETS_ENCRYPTED() *string

func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK 

func ManagedRuleIdentifiers_ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST 

func ManagedRuleIdentifiers_ELASTICSEARCH_ENCRYPTED_AT_REST() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY 

func ManagedRuleIdentifiers_ELASTICSEARCH_IN_VPC_ONLY() *string

func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK 

func ManagedRuleIdentifiers_ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK() *string

func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED 

func ManagedRuleIdentifiers_ELB_ACM_CERTIFICATE_REQUIRED() *string

func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED 

func ManagedRuleIdentifiers_ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED() *string

func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK 

func ManagedRuleIdentifiers_ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK() *string

func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED 

func ManagedRuleIdentifiers_ELB_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED 

func ManagedRuleIdentifiers_ELB_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK 

func ManagedRuleIdentifiers_ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK() *string

func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY 

func ManagedRuleIdentifiers_ELB_TLS_HTTPS_LISTENERS_ONLY() *string

func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED 

func ManagedRuleIdentifiers_EMR_KERBEROS_ENABLED() *string

func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP 

func ManagedRuleIdentifiers_EMR_MASTER_NO_PUBLIC_IP() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK 

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK 

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_CONTENT_CHECK() *string

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK 

func ManagedRuleIdentifiers_FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK() *string

func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK 

func ManagedRuleIdentifiers_FMS_SHIELD_RESOURCE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK 

func ManagedRuleIdentifiers_FMS_WEBACL_RESOURCE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK 

func ManagedRuleIdentifiers_FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK() *string

func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED 

func ManagedRuleIdentifiers_GUARDDUTY_ENABLED_CENTRALIZED() *string

func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS 

func ManagedRuleIdentifiers_GUARDDUTY_NON_ARCHIVED_FINDINGS() *string

func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS 

func ManagedRuleIdentifiers_IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS() *string

func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK 

func ManagedRuleIdentifiers_IAM_GROUP_HAS_USERS_CHECK() *string

func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS 

func ManagedRuleIdentifiers_IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS() *string

func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK 

func ManagedRuleIdentifiers_IAM_NO_INLINE_POLICY_CHECK() *string

func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY 

func ManagedRuleIdentifiers_IAM_PASSWORD_POLICY() *string

func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK 

func ManagedRuleIdentifiers_IAM_POLICY_BLOCKED_CHECK() *string

func ManagedRuleIdentifiers_IAM_POLICY_IN_USE 

func ManagedRuleIdentifiers_IAM_POLICY_IN_USE() *string

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS 

func ManagedRuleIdentifiers_IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS() *string

func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK 

func ManagedRuleIdentifiers_IAM_ROLE_MANAGED_POLICY_CHECK() *string

func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK 

func ManagedRuleIdentifiers_IAM_ROOT_ACCESS_KEY_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK 

func ManagedRuleIdentifiers_IAM_USER_GROUP_MEMBERSHIP_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED 

func ManagedRuleIdentifiers_IAM_USER_MFA_ENABLED() *string

func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK 

func ManagedRuleIdentifiers_IAM_USER_NO_POLICIES_CHECK() *string

func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK 

func ManagedRuleIdentifiers_IAM_USER_UNUSED_CREDENTIALS_CHECK() *string

func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY 

func ManagedRuleIdentifiers_INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY() *string

func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION 

func ManagedRuleIdentifiers_KMS_CMK_NOT_SCHEDULED_FOR_DELETION() *string

func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK 

func ManagedRuleIdentifiers_LAMBDA_CONCURRENCY_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK 

func ManagedRuleIdentifiers_LAMBDA_DLQ_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED 

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED() *string

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK 

func ManagedRuleIdentifiers_LAMBDA_FUNCTION_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC 

func ManagedRuleIdentifiers_LAMBDA_INSIDE_VPC() *string

func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS 

func ManagedRuleIdentifiers_MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS() *string

func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED 

func ManagedRuleIdentifiers_RDS_CLUSTER_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED 

func ManagedRuleIdentifiers_RDS_DB_INSTANCE_BACKUP_ENABLED() *string

func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED 

func ManagedRuleIdentifiers_RDS_ENHANCED_MONITORING_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED 

func ManagedRuleIdentifiers_RDS_INSTANCE_DELETION_PROTECTION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED 

func ManagedRuleIdentifiers_RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED() *string

func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK 

func ManagedRuleIdentifiers_RDS_INSTANCE_PUBLIC_ACCESS_CHECK() *string

func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN 

func ManagedRuleIdentifiers_RDS_IN_BACKUP_PLAN() *string

func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED 

func ManagedRuleIdentifiers_RDS_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT 

func ManagedRuleIdentifiers_RDS_MULTI_AZ_SUPPORT() *string

func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED 

func ManagedRuleIdentifiers_RDS_SNAPSHOTS_PUBLIC_PROHIBITED() *string

func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED 

func ManagedRuleIdentifiers_RDS_SNAPSHOT_ENCRYPTED() *string

func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED 

func ManagedRuleIdentifiers_RDS_STORAGE_ENCRYPTED() *string

func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED 

func ManagedRuleIdentifiers_REDSHIFT_BACKUP_ENABLED() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK 

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_CONFIGURATION_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK 

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK 

func ManagedRuleIdentifiers_REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK() *string

func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL 

func ManagedRuleIdentifiers_REDSHIFT_REQUIRE_TLS_SSL() *string

func ManagedRuleIdentifiers_REQUIRED_TAGS 

func ManagedRuleIdentifiers_REQUIRED_TAGS() *string

func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED 

func ManagedRuleIdentifiers_ROOT_ACCOUNT_HARDWARE_MFA_ENABLED() *string

func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED 

func ManagedRuleIdentifiers_ROOT_ACCOUNT_MFA_ENABLED() *string

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS 

func ManagedRuleIdentifiers_S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS() *string

func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED 

func ManagedRuleIdentifiers_S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED 

func ManagedRuleIdentifiers_S3_BUCKET_DEFAULT_LOCK_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED 

func ManagedRuleIdentifiers_S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED 

func ManagedRuleIdentifiers_S3_BUCKET_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK 

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_GRANTEE_CHECK() *string

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE 

func ManagedRuleIdentifiers_S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE() *string

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED 

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_READ_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED 

func ManagedRuleIdentifiers_S3_BUCKET_PUBLIC_WRITE_PROHIBITED() *string

func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED 

func ManagedRuleIdentifiers_S3_BUCKET_REPLICATION_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED 

func ManagedRuleIdentifiers_S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED() *string

func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY 

func ManagedRuleIdentifiers_S3_BUCKET_SSL_REQUESTS_ONLY() *string

func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED 

func ManagedRuleIdentifiers_S3_BUCKET_VERSIONING_ENABLED() *string

func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS 

func ManagedRuleIdentifiers_S3_DEFAULT_ENCRYPTION_KMS() *string

func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED 

func ManagedRuleIdentifiers_SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED() *string

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED 

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED() *string

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS 

func ManagedRuleIdentifiers_SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK 

func ManagedRuleIdentifiers_SECRETSMANAGER_ROTATION_ENABLED_CHECK() *string

func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK 

func ManagedRuleIdentifiers_SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK() *string

func ManagedRuleIdentifiers_SECURITYHUB_ENABLED 

func ManagedRuleIdentifiers_SECURITYHUB_ENABLED() *string

func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED 

func ManagedRuleIdentifiers_SERVICE_VPC_ENDPOINT_ENABLED() *string

func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW 

func ManagedRuleIdentifiers_SHIELD_ADVANCED_ENABLED_AUTO_RENEW() *string

func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS 

func ManagedRuleIdentifiers_SHIELD_DRT_ACCESS() *string

func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS 

func ManagedRuleIdentifiers_SNS_ENCRYPTED_KMS() *string

func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED 

func ManagedRuleIdentifiers_VPC_DEFAULT_SECURITY_GROUP_CLOSED() *string

func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED 

func ManagedRuleIdentifiers_VPC_FLOW_LOGS_ENABLED() *string

func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS 

func ManagedRuleIdentifiers_VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS() *string

func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP 

func ManagedRuleIdentifiers_VPC_VPN_2_TUNNELS_UP() *string

func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED 

func ManagedRuleIdentifiers_WAFV2_LOGGING_ENABLED() *string

func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED 

func ManagedRuleIdentifiers_WAF_CLASSIC_LOGGING_ENABLED() *string

func ManagedRule_IsConstruct 

func ManagedRule_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func ManagedRule_IsResource 

func ManagedRule_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewAccessKeysRotated_Override 

func NewAccessKeysRotated_Override(a AccessKeysRotated, scope constructs.Construct, id *string, props *AccessKeysRotatedProps)

Experimental.

func NewCfnAggregationAuthorization_Override 

func NewCfnAggregationAuthorization_Override(c CfnAggregationAuthorization, scope awscdk.Construct, id *string, props *CfnAggregationAuthorizationProps)

Create a new `AWS::Config::AggregationAuthorization`.

func NewCfnConfigRule_Override 

func NewCfnConfigRule_Override(c CfnConfigRule, scope awscdk.Construct, id *string, props *CfnConfigRuleProps)

Create a new `AWS::Config::ConfigRule`.

func NewCfnConfigurationAggregator_Override 

func NewCfnConfigurationAggregator_Override(c CfnConfigurationAggregator, scope awscdk.Construct, id *string, props *CfnConfigurationAggregatorProps)

Create a new `AWS::Config::ConfigurationAggregator`.

func NewCfnConfigurationRecorder_Override 

func NewCfnConfigurationRecorder_Override(c CfnConfigurationRecorder, scope awscdk.Construct, id *string, props *CfnConfigurationRecorderProps)

Create a new `AWS::Config::ConfigurationRecorder`.

func NewCfnConformancePack_Override 

func NewCfnConformancePack_Override(c CfnConformancePack, scope awscdk.Construct, id *string, props *CfnConformancePackProps)

Create a new `AWS::Config::ConformancePack`.

func NewCfnDeliveryChannel_Override 

func NewCfnDeliveryChannel_Override(c CfnDeliveryChannel, scope awscdk.Construct, id *string, props *CfnDeliveryChannelProps)

Create a new `AWS::Config::DeliveryChannel`.

func NewCfnOrganizationConfigRule_Override 

func NewCfnOrganizationConfigRule_Override(c CfnOrganizationConfigRule, scope awscdk.Construct, id *string, props *CfnOrganizationConfigRuleProps)

Create a new `AWS::Config::OrganizationConfigRule`.

func NewCfnOrganizationConformancePack_Override 

func NewCfnOrganizationConformancePack_Override(c CfnOrganizationConformancePack, scope awscdk.Construct, id *string, props *CfnOrganizationConformancePackProps)

Create a new `AWS::Config::OrganizationConformancePack`.

func NewCfnRemediationConfiguration_Override 

func NewCfnRemediationConfiguration_Override(c CfnRemediationConfiguration, scope awscdk.Construct, id *string, props *CfnRemediationConfigurationProps)

Create a new `AWS::Config::RemediationConfiguration`.

func NewCfnStoredQuery_Override 

func NewCfnStoredQuery_Override(c CfnStoredQuery, scope awscdk.Construct, id *string, props *CfnStoredQueryProps)

Create a new `AWS::Config::StoredQuery`.

func NewCloudFormationStackDriftDetectionCheck_Override 

func NewCloudFormationStackDriftDetectionCheck_Override(c CloudFormationStackDriftDetectionCheck, scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps)

Experimental.

func NewCloudFormationStackNotificationCheck_Override 

func NewCloudFormationStackNotificationCheck_Override(c CloudFormationStackNotificationCheck, scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps)

Experimental.

func NewCustomRule_Override 

func NewCustomRule_Override(c CustomRule, scope constructs.Construct, id *string, props *CustomRuleProps)

Experimental.

func NewManagedRule_Override 

func NewManagedRule_Override(m ManagedRule, scope constructs.Construct, id *string, props *ManagedRuleProps)

Experimental.

Types

type AccessKeysRotated 

type AccessKeysRotated interface {
	ManagedRule
	// The arn of the rule.
	// Experimental.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	// Experimental.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	// Experimental.
	ConfigRuleId() *string
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// Experimental.
	IsCustomWithChanges() *bool
	// Experimental.
	SetIsCustomWithChanges(val *bool)
	// Experimental.
	IsManaged() *bool
	// Experimental.
	SetIsManaged(val *bool)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Experimental.
	RuleScope() RuleScope
	// Experimental.
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
}

Checks whether the active access keys are rotated within the number of days specified in `maxAge`.

Example: 

// compliant if access keys have been rotated within the last 90 days
// compliant if access keys have been rotated within the last 90 days
config.NewAccessKeysRotated(this, jsii.String("AccessKeyRotated"))

See: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html

Experimental.

func NewAccessKeysRotated 

func NewAccessKeysRotated(scope constructs.Construct, id *string, props *AccessKeysRotatedProps) AccessKeysRotated

Experimental.

type AccessKeysRotatedProps 

type AccessKeysRotatedProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The maximum number of days within which the access keys must be rotated.
	// Experimental.
	MaxAge awscdk.Duration `field:"optional" json:"maxAge" yaml:"maxAge"`
}

Construction properties for a AccessKeysRotated.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import monocdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var duration duration
var inputParameters interface{}
var ruleScope ruleScope

accessKeysRotatedProps := &accessKeysRotatedProps{
	configRuleName: jsii.String("configRuleName"),
	description: jsii.String("description"),
	inputParameters: map[string]interface{}{
		"inputParametersKey": inputParameters,
	},
	maxAge: duration,
	maximumExecutionFrequency: awscdk.Aws_config.maximumExecutionFrequency_ONE_HOUR,
	ruleScope: ruleScope,
}

Experimental.

type CfnAggregationAuthorization 

type CfnAggregationAuthorization interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The Amazon Resource Name (ARN) of the aggregation object.
	AttrAggregationAuthorizationArn() *string
	// The 12-digit account ID of the account authorized to aggregate data.
	AuthorizedAccountId() *string
	SetAuthorizedAccountId(val *string)
	// The region authorized to collect aggregated data.
	AuthorizedAwsRegion() *string
	SetAuthorizedAwsRegion(val *string)
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// An array of tag object.
	Tags() awscdk.TagManager
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::AggregationAuthorization`.

An object that represents the authorizations granted to aggregator accounts and regions.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAggregationAuthorization := awscdk.Aws_config.NewCfnAggregationAuthorization(this, jsii.String("MyCfnAggregationAuthorization"), &cfnAggregationAuthorizationProps{
	authorizedAccountId: jsii.String("authorizedAccountId"),
	authorizedAwsRegion: jsii.String("authorizedAwsRegion"),

	// the properties below are optional
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
})

func NewCfnAggregationAuthorization 

func NewCfnAggregationAuthorization(scope awscdk.Construct, id *string, props *CfnAggregationAuthorizationProps) CfnAggregationAuthorization

Create a new `AWS::Config::AggregationAuthorization`.

type CfnAggregationAuthorizationProps 

type CfnAggregationAuthorizationProps struct {
	// The 12-digit account ID of the account authorized to aggregate data.
	AuthorizedAccountId *string `field:"required" json:"authorizedAccountId" yaml:"authorizedAccountId"`
	// The region authorized to collect aggregated data.
	AuthorizedAwsRegion *string `field:"required" json:"authorizedAwsRegion" yaml:"authorizedAwsRegion"`
	// An array of tag object.
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnAggregationAuthorization`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAggregationAuthorizationProps := &cfnAggregationAuthorizationProps{
	authorizedAccountId: jsii.String("authorizedAccountId"),
	authorizedAwsRegion: jsii.String("authorizedAwsRegion"),

	// the properties below are optional
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
}

type CfnConfigRule 

type CfnConfigRule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The Amazon Resource Name (ARN) of the AWS Config rule, such as `arn:aws:config:us-east-1:123456789012:config-rule/config-rule-a1bzhi` .
	AttrArn() *string
	// The compliance status of an AWS Config rule, such as `COMPLIANT` or `NON_COMPLIANT` .
	AttrComplianceType() *string
	// The ID of the AWS Config rule, such as `config-rule-a1bzhi` .
	AttrConfigRuleId() *string
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// A name for the AWS Config rule.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	ConfigRuleName() *string
	SetConfigRuleName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The description that you provide for the AWS Config rule.
	Description() *string
	SetDescription(val *string)
	// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
	InputParameters() interface{}
	SetInputParameters(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// You can specify a value for `MaximumExecutionFrequency` when:
	//
	// - You are using an AWS managed rule that is triggered at a periodic frequency.
	// - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	MaximumExecutionFrequency() *string
	SetMaximumExecutionFrequency(val *string)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// Defines which resources can trigger an evaluation for the rule.
	//
	// The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
	//
	// > The scope can be empty.
	Scope() interface{}
	SetScope(val interface{})
	// Provides the rule owner ( AWS or customer), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
	Source() interface{}
	SetSource(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::ConfigRule`.

Specifies an AWS Config rule for evaluating whether your AWS resources comply with your desired configurations.

You can use this action for custom AWS Config rules and AWS managed Config rules. A custom AWS Config rule is a rule that you develop and maintain. An AWS managed Config rule is a customizable, predefined rule that AWS Config provides.

If you are adding a new custom AWS Config rule, you must first create the AWS Lambda function that the rule invokes to evaluate your resources. When you use the `PutConfigRule` action to add the rule to AWS Config , you must specify the Amazon Resource Name (ARN) that AWS Lambda assigns to the function. Specify the ARN for the `SourceIdentifier` key. This key is part of the `Source` object, which is part of the `ConfigRule` object.

If you are adding an AWS managed Config rule, specify the rule's identifier for the `SourceIdentifier` key. To reference AWS managed Config rule identifiers, see [About AWS Managed Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .

For any new rule that you add, specify the `ConfigRuleName` in the `ConfigRule` object. Do not specify the `ConfigRuleArn` or the `ConfigRuleId` . These values are generated by AWS Config for new rules.

If you are updating a rule that you added previously, you can specify the rule by `ConfigRuleName` , `ConfigRuleId` , or `ConfigRuleArn` in the `ConfigRule` data type that you use in this request.

The maximum number of rules that AWS Config supports is 400.

For information about requesting a rule limit increase, see [AWS Config endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/awsconfig.html) in the *AWS General Reference Guide* .

For more information about developing and using AWS Config rules, see [Evaluating AWS Resource Configurations with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html) in the *AWS Config Developer Guide* .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}

cfnConfigRule := awscdk.Aws_config.NewCfnConfigRule(this, jsii.String("MyCfnConfigRule"), &cfnConfigRuleProps{
	source: &sourceProperty{
		owner: jsii.String("owner"),

		// the properties below are optional
		customPolicyDetails: &customPolicyDetailsProperty{
			enableDebugLogDelivery: jsii.Boolean(false),
			policyRuntime: jsii.String("policyRuntime"),
			policyText: jsii.String("policyText"),
		},
		sourceDetails: []interface{}{
			&sourceDetailProperty{
				eventSource: jsii.String("eventSource"),
				messageType: jsii.String("messageType"),

				// the properties below are optional
				maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
			},
		},
		sourceIdentifier: jsii.String("sourceIdentifier"),
	},

	// the properties below are optional
	configRuleName: jsii.String("configRuleName"),
	description: jsii.String("description"),
	inputParameters: inputParameters,
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	scope: &scopeProperty{
		complianceResourceId: jsii.String("complianceResourceId"),
		complianceResourceTypes: []*string{
			jsii.String("complianceResourceTypes"),
		},
		tagKey: jsii.String("tagKey"),
		tagValue: jsii.String("tagValue"),
	},
})

func NewCfnConfigRule 

func NewCfnConfigRule(scope awscdk.Construct, id *string, props *CfnConfigRuleProps) CfnConfigRule

Create a new `AWS::Config::ConfigRule`.

type CfnConfigRuleProps 

type CfnConfigRuleProps struct {
	// Provides the rule owner ( AWS or customer), the rule identifier, and the notifications that cause the function to evaluate your AWS resources.
	Source interface{} `field:"required" json:"source" yaml:"source"`
	// A name for the AWS Config rule.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// The description that you provide for the AWS Config rule.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to the AWS Config rule Lambda function.
	InputParameters interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// You can specify a value for `MaximumExecutionFrequency` when:
	//
	// - You are using an AWS managed rule that is triggered at a periodic frequency.
	// - Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see [ConfigSnapshotDeliveryProperties](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html) .
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources can trigger an evaluation for the rule.
	//
	// The scope can include one or more resource types, a combination of one resource type and one resource ID, or a combination of a tag key and value. Specify a scope to constrain the resources that can trigger an evaluation for the rule. If you do not specify a scope, evaluations are triggered when any resource in the recording group changes.
	//
	// > The scope can be empty.
	Scope interface{} `field:"optional" json:"scope" yaml:"scope"`
}

Properties for defining a `CfnConfigRule`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}

cfnConfigRuleProps := &cfnConfigRuleProps{
	source: &sourceProperty{
		owner: jsii.String("owner"),

		// the properties below are optional
		customPolicyDetails: &customPolicyDetailsProperty{
			enableDebugLogDelivery: jsii.Boolean(false),
			policyRuntime: jsii.String("policyRuntime"),
			policyText: jsii.String("policyText"),
		},
		sourceDetails: []interface{}{
			&sourceDetailProperty{
				eventSource: jsii.String("eventSource"),
				messageType: jsii.String("messageType"),

				// the properties below are optional
				maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
			},
		},
		sourceIdentifier: jsii.String("sourceIdentifier"),
	},

	// the properties below are optional
	configRuleName: jsii.String("configRuleName"),
	description: jsii.String("description"),
	inputParameters: inputParameters,
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	scope: &scopeProperty{
		complianceResourceId: jsii.String("complianceResourceId"),
		complianceResourceTypes: []*string{
			jsii.String("complianceResourceTypes"),
		},
		tagKey: jsii.String("tagKey"),
		tagValue: jsii.String("tagValue"),
	},
}

type CfnConfigRule_CustomPolicyDetailsProperty 

type CfnConfigRule_CustomPolicyDetailsProperty struct {
	// `CfnConfigRule.CustomPolicyDetailsProperty.EnableDebugLogDelivery`.
	EnableDebugLogDelivery interface{} `field:"optional" json:"enableDebugLogDelivery" yaml:"enableDebugLogDelivery"`
	// `CfnConfigRule.CustomPolicyDetailsProperty.PolicyRuntime`.
	PolicyRuntime *string `field:"optional" json:"policyRuntime" yaml:"policyRuntime"`
	// `CfnConfigRule.CustomPolicyDetailsProperty.PolicyText`.
	PolicyText *string `field:"optional" json:"policyText" yaml:"policyText"`
}

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customPolicyDetailsProperty := &customPolicyDetailsProperty{
	enableDebugLogDelivery: jsii.Boolean(false),
	policyRuntime: jsii.String("policyRuntime"),
	policyText: jsii.String("policyText"),
}

type CfnConfigRule_ScopeProperty 

type CfnConfigRule_ScopeProperty struct {
	// The ID of the only AWS resource that you want to trigger an evaluation for the rule.
	//
	// If you specify a resource ID, you must specify one resource type for `ComplianceResourceTypes` .
	ComplianceResourceId *string `field:"optional" json:"complianceResourceId" yaml:"complianceResourceId"`
	// The resource types of only those AWS resources that you want to trigger an evaluation for the rule.
	//
	// You can only specify one type if you also specify a resource ID for `ComplianceResourceId` .
	ComplianceResourceTypes *[]*string `field:"optional" json:"complianceResourceTypes" yaml:"complianceResourceTypes"`
	// The tag key that is applied to only those AWS resources that you want to trigger an evaluation for the rule.
	TagKey *string `field:"optional" json:"tagKey" yaml:"tagKey"`
	// The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.
	//
	// If you specify a value for `TagValue` , you must also specify a value for `TagKey` .
	TagValue *string `field:"optional" json:"tagValue" yaml:"tagValue"`
}

Defines which resources trigger an evaluation for an AWS Config rule.

The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

scopeProperty := &scopeProperty{
	complianceResourceId: jsii.String("complianceResourceId"),
	complianceResourceTypes: []*string{
		jsii.String("complianceResourceTypes"),
	},
	tagKey: jsii.String("tagKey"),
	tagValue: jsii.String("tagValue"),
}

type CfnConfigRule_SourceDetailProperty 

type CfnConfigRule_SourceDetailProperty struct {
	// The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources.
	EventSource *string `field:"required" json:"eventSource" yaml:"eventSource"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule.
	//
	// You can specify the following notification types:
	//
	// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
	// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
	// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
	// - `ConfigurationSnapshotDeliveryCompleted` - Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.
	//
	// If you want your custom rule to be triggered by configuration changes, specify two SourceDetail objects, one for `ConfigurationItemChangeNotification` and one for `OversizedConfigurationItemChangeNotification` .
	MessageType *string `field:"required" json:"messageType" yaml:"messageType"`
	// The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger.
	//
	// If you specify a value for `MaximumExecutionFrequency` , then `MessageType` must use the `ScheduledNotification` value.
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	// >
	// > Based on the valid value you choose, AWS Config runs evaluations once for each valid value. For example, if you choose `Three_Hours` , AWS Config runs evaluations once every three hours. In this case, `Three_Hours` is the frequency of this rule.
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
}

Provides the source and the message types that trigger AWS Config to evaluate your AWS resources against a rule.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic. You can specify the parameter values for `SourceDetail` only for custom rules.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceDetailProperty := &sourceDetailProperty{
	eventSource: jsii.String("eventSource"),
	messageType: jsii.String("messageType"),

	// the properties below are optional
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
}

type CfnConfigRule_SourceProperty 

type CfnConfigRule_SourceProperty struct {
	// Indicates whether AWS or the customer owns and manages the AWS Config rule.
	//
	// AWS Config Managed Rules are predefined rules owned by AWS . For more information, see [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the AWS Config developer guide.
	//
	// AWS Config Custom Rules are rules that you can develop either with Guard ( `CUSTOM_POLICY` ) or AWS Lambda ( `CUSTOM_LAMBDA` ). For more information, see [AWS Config Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the AWS Config developer guide.
	Owner *string `field:"required" json:"owner" yaml:"owner"`
	// `CfnConfigRule.SourceProperty.CustomPolicyDetails`.
	CustomPolicyDetails interface{} `field:"optional" json:"customPolicyDetails" yaml:"customPolicyDetails"`
	// Provides the source and the message types that cause AWS Config to evaluate your AWS resources against a rule.
	//
	// It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.
	//
	// If the owner is set to `CUSTOM_POLICY` , the only acceptable values for the AWS Config rule trigger message type are `ConfigurationItemChangeNotification` and `OversizedConfigurationItemChangeNotification` .
	SourceDetails interface{} `field:"optional" json:"sourceDetails" yaml:"sourceDetails"`
	// For AWS Config Managed rules, a predefined identifier from a list.
	//
	// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) .
	//
	// For AWS Config Custom Lambda rules, the identifier is the Amazon Resource Name (ARN) of the rule's AWS Lambda function, such as `arn:aws:lambda:us-east-2:123456789012:function:custom_rule_name` .
	//
	// For AWS Config Custom Policy rules, this field will be ignored.
	SourceIdentifier *string `field:"optional" json:"sourceIdentifier" yaml:"sourceIdentifier"`
}

Provides the CustomPolicyDetails, the rule owner ( AWS or customer), the rule identifier, and the events that cause the evaluation of your AWS resources.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceProperty := &sourceProperty{
	owner: jsii.String("owner"),

	// the properties below are optional
	customPolicyDetails: &customPolicyDetailsProperty{
		enableDebugLogDelivery: jsii.Boolean(false),
		policyRuntime: jsii.String("policyRuntime"),
		policyText: jsii.String("policyText"),
	},
	sourceDetails: []interface{}{
		&sourceDetailProperty{
			eventSource: jsii.String("eventSource"),
			messageType: jsii.String("messageType"),

			// the properties below are optional
			maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		},
	},
	sourceIdentifier: jsii.String("sourceIdentifier"),
}

type CfnConfigurationAggregator 

type CfnConfigurationAggregator interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Provides a list of source accounts and regions to be aggregated.
	AccountAggregationSources() interface{}
	SetAccountAggregationSources(val interface{})
	// The Amazon Resource Name (ARN) of the aggregator.
	AttrConfigurationAggregatorArn() *string
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// The name of the aggregator.
	ConfigurationAggregatorName() *string
	SetConfigurationAggregatorName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Provides an organization and list of regions to be aggregated.
	OrganizationAggregationSource() interface{}
	SetOrganizationAggregationSource(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// An array of tag object.
	Tags() awscdk.TagManager
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::ConfigurationAggregator`.

The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationAggregator := awscdk.Aws_config.NewCfnConfigurationAggregator(this, jsii.String("MyCfnConfigurationAggregator"), &cfnConfigurationAggregatorProps{
	accountAggregationSources: []interface{}{
		&accountAggregationSourceProperty{
			accountIds: []*string{
				jsii.String("accountIds"),
			},

			// the properties below are optional
			allAwsRegions: jsii.Boolean(false),
			awsRegions: []*string{
				jsii.String("awsRegions"),
			},
		},
	},
	configurationAggregatorName: jsii.String("configurationAggregatorName"),
	organizationAggregationSource: &organizationAggregationSourceProperty{
		roleArn: jsii.String("roleArn"),

		// the properties below are optional
		allAwsRegions: jsii.Boolean(false),
		awsRegions: []*string{
			jsii.String("awsRegions"),
		},
	},
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
})

func NewCfnConfigurationAggregator 

func NewCfnConfigurationAggregator(scope awscdk.Construct, id *string, props *CfnConfigurationAggregatorProps) CfnConfigurationAggregator

Create a new `AWS::Config::ConfigurationAggregator`.

type CfnConfigurationAggregatorProps 

type CfnConfigurationAggregatorProps struct {
	// Provides a list of source accounts and regions to be aggregated.
	AccountAggregationSources interface{} `field:"optional" json:"accountAggregationSources" yaml:"accountAggregationSources"`
	// The name of the aggregator.
	ConfigurationAggregatorName *string `field:"optional" json:"configurationAggregatorName" yaml:"configurationAggregatorName"`
	// Provides an organization and list of regions to be aggregated.
	OrganizationAggregationSource interface{} `field:"optional" json:"organizationAggregationSource" yaml:"organizationAggregationSource"`
	// An array of tag object.
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnConfigurationAggregator`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationAggregatorProps := &cfnConfigurationAggregatorProps{
	accountAggregationSources: []interface{}{
		&accountAggregationSourceProperty{
			accountIds: []*string{
				jsii.String("accountIds"),
			},

			// the properties below are optional
			allAwsRegions: jsii.Boolean(false),
			awsRegions: []*string{
				jsii.String("awsRegions"),
			},
		},
	},
	configurationAggregatorName: jsii.String("configurationAggregatorName"),
	organizationAggregationSource: &organizationAggregationSourceProperty{
		roleArn: jsii.String("roleArn"),

		// the properties below are optional
		allAwsRegions: jsii.Boolean(false),
		awsRegions: []*string{
			jsii.String("awsRegions"),
		},
	},
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
}

type CfnConfigurationAggregator_AccountAggregationSourceProperty 

type CfnConfigurationAggregator_AccountAggregationSourceProperty struct {
	// The 12-digit account ID of the account being aggregated.
	AccountIds *[]*string `field:"required" json:"accountIds" yaml:"accountIds"`
	// If true, aggregate existing AWS Config regions and future regions.
	AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
	// The source regions being aggregated.
	AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}

A collection of accounts and regions.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountAggregationSourceProperty := &accountAggregationSourceProperty{
	accountIds: []*string{
		jsii.String("accountIds"),
	},

	// the properties below are optional
	allAwsRegions: jsii.Boolean(false),
	awsRegions: []*string{
		jsii.String("awsRegions"),
	},
}

type CfnConfigurationAggregator_OrganizationAggregationSourceProperty 

type CfnConfigurationAggregator_OrganizationAggregationSourceProperty struct {
	// ARN of the IAM role used to retrieve AWS Organizations details associated with the aggregator account.
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// If true, aggregate existing AWS Config regions and future regions.
	AllAwsRegions interface{} `field:"optional" json:"allAwsRegions" yaml:"allAwsRegions"`
	// The source regions being aggregated.
	AwsRegions *[]*string `field:"optional" json:"awsRegions" yaml:"awsRegions"`
}

This object contains regions to set up the aggregator and an IAM role to retrieve organization details.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationAggregationSourceProperty := &organizationAggregationSourceProperty{
	roleArn: jsii.String("roleArn"),

	// the properties below are optional
	allAwsRegions: jsii.Boolean(false),
	awsRegions: []*string{
		jsii.String("awsRegions"),
	},
}

type CfnConfigurationRecorder 

type CfnConfigurationRecorder interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// A name for the configuration recorder.
	//
	// If you don't specify a name, AWS CloudFormation CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// > After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.
	//
	// Updates are not supported.
	Name() *string
	SetName(val *string)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Indicates whether to record configurations for all supported resources or for a list of resource types.
	//
	// The resource types that you list must be supported by AWS Config .
	RecordingGroup() interface{}
	SetRecordingGroup(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The Amazon Resource Name (ARN) of the IAM (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources.
	//
	// For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.
	RoleArn() *string
	SetRoleArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::ConfigurationRecorder`.

The AWS::Config::ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

> To enable AWS Config , you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see [AWS::Config::DeliveryChannel](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html) .

AWS CloudFormation starts the recorder as soon as the delivery channel is available.

To stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the [StopConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html) action of the AWS Config API directly.

For more information, see [Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/config-concepts.html#config-recorder) in the AWS Config Developer Guide.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationRecorder := awscdk.Aws_config.NewCfnConfigurationRecorder(this, jsii.String("MyCfnConfigurationRecorder"), &cfnConfigurationRecorderProps{
	roleArn: jsii.String("roleArn"),

	// the properties below are optional
	name: jsii.String("name"),
	recordingGroup: &recordingGroupProperty{
		allSupported: jsii.Boolean(false),
		includeGlobalResourceTypes: jsii.Boolean(false),
		resourceTypes: []*string{
			jsii.String("resourceTypes"),
		},
	},
})

func NewCfnConfigurationRecorder 

func NewCfnConfigurationRecorder(scope awscdk.Construct, id *string, props *CfnConfigurationRecorderProps) CfnConfigurationRecorder

Create a new `AWS::Config::ConfigurationRecorder`.

type CfnConfigurationRecorderProps 

type CfnConfigurationRecorderProps struct {
	// The Amazon Resource Name (ARN) of the IAM (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources.
	//
	// For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// A name for the configuration recorder.
	//
	// If you don't specify a name, AWS CloudFormation CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// > After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.
	//
	// Updates are not supported.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Indicates whether to record configurations for all supported resources or for a list of resource types.
	//
	// The resource types that you list must be supported by AWS Config .
	RecordingGroup interface{} `field:"optional" json:"recordingGroup" yaml:"recordingGroup"`
}

Properties for defining a `CfnConfigurationRecorder`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConfigurationRecorderProps := &cfnConfigurationRecorderProps{
	roleArn: jsii.String("roleArn"),

	// the properties below are optional
	name: jsii.String("name"),
	recordingGroup: &recordingGroupProperty{
		allSupported: jsii.Boolean(false),
		includeGlobalResourceTypes: jsii.Boolean(false),
		resourceTypes: []*string{
			jsii.String("resourceTypes"),
		},
	},
}

type CfnConfigurationRecorder_RecordingGroupProperty 

type CfnConfigurationRecorder_RecordingGroupProperty struct {
	// Specifies whether AWS Config records configuration changes for every supported type of regional resource.
	//
	// If you set this option to `true` , when AWS Config adds support for a new type of regional resource, it starts recording resources of that type automatically.
	//
	// If you set this option to `true` , you cannot enumerate a list of `resourceTypes` .
	AllSupported interface{} `field:"optional" json:"allSupported" yaml:"allSupported"`
	// Specifies whether AWS Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.
	//
	// Before you can set this option to `true` , you must set the `AllSupported` option to `true` .
	//
	// If you set this option to `true` , when AWS Config adds support for a new type of global resource, it starts recording resources of that type automatically.
	//
	// The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources.
	IncludeGlobalResourceTypes interface{} `field:"optional" json:"includeGlobalResourceTypes" yaml:"includeGlobalResourceTypes"`
	// A comma-separated list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail` ).
	//
	// To record all configuration changes, you must set the `AllSupported` option to `false` .
	//
	// If you set this option to `true` , when AWS Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.
	//
	// For a list of valid `resourceTypes` values, see the *resourceType Value* column in [Supported AWS Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) .
	ResourceTypes *[]*string `field:"optional" json:"resourceTypes" yaml:"resourceTypes"`
}

Specifies the types of AWS resource for which AWS Config records configuration changes.

In the recording group, you specify whether all supported types or specific types of resources are recorded.

By default, AWS Config records configuration changes for all supported types of regional resources that AWS Config discovers in the region in which it is running. Regional resources are tied to a region and can be used only in that region. Examples of regional resources are EC2 instances and EBS volumes.

You can also have AWS Config record configuration changes for supported types of global resources (for example, IAM resources). Global resources are not tied to an individual region and can be used in all regions.

> The configuration details for any global resource are the same in all regions. If you customize AWS Config in multiple regions to record global resources, it will create multiple configuration items each time a global resource changes: one configuration item for each region. These configuration items will contain identical data. To prevent duplicate configuration items, you should consider customizing AWS Config in only one region to record global resources, unless you want the configuration items to be available in multiple regions.

If you don't want AWS Config to record all resources, you can specify which types of resources it will record with the `resourceTypes` parameter.

For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) .

For more information, see [Selecting Which Resources AWS Config Records](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recordingGroupProperty := &recordingGroupProperty{
	allSupported: jsii.Boolean(false),
	includeGlobalResourceTypes: jsii.Boolean(false),
	resourceTypes: []*string{
		jsii.String("resourceTypes"),
	},
}

type CfnConformancePack 

type CfnConformancePack interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// A list of ConformancePackInputParameter objects.
	ConformancePackInputParameters() interface{}
	SetConformancePackInputParameters(val interface{})
	// Name of the conformance pack you want to create.
	ConformancePackName() *string
	SetConformancePackName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	DeliveryS3Bucket() *string
	SetDeliveryS3Bucket(val *string)
	// The prefix for the Amazon S3 bucket.
	DeliveryS3KeyPrefix() *string
	SetDeliveryS3KeyPrefix(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	//
	// > You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).
	TemplateBody() *string
	SetTemplateBody(val *string)
	// Location of file containing the template body (s3://bucketname/prefix).
	//
	// The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.
	//
	// > You must have access to read Amazon S3 bucket.
	TemplateS3Uri() *string
	SetTemplateS3Uri(val *string)
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::ConformancePack`.

A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed in an account and a region. ConformancePack creates a service linked role in your account. The service linked role is created only when the role does not exist in your account.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConformancePack := awscdk.Aws_config.NewCfnConformancePack(this, jsii.String("MyCfnConformancePack"), &cfnConformancePackProps{
	conformancePackName: jsii.String("conformancePackName"),

	// the properties below are optional
	conformancePackInputParameters: []interface{}{
		&conformancePackInputParameterProperty{
			parameterName: jsii.String("parameterName"),
			parameterValue: jsii.String("parameterValue"),
		},
	},
	deliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	deliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	templateBody: jsii.String("templateBody"),
	templateS3Uri: jsii.String("templateS3Uri"),
})

func NewCfnConformancePack 

func NewCfnConformancePack(scope awscdk.Construct, id *string, props *CfnConformancePackProps) CfnConformancePack

Create a new `AWS::Config::ConformancePack`.

type CfnConformancePackProps 

type CfnConformancePackProps struct {
	// Name of the conformance pack you want to create.
	ConformancePackName *string `field:"required" json:"conformancePackName" yaml:"conformancePackName"`
	// A list of ConformancePackInputParameter objects.
	ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
	// The prefix for the Amazon S3 bucket.
	DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	//
	// > You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).
	TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
	// Location of file containing the template body (s3://bucketname/prefix).
	//
	// The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.
	//
	// > You must have access to read Amazon S3 bucket.
	TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
}

Properties for defining a `CfnConformancePack`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnConformancePackProps := &cfnConformancePackProps{
	conformancePackName: jsii.String("conformancePackName"),

	// the properties below are optional
	conformancePackInputParameters: []interface{}{
		&conformancePackInputParameterProperty{
			parameterName: jsii.String("parameterName"),
			parameterValue: jsii.String("parameterValue"),
		},
	},
	deliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	deliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	templateBody: jsii.String("templateBody"),
	templateS3Uri: jsii.String("templateS3Uri"),
}

type CfnConformancePack_ConformancePackInputParameterProperty 

type CfnConformancePack_ConformancePackInputParameterProperty struct {
	// One part of a key-value pair.
	ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
	// Another part of the key-value pair.
	ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}

Input parameters in the form of key-value pairs for the conformance pack, both of which you define.

Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

conformancePackInputParameterProperty := &conformancePackInputParameterProperty{
	parameterName: jsii.String("parameterName"),
	parameterValue: jsii.String("parameterValue"),
}

type CfnDeliveryChannel 

type CfnDeliveryChannel interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
	ConfigSnapshotDeliveryProperties() interface{}
	SetConfigSnapshotDeliveryProperties(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// A name for the delivery channel.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Updates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.
	Name() *string
	SetName(val *string)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
	//
	// If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the AWS Config Developer Guide.
	S3BucketName() *string
	SetS3BucketName(val *string)
	// The prefix for the specified Amazon S3 bucket.
	S3KeyPrefix() *string
	SetS3KeyPrefix(val *string)
	// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
	//
	// Must belong to the same Region as the destination S3 bucket.
	S3KmsKeyArn() *string
	SetS3KmsKeyArn(val *string)
	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
	//
	// If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the AWS Config Developer Guide.
	SnsTopicArn() *string
	SetSnsTopicArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::DeliveryChannel`.

Specifies a delivery channel object to deliver configuration information to an Amazon S3 bucket and Amazon SNS topic.

Before you can create a delivery channel, you must create a configuration recorder. You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3 bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

> In the China (Beijing) Region, when you call this action, the Amazon S3 bucket must also be in the China (Beijing) Region. In all the other regions, AWS Config supports cross-region and cross-account delivery channels.

You can have only one delivery channel per region per AWS account, and the delivery channel is required to use AWS Config .

> AWS Config does not support the delivery channel to an Amazon S3 bucket bucket where object lock is enabled. For more information, see [How S3 Object Lock works](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html) .

When you create the delivery channel, you can specify; how often AWS Config delivers configuration snapshots to your Amazon S3 bucket (for example, 24 hours), the S3 bucket to which AWS Config sends configuration snapshots and configuration history files, and the Amazon SNS topic to which AWS Config sends notifications about configuration changes, such as updated resources, AWS Config rule evaluations, and when AWS Config delivers the configuration snapshot to your S3 bucket. For more information, see [Deliver Configuration Items](https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html#delivery-channel) in the AWS Config Developer Guide.

> To enable AWS Config , you must create a configuration recorder and a delivery channel. If you want to create the resources separately, you must create a configuration recorder before you can create a delivery channel. AWS Config uses the configuration recorder to capture configuration changes to your resources. For more information, see [AWS::Config::ConfigurationRecorder](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html) .

For more information, see [Managing the Delivery Channel](https://docs.aws.amazon.com/config/latest/developerguide/manage-delivery-channel.html) in the AWS Config Developer Guide.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDeliveryChannel := awscdk.Aws_config.NewCfnDeliveryChannel(this, jsii.String("MyCfnDeliveryChannel"), &cfnDeliveryChannelProps{
	s3BucketName: jsii.String("s3BucketName"),

	// the properties below are optional
	configSnapshotDeliveryProperties: &configSnapshotDeliveryPropertiesProperty{
		deliveryFrequency: jsii.String("deliveryFrequency"),
	},
	name: jsii.String("name"),
	s3KeyPrefix: jsii.String("s3KeyPrefix"),
	s3KmsKeyArn: jsii.String("s3KmsKeyArn"),
	snsTopicArn: jsii.String("snsTopicArn"),
})

func NewCfnDeliveryChannel 

func NewCfnDeliveryChannel(scope awscdk.Construct, id *string, props *CfnDeliveryChannelProps) CfnDeliveryChannel

Create a new `AWS::Config::DeliveryChannel`.

type CfnDeliveryChannelProps 

type CfnDeliveryChannelProps struct {
	// The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files.
	//
	// If you specify a bucket that belongs to another AWS account , that bucket must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon S3 Bucket](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html) in the AWS Config Developer Guide.
	S3BucketName *string `field:"required" json:"s3BucketName" yaml:"s3BucketName"`
	// The options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket.
	ConfigSnapshotDeliveryProperties interface{} `field:"optional" json:"configSnapshotDeliveryProperties" yaml:"configSnapshotDeliveryProperties"`
	// A name for the delivery channel.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the delivery channel name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .
	//
	// Updates are not supported. To change the name, you must run two separate updates. In the first update, delete this resource, and then recreate it with a new name in the second update.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The prefix for the specified Amazon S3 bucket.
	S3KeyPrefix *string `field:"optional" json:"s3KeyPrefix" yaml:"s3KeyPrefix"`
	// The Amazon Resource Name (ARN) of the AWS Key Management Service ( AWS KMS ) AWS KMS key (KMS key) used to encrypt objects delivered by AWS Config .
	//
	// Must belong to the same Region as the destination S3 bucket.
	S3KmsKeyArn *string `field:"optional" json:"s3KmsKeyArn" yaml:"s3KmsKeyArn"`
	// The Amazon Resource Name (ARN) of the Amazon SNS topic to which AWS Config sends notifications about configuration changes.
	//
	// If you choose a topic from another account, the topic must have policies that grant access permissions to AWS Config . For more information, see [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html) in the AWS Config Developer Guide.
	SnsTopicArn *string `field:"optional" json:"snsTopicArn" yaml:"snsTopicArn"`
}

Properties for defining a `CfnDeliveryChannel`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDeliveryChannelProps := &cfnDeliveryChannelProps{
	s3BucketName: jsii.String("s3BucketName"),

	// the properties below are optional
	configSnapshotDeliveryProperties: &configSnapshotDeliveryPropertiesProperty{
		deliveryFrequency: jsii.String("deliveryFrequency"),
	},
	name: jsii.String("name"),
	s3KeyPrefix: jsii.String("s3KeyPrefix"),
	s3KmsKeyArn: jsii.String("s3KmsKeyArn"),
	snsTopicArn: jsii.String("snsTopicArn"),
}

type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty 

type CfnDeliveryChannel_ConfigSnapshotDeliveryPropertiesProperty struct {
	// The frequency with which AWS Config delivers configuration snapshots.
	DeliveryFrequency *string `field:"optional" json:"deliveryFrequency" yaml:"deliveryFrequency"`
}

Provides options for how often AWS Config delivers configuration snapshots to the Amazon S3 bucket in your delivery channel.

> If you want to create a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot, see the following:

The frequency for a rule that triggers evaluations for your resources when AWS Config delivers the configuration snapshot is set by one of two values, depending on which is less frequent:

- The value for the `deliveryFrequency` parameter within the delivery channel configuration, which sets how often AWS Config delivers configuration snapshots. This value also sets how often AWS Config invokes evaluations for AWS Config rules. - The value for the `MaximumExecutionFrequency` parameter, which sets the maximum frequency with which AWS Config invokes evaluations for the rule. For more information, see [ConfigRule](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRule.html) .

If the `deliveryFrequency` value is less frequent than the `MaximumExecutionFrequency` value for a rule, AWS Config invokes the rule only as often as the `deliveryFrequency` value.

- For example, you want your rule to run evaluations when AWS Config delivers the configuration snapshot. - You specify the `MaximumExecutionFrequency` value for `Six_Hours` . - You then specify the delivery channel `deliveryFrequency` value for `TwentyFour_Hours` . - Because the value for `deliveryFrequency` is less frequent than `MaximumExecutionFrequency` , AWS Config invokes evaluations for the rule every 24 hours.

You should set the `MaximumExecutionFrequency` value to be at least as frequent as the `deliveryFrequency` value. You can view the `deliveryFrequency` value by using the `DescribeDeliveryChannnels` action.

To update the `deliveryFrequency` with which AWS Config delivers your configuration snapshots, use the `PutDeliveryChannel` action.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

configSnapshotDeliveryPropertiesProperty := &configSnapshotDeliveryPropertiesProperty{
	deliveryFrequency: jsii.String("deliveryFrequency"),
}

type CfnOrganizationConfigRule 

type CfnOrganizationConfigRule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// A comma-separated list of accounts excluded from organization AWS Config rule.
	ExcludedAccounts() *[]*string
	SetExcludedAccounts(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// The name that you assign to organization AWS Config rule.
	OrganizationConfigRuleName() *string
	SetOrganizationConfigRuleName(val *string)
	// `AWS::Config::OrganizationConfigRule.OrganizationCustomCodeRuleMetadata`.
	OrganizationCustomCodeRuleMetadata() interface{}
	SetOrganizationCustomCodeRuleMetadata(val interface{})
	// An `OrganizationCustomRuleMetadata` object.
	OrganizationCustomRuleMetadata() interface{}
	SetOrganizationCustomRuleMetadata(val interface{})
	// An `OrganizationManagedRuleMetadata` object.
	OrganizationManagedRuleMetadata() interface{}
	SetOrganizationManagedRuleMetadata(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::OrganizationConfigRule`.

An organization config rule that has information about config rules that AWS Config creates in member accounts. Only a master account and a delegated administrator can create or update an organization config rule.

`OrganizationConfigRule` resource enables organization service access through `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account. AWS Config verifies the existence of role with `GetRole` action.

When creating custom organization config rules using a centralized Lambda function, you will need to allow Lambda permissions to sub-accounts and you will need to create an IAM role will to pass to the Lambda function. For more information, see [How to Centrally Manage AWS Config Rules across Multiple AWS Accounts](https://docs.aws.amazon.com/devops/how-to-centrally-manage-aws-config-rules-across-multiple-aws-accounts/) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConfigRule := awscdk.Aws_config.NewCfnOrganizationConfigRule(this, jsii.String("MyCfnOrganizationConfigRule"), &cfnOrganizationConfigRuleProps{
	organizationConfigRuleName: jsii.String("organizationConfigRuleName"),

	// the properties below are optional
	excludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	organizationCustomCodeRuleMetadata: &organizationCustomCodeRuleMetadataProperty{
		codeText: jsii.String("codeText"),
		runtime: jsii.String("runtime"),

		// the properties below are optional
		debugLogDeliveryAccounts: []*string{
			jsii.String("debugLogDeliveryAccounts"),
		},
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		organizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
	organizationCustomRuleMetadata: &organizationCustomRuleMetadataProperty{
		lambdaFunctionArn: jsii.String("lambdaFunctionArn"),
		organizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},

		// the properties below are optional
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
	organizationManagedRuleMetadata: &organizationManagedRuleMetadataProperty{
		ruleIdentifier: jsii.String("ruleIdentifier"),

		// the properties below are optional
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
})

func NewCfnOrganizationConfigRule 

func NewCfnOrganizationConfigRule(scope awscdk.Construct, id *string, props *CfnOrganizationConfigRuleProps) CfnOrganizationConfigRule

Create a new `AWS::Config::OrganizationConfigRule`.

type CfnOrganizationConfigRuleProps 

type CfnOrganizationConfigRuleProps struct {
	// The name that you assign to organization AWS Config rule.
	OrganizationConfigRuleName *string `field:"required" json:"organizationConfigRuleName" yaml:"organizationConfigRuleName"`
	// A comma-separated list of accounts excluded from organization AWS Config rule.
	ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
	// `AWS::Config::OrganizationConfigRule.OrganizationCustomCodeRuleMetadata`.
	OrganizationCustomCodeRuleMetadata interface{} `field:"optional" json:"organizationCustomCodeRuleMetadata" yaml:"organizationCustomCodeRuleMetadata"`
	// An `OrganizationCustomRuleMetadata` object.
	OrganizationCustomRuleMetadata interface{} `field:"optional" json:"organizationCustomRuleMetadata" yaml:"organizationCustomRuleMetadata"`
	// An `OrganizationManagedRuleMetadata` object.
	OrganizationManagedRuleMetadata interface{} `field:"optional" json:"organizationManagedRuleMetadata" yaml:"organizationManagedRuleMetadata"`
}

Properties for defining a `CfnOrganizationConfigRule`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConfigRuleProps := &cfnOrganizationConfigRuleProps{
	organizationConfigRuleName: jsii.String("organizationConfigRuleName"),

	// the properties below are optional
	excludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	organizationCustomCodeRuleMetadata: &organizationCustomCodeRuleMetadataProperty{
		codeText: jsii.String("codeText"),
		runtime: jsii.String("runtime"),

		// the properties below are optional
		debugLogDeliveryAccounts: []*string{
			jsii.String("debugLogDeliveryAccounts"),
		},
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		organizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
	organizationCustomRuleMetadata: &organizationCustomRuleMetadataProperty{
		lambdaFunctionArn: jsii.String("lambdaFunctionArn"),
		organizationConfigRuleTriggerTypes: []*string{
			jsii.String("organizationConfigRuleTriggerTypes"),
		},

		// the properties below are optional
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
	organizationManagedRuleMetadata: &organizationManagedRuleMetadataProperty{
		ruleIdentifier: jsii.String("ruleIdentifier"),

		// the properties below are optional
		description: jsii.String("description"),
		inputParameters: jsii.String("inputParameters"),
		maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
		resourceIdScope: jsii.String("resourceIdScope"),
		resourceTypesScope: []*string{
			jsii.String("resourceTypesScope"),
		},
		tagKeyScope: jsii.String("tagKeyScope"),
		tagValueScope: jsii.String("tagValueScope"),
	},
}

type CfnOrganizationConfigRule_OrganizationCustomCodeRuleMetadataProperty 

type CfnOrganizationConfigRule_OrganizationCustomCodeRuleMetadataProperty struct {
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.CodeText`.
	CodeText *string `field:"required" json:"codeText" yaml:"codeText"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.Runtime`.
	Runtime *string `field:"required" json:"runtime" yaml:"runtime"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.DebugLogDeliveryAccounts`.
	DebugLogDeliveryAccounts *[]*string `field:"optional" json:"debugLogDeliveryAccounts" yaml:"debugLogDeliveryAccounts"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.Description`.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.InputParameters`.
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.MaximumExecutionFrequency`.
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.OrganizationConfigRuleTriggerTypes`.
	OrganizationConfigRuleTriggerTypes *[]*string `field:"optional" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.ResourceIdScope`.
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.ResourceTypesScope`.
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.TagKeyScope`.
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// `CfnOrganizationConfigRule.OrganizationCustomCodeRuleMetadataProperty.TagValueScope`.
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationCustomCodeRuleMetadataProperty := &organizationCustomCodeRuleMetadataProperty{
	codeText: jsii.String("codeText"),
	runtime: jsii.String("runtime"),

	// the properties below are optional
	debugLogDeliveryAccounts: []*string{
		jsii.String("debugLogDeliveryAccounts"),
	},
	description: jsii.String("description"),
	inputParameters: jsii.String("inputParameters"),
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	organizationConfigRuleTriggerTypes: []*string{
		jsii.String("organizationConfigRuleTriggerTypes"),
	},
	resourceIdScope: jsii.String("resourceIdScope"),
	resourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	tagKeyScope: jsii.String("tagKeyScope"),
	tagValueScope: jsii.String("tagValueScope"),
}

type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty 

type CfnOrganizationConfigRule_OrganizationCustomRuleMetadataProperty struct {
	// The lambda function ARN.
	LambdaFunctionArn *string `field:"required" json:"lambdaFunctionArn" yaml:"lambdaFunctionArn"`
	// The type of notification that triggers AWS Config to run an evaluation for a rule.
	//
	// You can specify the following notification types:
	//
	// - `ConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
	// - `OversizedConfigurationItemChangeNotification` - Triggers an evaluation when AWS Config delivers an oversized configuration item. AWS Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.
	// - `ScheduledNotification` - Triggers a periodic evaluation at the frequency specified for `MaximumExecutionFrequency` .
	OrganizationConfigRuleTriggerTypes *[]*string `field:"required" json:"organizationConfigRuleTriggerTypes" yaml:"organizationConfigRuleTriggerTypes"`
	// The description that you provide for your organization AWS Config rule.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// Your custom rule is triggered when AWS Config delivers the configuration snapshot. For more information, see `ConfigSnapshotDeliveryProperties` .
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// The ID of the AWS resource that was evaluated.
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// The type of the AWS resource that was evaluated.
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// One part of a key-value pair that make up a tag.
	//
	// A key is a general label that acts like a category for more specific tag values.
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// The optional part of a key-value pair that make up a tag.
	//
	// A value acts as a descriptor within a tag category (key).
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

An object that specifies organization custom rule metadata such as resource type, resource ID of AWS resource, Lambda function ARN, and organization trigger types that trigger AWS Config to evaluate your AWS resources against a rule.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationCustomRuleMetadataProperty := &organizationCustomRuleMetadataProperty{
	lambdaFunctionArn: jsii.String("lambdaFunctionArn"),
	organizationConfigRuleTriggerTypes: []*string{
		jsii.String("organizationConfigRuleTriggerTypes"),
	},

	// the properties below are optional
	description: jsii.String("description"),
	inputParameters: jsii.String("inputParameters"),
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	resourceIdScope: jsii.String("resourceIdScope"),
	resourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	tagKeyScope: jsii.String("tagKeyScope"),
	tagValueScope: jsii.String("tagValueScope"),
}

type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty 

type CfnOrganizationConfigRule_OrganizationManagedRuleMetadataProperty struct {
	// For organization config managed rules, a predefined identifier from a list.
	//
	// For example, `IAM_PASSWORD_POLICY` is a managed rule. To reference a managed rule, see [Using AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) .
	RuleIdentifier *string `field:"required" json:"ruleIdentifier" yaml:"ruleIdentifier"`
	// The description that you provide for your organization AWS Config rule.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// A string, in JSON format, that is passed to your organization AWS Config rule Lambda function.
	InputParameters *string `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency with which AWS Config runs evaluations for a rule.
	//
	// You are using an AWS Config managed rule that is triggered at a periodic frequency.
	//
	// > By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the `MaximumExecutionFrequency` parameter.
	MaximumExecutionFrequency *string `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// The ID of the AWS resource that was evaluated.
	ResourceIdScope *string `field:"optional" json:"resourceIdScope" yaml:"resourceIdScope"`
	// The type of the AWS resource that was evaluated.
	ResourceTypesScope *[]*string `field:"optional" json:"resourceTypesScope" yaml:"resourceTypesScope"`
	// One part of a key-value pair that make up a tag.
	//
	// A key is a general label that acts like a category for more specific tag values.
	TagKeyScope *string `field:"optional" json:"tagKeyScope" yaml:"tagKeyScope"`
	// The optional part of a key-value pair that make up a tag.
	//
	// A value acts as a descriptor within a tag category (key).
	TagValueScope *string `field:"optional" json:"tagValueScope" yaml:"tagValueScope"`
}

An object that specifies organization managed rule metadata such as resource type and ID of AWS resource along with the rule identifier.

It also provides the frequency with which you want AWS Config to run evaluations for the rule if the trigger type is periodic.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

organizationManagedRuleMetadataProperty := &organizationManagedRuleMetadataProperty{
	ruleIdentifier: jsii.String("ruleIdentifier"),

	// the properties below are optional
	description: jsii.String("description"),
	inputParameters: jsii.String("inputParameters"),
	maximumExecutionFrequency: jsii.String("maximumExecutionFrequency"),
	resourceIdScope: jsii.String("resourceIdScope"),
	resourceTypesScope: []*string{
		jsii.String("resourceTypesScope"),
	},
	tagKeyScope: jsii.String("tagKeyScope"),
	tagValueScope: jsii.String("tagValueScope"),
}

type CfnOrganizationConformancePack 

type CfnOrganizationConformancePack interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// A list of `ConformancePackInputParameter` objects.
	ConformancePackInputParameters() interface{}
	SetConformancePackInputParameters(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	//
	// > This field is optional.
	DeliveryS3Bucket() *string
	SetDeliveryS3Bucket(val *string)
	// Any folder structure you want to add to an Amazon S3 bucket.
	//
	// > This field is optional.
	DeliveryS3KeyPrefix() *string
	SetDeliveryS3KeyPrefix(val *string)
	// A comma-separated list of accounts excluded from organization conformance pack.
	ExcludedAccounts() *[]*string
	SetExcludedAccounts(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// The name you assign to an organization conformance pack.
	OrganizationConformancePackName() *string
	SetOrganizationConformancePackName(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	TemplateBody() *string
	SetTemplateBody(val *string)
	// Location of file containing the template body.
	//
	// The uri must point to the conformance pack template (max size: 300 KB).
	TemplateS3Uri() *string
	SetTemplateS3Uri(val *string)
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::OrganizationConformancePack`.

OrganizationConformancePack deploys conformance packs across member accounts in an AWS Organizations . OrganizationConformancePack enables organization service access for `config-multiaccountsetup.amazonaws.com` through the `EnableAWSServiceAccess` action and creates a service linked role in the master account of your organization. The service linked role is created only when the role does not exist in the master account.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConformancePack := awscdk.Aws_config.NewCfnOrganizationConformancePack(this, jsii.String("MyCfnOrganizationConformancePack"), &cfnOrganizationConformancePackProps{
	organizationConformancePackName: jsii.String("organizationConformancePackName"),

	// the properties below are optional
	conformancePackInputParameters: []interface{}{
		&conformancePackInputParameterProperty{
			parameterName: jsii.String("parameterName"),
			parameterValue: jsii.String("parameterValue"),
		},
	},
	deliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	deliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	excludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	templateBody: jsii.String("templateBody"),
	templateS3Uri: jsii.String("templateS3Uri"),
})

func NewCfnOrganizationConformancePack 

func NewCfnOrganizationConformancePack(scope awscdk.Construct, id *string, props *CfnOrganizationConformancePackProps) CfnOrganizationConformancePack

Create a new `AWS::Config::OrganizationConformancePack`.

type CfnOrganizationConformancePackProps 

type CfnOrganizationConformancePackProps struct {
	// The name you assign to an organization conformance pack.
	OrganizationConformancePackName *string `field:"required" json:"organizationConformancePackName" yaml:"organizationConformancePackName"`
	// A list of `ConformancePackInputParameter` objects.
	ConformancePackInputParameters interface{} `field:"optional" json:"conformancePackInputParameters" yaml:"conformancePackInputParameters"`
	// The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.
	//
	// > This field is optional.
	DeliveryS3Bucket *string `field:"optional" json:"deliveryS3Bucket" yaml:"deliveryS3Bucket"`
	// Any folder structure you want to add to an Amazon S3 bucket.
	//
	// > This field is optional.
	DeliveryS3KeyPrefix *string `field:"optional" json:"deliveryS3KeyPrefix" yaml:"deliveryS3KeyPrefix"`
	// A comma-separated list of accounts excluded from organization conformance pack.
	ExcludedAccounts *[]*string `field:"optional" json:"excludedAccounts" yaml:"excludedAccounts"`
	// A string containing full conformance pack template body.
	//
	// Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.
	TemplateBody *string `field:"optional" json:"templateBody" yaml:"templateBody"`
	// Location of file containing the template body.
	//
	// The uri must point to the conformance pack template (max size: 300 KB).
	TemplateS3Uri *string `field:"optional" json:"templateS3Uri" yaml:"templateS3Uri"`
}

Properties for defining a `CfnOrganizationConformancePack`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnOrganizationConformancePackProps := &cfnOrganizationConformancePackProps{
	organizationConformancePackName: jsii.String("organizationConformancePackName"),

	// the properties below are optional
	conformancePackInputParameters: []interface{}{
		&conformancePackInputParameterProperty{
			parameterName: jsii.String("parameterName"),
			parameterValue: jsii.String("parameterValue"),
		},
	},
	deliveryS3Bucket: jsii.String("deliveryS3Bucket"),
	deliveryS3KeyPrefix: jsii.String("deliveryS3KeyPrefix"),
	excludedAccounts: []*string{
		jsii.String("excludedAccounts"),
	},
	templateBody: jsii.String("templateBody"),
	templateS3Uri: jsii.String("templateS3Uri"),
}

type CfnOrganizationConformancePack_ConformancePackInputParameterProperty 

type CfnOrganizationConformancePack_ConformancePackInputParameterProperty struct {
	// One part of a key-value pair.
	ParameterName *string `field:"required" json:"parameterName" yaml:"parameterName"`
	// One part of a key-value pair.
	ParameterValue *string `field:"required" json:"parameterValue" yaml:"parameterValue"`
}

Input parameters in the form of key-value pairs for the conformance pack, both of which you define.

Keys can have a maximum character length of 255 characters, and values can have a maximum length of 4096 characters.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

conformancePackInputParameterProperty := &conformancePackInputParameterProperty{
	parameterName: jsii.String("parameterName"),
	parameterValue: jsii.String("parameterValue"),
}

type CfnRemediationConfiguration 

type CfnRemediationConfiguration interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The remediation is triggered automatically.
	Automatic() interface{}
	SetAutomatic(val interface{})
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// The name of the AWS Config rule.
	ConfigRuleName() *string
	SetConfigRuleName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// An ExecutionControls object.
	ExecutionControls() interface{}
	SetExecutionControls(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
	//
	// For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
	MaximumAutomaticAttempts() *float64
	SetMaximumAutomaticAttempts(val *float64)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// An object of the RemediationParameterValue.
	//
	// > The type is a map of strings to RemediationParameterValue.
	Parameters() interface{}
	SetParameters(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The type of a resource.
	ResourceType() *string
	SetResourceType(val *string)
	// Maximum time in seconds that AWS Config runs auto-remediation.
	//
	// If you do not select a number, the default is 60 seconds.
	//
	// For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
	RetryAttemptSeconds() *float64
	SetRetryAttemptSeconds(val *float64)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// Target ID is the name of the public document.
	TargetId() *string
	SetTargetId(val *string)
	// The type of the target.
	//
	// Target executes remediation. For example, SSM document.
	TargetType() *string
	SetTargetType(val *string)
	// Version of the target. For example, version of the SSM document.
	//
	// > If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
	TargetVersion() *string
	SetTargetVersion(val *string)
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::RemediationConfiguration`.

An object that represents the details about the remediation configuration that includes the remediation action, parameters, and data to execute the action.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var parameters interface{}

cfnRemediationConfiguration := awscdk.Aws_config.NewCfnRemediationConfiguration(this, jsii.String("MyCfnRemediationConfiguration"), &cfnRemediationConfigurationProps{
	configRuleName: jsii.String("configRuleName"),
	targetId: jsii.String("targetId"),
	targetType: jsii.String("targetType"),

	// the properties below are optional
	automatic: jsii.Boolean(false),
	executionControls: &executionControlsProperty{
		ssmControls: &ssmControlsProperty{
			concurrentExecutionRatePercentage: jsii.Number(123),
			errorPercentage: jsii.Number(123),
		},
	},
	maximumAutomaticAttempts: jsii.Number(123),
	parameters: parameters,
	resourceType: jsii.String("resourceType"),
	retryAttemptSeconds: jsii.Number(123),
	targetVersion: jsii.String("targetVersion"),
})

func NewCfnRemediationConfiguration 

func NewCfnRemediationConfiguration(scope awscdk.Construct, id *string, props *CfnRemediationConfigurationProps) CfnRemediationConfiguration

Create a new `AWS::Config::RemediationConfiguration`.

type CfnRemediationConfigurationProps 

type CfnRemediationConfigurationProps struct {
	// The name of the AWS Config rule.
	ConfigRuleName *string `field:"required" json:"configRuleName" yaml:"configRuleName"`
	// Target ID is the name of the public document.
	TargetId *string `field:"required" json:"targetId" yaml:"targetId"`
	// The type of the target.
	//
	// Target executes remediation. For example, SSM document.
	TargetType *string `field:"required" json:"targetType" yaml:"targetType"`
	// The remediation is triggered automatically.
	Automatic interface{} `field:"optional" json:"automatic" yaml:"automatic"`
	// An ExecutionControls object.
	ExecutionControls interface{} `field:"optional" json:"executionControls" yaml:"executionControls"`
	// The maximum number of failed attempts for auto-remediation. If you do not select a number, the default is 5.
	//
	// For example, if you specify MaximumAutomaticAttempts as 5 with RetryAttemptSeconds as 50 seconds, AWS Config will put a RemediationException on your behalf for the failing resource after the 5th failed attempt within 50 seconds.
	MaximumAutomaticAttempts *float64 `field:"optional" json:"maximumAutomaticAttempts" yaml:"maximumAutomaticAttempts"`
	// An object of the RemediationParameterValue.
	//
	// > The type is a map of strings to RemediationParameterValue.
	Parameters interface{} `field:"optional" json:"parameters" yaml:"parameters"`
	// The type of a resource.
	ResourceType *string `field:"optional" json:"resourceType" yaml:"resourceType"`
	// Maximum time in seconds that AWS Config runs auto-remediation.
	//
	// If you do not select a number, the default is 60 seconds.
	//
	// For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, AWS Config will run auto-remediations 5 times within 50 seconds before throwing an exception.
	RetryAttemptSeconds *float64 `field:"optional" json:"retryAttemptSeconds" yaml:"retryAttemptSeconds"`
	// Version of the target. For example, version of the SSM document.
	//
	// > If you make backward incompatible changes to the SSM document, you must call PutRemediationConfiguration API again to ensure the remediations can run.
	TargetVersion *string `field:"optional" json:"targetVersion" yaml:"targetVersion"`
}

Properties for defining a `CfnRemediationConfiguration`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var parameters interface{}

cfnRemediationConfigurationProps := &cfnRemediationConfigurationProps{
	configRuleName: jsii.String("configRuleName"),
	targetId: jsii.String("targetId"),
	targetType: jsii.String("targetType"),

	// the properties below are optional
	automatic: jsii.Boolean(false),
	executionControls: &executionControlsProperty{
		ssmControls: &ssmControlsProperty{
			concurrentExecutionRatePercentage: jsii.Number(123),
			errorPercentage: jsii.Number(123),
		},
	},
	maximumAutomaticAttempts: jsii.Number(123),
	parameters: parameters,
	resourceType: jsii.String("resourceType"),
	retryAttemptSeconds: jsii.Number(123),
	targetVersion: jsii.String("targetVersion"),
}

type CfnRemediationConfiguration_ExecutionControlsProperty 

type CfnRemediationConfiguration_ExecutionControlsProperty struct {
	// A SsmControls object.
	SsmControls interface{} `field:"optional" json:"ssmControls" yaml:"ssmControls"`
}

An ExecutionControls object.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

executionControlsProperty := &executionControlsProperty{
	ssmControls: &ssmControlsProperty{
		concurrentExecutionRatePercentage: jsii.Number(123),
		errorPercentage: jsii.Number(123),
	},
}

type CfnRemediationConfiguration_RemediationParameterValueProperty 

type CfnRemediationConfiguration_RemediationParameterValueProperty struct {
	// The value is dynamic and changes at run-time.
	ResourceValue interface{} `field:"optional" json:"resourceValue" yaml:"resourceValue"`
	// The value is static and does not change at run-time.
	StaticValue interface{} `field:"optional" json:"staticValue" yaml:"staticValue"`
}

The value is either a dynamic (resource) value or a static value.

You must select either a dynamic value or a static value.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

remediationParameterValueProperty := &remediationParameterValueProperty{
	resourceValue: &resourceValueProperty{
		value: jsii.String("value"),
	},
	staticValue: &staticValueProperty{
		values: []*string{
			jsii.String("values"),
		},
	},
}

type CfnRemediationConfiguration_ResourceValueProperty 

type CfnRemediationConfiguration_ResourceValueProperty struct {
	// The value is a resource ID.
	Value *string `field:"optional" json:"value" yaml:"value"`
}

The dynamic value of the resource.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

resourceValueProperty := &resourceValueProperty{
	value: jsii.String("value"),
}

type CfnRemediationConfiguration_SsmControlsProperty 

type CfnRemediationConfiguration_SsmControlsProperty struct {
	// The maximum percentage of remediation actions allowed to run in parallel on the non-compliant resources for that specific rule.
	//
	// You can specify a percentage, such as 10%. The default value is 10.
	ConcurrentExecutionRatePercentage *float64 `field:"optional" json:"concurrentExecutionRatePercentage" yaml:"concurrentExecutionRatePercentage"`
	// The percentage of errors that are allowed before SSM stops running automations on non-compliant resources for that specific rule.
	//
	// You can specify a percentage of errors, for example 10%. If you do not specifiy a percentage, the default is 50%. For example, if you set the ErrorPercentage to 40% for 10 non-compliant resources, then SSM stops running the automations when the fifth error is received.
	ErrorPercentage *float64 `field:"optional" json:"errorPercentage" yaml:"errorPercentage"`
}

AWS Systems Manager (SSM) specific remediation controls.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ssmControlsProperty := &ssmControlsProperty{
	concurrentExecutionRatePercentage: jsii.Number(123),
	errorPercentage: jsii.Number(123),
}

type CfnRemediationConfiguration_StaticValueProperty 

type CfnRemediationConfiguration_StaticValueProperty struct {
	// A list of values.
	//
	// For example, the ARN of the assumed role.
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

The static value of the resource.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

staticValueProperty := &staticValueProperty{
	values: []*string{
		jsii.String("values"),
	},
}

type CfnStoredQuery 

type CfnStoredQuery interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Amazon Resource Name (ARN) of the query.
	//
	// For example, arn:partition:service:region:account-id:resource-type/resource-name/resource-id.
	AttrQueryArn() *string
	// The ID of the query.
	AttrQueryId() *string
	// Options for this resource, such as condition, update policy etc.
	// Experimental.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	// Experimental.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	// Experimental.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	// Experimental.
	LogicalId() *string
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// A unique description for the query.
	QueryDescription() *string
	SetQueryDescription(val *string)
	// The expression of the query.
	//
	// For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`
	QueryExpression() *string
	SetQueryExpression(val *string)
	// The name of the query.
	QueryName() *string
	SetQueryName(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	// Experimental.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	// Experimental.
	Stack() awscdk.Stack
	// An array of key-value pairs to apply to this resource.
	Tags() awscdk.TagManager
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	// Experimental.
	UpdatedProperites() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	// Experimental.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	// Experimental.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//    "GlobalSecondaryIndexes": [
	//      {
	//        "Projection": {
	//          "NonKeyAttributes": [ "myattribute" ]
	//          ...
	//        }
	//        ...
	//      },
	//      {
	//        "ProjectionType": "INCLUDE"
	//        ...
	//      },
	//    ]
	//    ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	// Experimental.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	// Experimental.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	// Experimental.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	// Experimental.
	GetAtt(attributeName *string) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	// Experimental.
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Overrides the auto-generated logical ID with a specific ID.
	// Experimental.
	OverrideLogicalId(newLogicalId *string)
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	// Experimental.
	ShouldSynthesize() *bool
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
	// Experimental.
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::Config::StoredQuery`.

Provides the details of a stored query.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStoredQuery := awscdk.Aws_config.NewCfnStoredQuery(this, jsii.String("MyCfnStoredQuery"), &cfnStoredQueryProps{
	queryExpression: jsii.String("queryExpression"),
	queryName: jsii.String("queryName"),

	// the properties below are optional
	queryDescription: jsii.String("queryDescription"),
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
})

func NewCfnStoredQuery 

func NewCfnStoredQuery(scope awscdk.Construct, id *string, props *CfnStoredQueryProps) CfnStoredQuery

Create a new `AWS::Config::StoredQuery`.

type CfnStoredQueryProps 

type CfnStoredQueryProps struct {
	// The expression of the query.
	//
	// For example, `SELECT resourceId, resourceType, supplementaryConfiguration.BucketVersioningConfiguration.status WHERE resourceType = 'AWS::S3::Bucket' AND supplementaryConfiguration.BucketVersioningConfiguration.status = 'Off'.`
	QueryExpression *string `field:"required" json:"queryExpression" yaml:"queryExpression"`
	// The name of the query.
	QueryName *string `field:"required" json:"queryName" yaml:"queryName"`
	// A unique description for the query.
	QueryDescription *string `field:"optional" json:"queryDescription" yaml:"queryDescription"`
	// An array of key-value pairs to apply to this resource.
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnStoredQuery`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnStoredQueryProps := &cfnStoredQueryProps{
	queryExpression: jsii.String("queryExpression"),
	queryName: jsii.String("queryName"),

	// the properties below are optional
	queryDescription: jsii.String("queryDescription"),
	tags: []cfnTag{
		&cfnTag{
			key: jsii.String("key"),
			value: jsii.String("value"),
		},
	},
}

type CloudFormationStackDriftDetectionCheck 

type CloudFormationStackDriftDetectionCheck interface {
	ManagedRule
	// The arn of the rule.
	// Experimental.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	// Experimental.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	// Experimental.
	ConfigRuleId() *string
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// Experimental.
	IsCustomWithChanges() *bool
	// Experimental.
	SetIsCustomWithChanges(val *bool)
	// Experimental.
	IsManaged() *bool
	// Experimental.
	SetIsManaged(val *bool)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Experimental.
	RuleScope() RuleScope
	// Experimental.
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
}

Checks whether your CloudFormation stacks' actual configuration differs, or has drifted, from its expected configuration.

Example: 

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

rule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))
rule.onComplianceChange(jsii.String("TopicEvent"), &onEventOptions{
	target: targets.NewSnsTopic(complianceTopic),
})

See: https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html

Experimental.

func NewCloudFormationStackDriftDetectionCheck 

func NewCloudFormationStackDriftDetectionCheck(scope constructs.Construct, id *string, props *CloudFormationStackDriftDetectionCheckProps) CloudFormationStackDriftDetectionCheck

Experimental.

type CloudFormationStackDriftDetectionCheckProps 

type CloudFormationStackDriftDetectionCheckProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// Whether to check only the stack where this rule is deployed.
	// Experimental.
	OwnStackOnly *bool `field:"optional" json:"ownStackOnly" yaml:"ownStackOnly"`
	// The IAM role to use for this rule.
	//
	// It must have permissions to detect drift
	// for AWS CloudFormation stacks. Ensure to attach `config.amazonaws.com` trusted
	// permissions and `ReadOnlyAccess` policy permissions. For specific policy permissions,
	// refer to https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html.
	// Experimental.
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
}

Construction properties for a CloudFormationStackDriftDetectionCheck.

Example: 

// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
// compliant if stack's status is 'IN_SYNC'
// non-compliant if the stack's drift status is 'DRIFTED'
config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"), &cloudFormationStackDriftDetectionCheckProps{
	ownStackOnly: jsii.Boolean(true),
})

Experimental.

type CloudFormationStackNotificationCheck 

type CloudFormationStackNotificationCheck interface {
	ManagedRule
	// The arn of the rule.
	// Experimental.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	// Experimental.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	// Experimental.
	ConfigRuleId() *string
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// Experimental.
	IsCustomWithChanges() *bool
	// Experimental.
	SetIsCustomWithChanges(val *bool)
	// Experimental.
	IsManaged() *bool
	// Experimental.
	SetIsManaged(val *bool)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Experimental.
	RuleScope() RuleScope
	// Experimental.
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
}

Checks whether your CloudFormation stacks are sending event notifications to a SNS topic.

Optionally checks whether specified SNS topics are used.

Example: 

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &cloudFormationStackNotificationCheckProps{
	topics: []iTopic{
		topic1,
		topic2,
	},
})

See: https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html

Experimental.

func NewCloudFormationStackNotificationCheck 

func NewCloudFormationStackNotificationCheck(scope constructs.Construct, id *string, props *CloudFormationStackNotificationCheckProps) CloudFormationStackNotificationCheck

Experimental.

type CloudFormationStackNotificationCheckProps 

type CloudFormationStackNotificationCheckProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// A list of allowed topics.
	//
	// At most 5 topics.
	// Experimental.
	Topics *[]awssns.ITopic `field:"optional" json:"topics" yaml:"topics"`
}

Construction properties for a CloudFormationStackNotificationCheck.

Example: 

// topics to which CloudFormation stacks may send event notifications
topic1 := sns.NewTopic(this, jsii.String("AllowedTopic1"))
topic2 := sns.NewTopic(this, jsii.String("AllowedTopic2"))

// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
// non-compliant if CloudFormation stack does not send notifications to 'topic1' or 'topic2'
config.NewCloudFormationStackNotificationCheck(this, jsii.String("NotificationCheck"), &cloudFormationStackNotificationCheckProps{
	topics: []iTopic{
		topic1,
		topic2,
	},
})

Experimental.

type CustomRule 

type CustomRule interface {
	awscdk.Resource
	IRule
	// The arn of the rule.
	// Experimental.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	// Experimental.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	// Experimental.
	ConfigRuleId() *string
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// Experimental.
	IsCustomWithChanges() *bool
	// Experimental.
	SetIsCustomWithChanges(val *bool)
	// Experimental.
	IsManaged() *bool
	// Experimental.
	SetIsManaged(val *bool)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Experimental.
	RuleScope() RuleScope
	// Experimental.
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
}

A new custom rule.

Example: 

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &functionProps{
	code: lambda.assetCode.fromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	handler: jsii.String("index.handler"),
	runtime: lambda.runtime_NODEJS_12_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &customRuleProps{
	configurationChanges: jsii.Boolean(true),
	lambdaFunction: evalComplianceFn,
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_INSTANCE()),
})

// A rule to detect stack drifts
driftRule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

// Send notification on compliance change events
driftRule.onComplianceChange(jsii.String("ComplianceChange"), &onEventOptions{
	target: targets.NewSnsTopic(complianceTopic),
})

Experimental.

func NewCustomRule 

func NewCustomRule(scope constructs.Construct, id *string, props *CustomRuleProps) CustomRule

Experimental.

type CustomRuleProps 

type CustomRuleProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The Lambda function to run.
	// Experimental.
	LambdaFunction awslambda.IFunction `field:"required" json:"lambdaFunction" yaml:"lambdaFunction"`
	// Whether to run the rule on configuration changes.
	// Experimental.
	ConfigurationChanges *bool `field:"optional" json:"configurationChanges" yaml:"configurationChanges"`
	// Whether to run the rule on a fixed frequency.
	// Experimental.
	Periodic *bool `field:"optional" json:"periodic" yaml:"periodic"`
}

Construction properties for a CustomRule.

Example: 

// Lambda function containing logic that evaluates compliance with the rule.
evalComplianceFn := lambda.NewFunction(this, jsii.String("CustomFunction"), &functionProps{
	code: lambda.assetCode.fromInline(jsii.String("exports.handler = (event) => console.log(event);")),
	handler: jsii.String("index.handler"),
	runtime: lambda.runtime_NODEJS_12_X(),
})

// A custom rule that runs on configuration changes of EC2 instances
customRule := config.NewCustomRule(this, jsii.String("Custom"), &customRuleProps{
	configurationChanges: jsii.Boolean(true),
	lambdaFunction: evalComplianceFn,
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_INSTANCE()),
})

// A rule to detect stack drifts
driftRule := config.NewCloudFormationStackDriftDetectionCheck(this, jsii.String("Drift"))

// Topic to which compliance notification events will be published
complianceTopic := sns.NewTopic(this, jsii.String("ComplianceTopic"))

// Send notification on compliance change events
driftRule.onComplianceChange(jsii.String("ComplianceChange"), &onEventOptions{
	target: targets.NewSnsTopic(complianceTopic),
})

Experimental.

type IRule 

type IRule interface {
	awscdk.IResource
	// Defines a EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines a EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
}

Interface representing an AWS Config rule. Experimental.

func AccessKeysRotated_FromConfigRuleName 

func AccessKeysRotated_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule. Experimental.

func CloudFormationStackDriftDetectionCheck_FromConfigRuleName 

func CloudFormationStackDriftDetectionCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule. Experimental.

func CloudFormationStackNotificationCheck_FromConfigRuleName 

func CloudFormationStackNotificationCheck_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule. Experimental.

func CustomRule_FromConfigRuleName 

func CustomRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule. Experimental.

func ManagedRule_FromConfigRuleName 

func ManagedRule_FromConfigRuleName(scope constructs.Construct, id *string, configRuleName *string) IRule

Imports an existing rule. Experimental.

type ManagedRule 

type ManagedRule interface {
	awscdk.Resource
	IRule
	// The arn of the rule.
	// Experimental.
	ConfigRuleArn() *string
	// The compliance status of the rule.
	// Experimental.
	ConfigRuleComplianceType() *string
	// The id of the rule.
	// Experimental.
	ConfigRuleId() *string
	// The name of the rule.
	// Experimental.
	ConfigRuleName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// Experimental.
	IsCustomWithChanges() *bool
	// Experimental.
	SetIsCustomWithChanges(val *bool)
	// Experimental.
	IsManaged() *bool
	// Experimental.
	SetIsManaged(val *bool)
	// The construct tree node associated with this construct.
	// Experimental.
	Node() awscdk.ConstructNode
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Experimental.
	RuleScope() RuleScope
	// Experimental.
	SetRuleScope(val RuleScope)
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Defines an EventBridge event rule which triggers for rule compliance events.
	// Experimental.
	OnComplianceChange(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Defines an EventBridge event rule which triggers for rule events.
	//
	// Use
	// `rule.addEventPattern(pattern)` to specify a filter.
	// Experimental.
	OnEvent(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	OnPrepare()
	// Defines an EventBridge event rule which triggers for rule re-evaluation status events.
	// Experimental.
	OnReEvaluationStatus(id *string, options *awsevents.OnEventOptions) awsevents.Rule
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	OnSynthesize(session constructs.ISynthesisSession)
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	OnValidate() *[]*string
	// Perform final modifications before synthesis.
	//
	// This method can be implemented by derived constructs in order to perform
	// final changes before synthesis. prepare() will be called after child
	// constructs have been prepared.
	//
	// This is an advanced framework feature. Only use this if you
	// understand the implications.
	// Experimental.
	Prepare()
	// Allows this construct to emit artifacts into the cloud assembly during synthesis.
	//
	// This method is usually implemented by framework-level constructs such as `Stack` and `Asset`
	// as they participate in synthesizing the cloud assembly.
	// Experimental.
	Synthesize(session awscdk.ISynthesisSession)
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
	// Validate the current construct.
	//
	// This method can be implemented by derived constructs in order to perform
	// validation logic. It is called on all constructs before synthesis.
	//
	// Returns: An array of validation error messages, or an empty array if the construct is valid.
	// Experimental.
	Validate() *[]*string
}

A new managed rule.

Example: 

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	inputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_TWELVE_HOURS,
})

Experimental.

func NewManagedRule 

func NewManagedRule(scope constructs.Construct, id *string, props *ManagedRuleProps) ManagedRule

Experimental.

type ManagedRuleIdentifiers 

type ManagedRuleIdentifiers interface {
}

Managed rules that are supported by AWS Config.

Example: 

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	inputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_TWELVE_HOURS,
})

See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html

Experimental.

type ManagedRuleProps 

type ManagedRuleProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
	// The identifier of the AWS managed rule.
	// See: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
	//
	// Experimental.
	Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
}

Construction properties for a ManagedRule.

Example: 

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	inputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_TWELVE_HOURS,
})

Experimental.

type MaximumExecutionFrequency 

type MaximumExecutionFrequency string

The maximum frequency at which the AWS Config rule runs evaluations.

Example: 

// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
// https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
config.NewManagedRule(this, jsii.String("AccessKeysRotated"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_ACCESS_KEYS_ROTATED(),
	inputParameters: map[string]interface{}{
		"maxAccessKeyAge": jsii.Number(60),
	},

	// default is 24 hours
	maximumExecutionFrequency: config.maximumExecutionFrequency_TWELVE_HOURS,
})

Experimental. 

const (
	// 1 hour.
	// Experimental.
	MaximumExecutionFrequency_ONE_HOUR MaximumExecutionFrequency = "ONE_HOUR"
	// 3 hours.
	// Experimental.
	MaximumExecutionFrequency_THREE_HOURS MaximumExecutionFrequency = "THREE_HOURS"
	// 6 hours.
	// Experimental.
	MaximumExecutionFrequency_SIX_HOURS MaximumExecutionFrequency = "SIX_HOURS"
	// 12 hours.
	// Experimental.
	MaximumExecutionFrequency_TWELVE_HOURS MaximumExecutionFrequency = "TWELVE_HOURS"
	// 24 hours.
	// Experimental.
	MaximumExecutionFrequency_TWENTY_FOUR_HOURS MaximumExecutionFrequency = "TWENTY_FOUR_HOURS"
)

type ResourceType 

type ResourceType interface {
	// Valid value of resource type.
	// Experimental.
	ComplianceResourceType() *string
}

Resources types that are supported by AWS Config.

Example: 

var evalComplianceFn function
sshRule := config.NewManagedRule(this, jsii.String("SSH"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED(),
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_SECURITY_GROUP(), jsii.String("sg-1234567890abcdefgh")),
})
customRule := config.NewCustomRule(this, jsii.String("Lambda"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromResources([]*resourceType{
		config.*resourceType_CLOUDFORMATION_STACK(),
		config.*resourceType_S3_BUCKET(),
	}),
})

tagRule := config.NewCustomRule(this, jsii.String("CostCenterTagRule"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromTag(jsii.String("Cost Center"), jsii.String("MyApp")),
})

See: https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html

Experimental.

func ResourceType_ACM_CERTIFICATE 

func ResourceType_ACM_CERTIFICATE() ResourceType

func ResourceType_APIGATEWAYV2_API 

func ResourceType_APIGATEWAYV2_API() ResourceType

func ResourceType_APIGATEWAYV2_STAGE 

func ResourceType_APIGATEWAYV2_STAGE() ResourceType

func ResourceType_APIGATEWAY_REST_API 

func ResourceType_APIGATEWAY_REST_API() ResourceType

func ResourceType_APIGATEWAY_STAGE 

func ResourceType_APIGATEWAY_STAGE() ResourceType

func ResourceType_AUTO_SCALING_GROUP 

func ResourceType_AUTO_SCALING_GROUP() ResourceType

func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION 

func ResourceType_AUTO_SCALING_LAUNCH_CONFIGURATION() ResourceType

func ResourceType_AUTO_SCALING_POLICY 

func ResourceType_AUTO_SCALING_POLICY() ResourceType

func ResourceType_AUTO_SCALING_SCHEDULED_ACTION 

func ResourceType_AUTO_SCALING_SCHEDULED_ACTION() ResourceType

func ResourceType_CLOUDFORMATION_STACK 

func ResourceType_CLOUDFORMATION_STACK() ResourceType

func ResourceType_CLOUDFRONT_DISTRIBUTION 

func ResourceType_CLOUDFRONT_DISTRIBUTION() ResourceType

func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION 

func ResourceType_CLOUDFRONT_STREAMING_DISTRIBUTION() ResourceType

func ResourceType_CLOUDTRAIL_TRAIL 

func ResourceType_CLOUDTRAIL_TRAIL() ResourceType

func ResourceType_CLOUDWATCH_ALARM 

func ResourceType_CLOUDWATCH_ALARM() ResourceType

func ResourceType_CODEBUILD_PROJECT 

func ResourceType_CODEBUILD_PROJECT() ResourceType

func ResourceType_CODEPIPELINE_PIPELINE 

func ResourceType_CODEPIPELINE_PIPELINE() ResourceType

func ResourceType_DYNAMODB_TABLE 

func ResourceType_DYNAMODB_TABLE() ResourceType

func ResourceType_EBS_VOLUME 

func ResourceType_EBS_VOLUME() ResourceType

func ResourceType_EC2_CUSTOMER_GATEWAY 

func ResourceType_EC2_CUSTOMER_GATEWAY() ResourceType

func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY 

func ResourceType_EC2_EGRESS_ONLY_INTERNET_GATEWAY() ResourceType

func ResourceType_EC2_EIP 

func ResourceType_EC2_EIP() ResourceType

func ResourceType_EC2_FLOW_LOG 

func ResourceType_EC2_FLOW_LOG() ResourceType

func ResourceType_EC2_HOST 

func ResourceType_EC2_HOST() ResourceType

func ResourceType_EC2_INSTANCE 

func ResourceType_EC2_INSTANCE() ResourceType

func ResourceType_EC2_INTERNET_GATEWAY 

func ResourceType_EC2_INTERNET_GATEWAY() ResourceType

func ResourceType_EC2_NAT_GATEWAY 

func ResourceType_EC2_NAT_GATEWAY() ResourceType

func ResourceType_EC2_NETWORK_ACL 

func ResourceType_EC2_NETWORK_ACL() ResourceType

func ResourceType_EC2_ROUTE_TABLE 

func ResourceType_EC2_ROUTE_TABLE() ResourceType

func ResourceType_EC2_SECURITY_GROUP 

func ResourceType_EC2_SECURITY_GROUP() ResourceType

func ResourceType_EC2_SUBNET 

func ResourceType_EC2_SUBNET() ResourceType

func ResourceType_EC2_VPC 

func ResourceType_EC2_VPC() ResourceType

func ResourceType_EC2_VPC_ENDPOINT 

func ResourceType_EC2_VPC_ENDPOINT() ResourceType

func ResourceType_EC2_VPC_ENDPOINT_SERVICE 

func ResourceType_EC2_VPC_ENDPOINT_SERVICE() ResourceType

func ResourceType_EC2_VPC_PEERING_CONNECTION 

func ResourceType_EC2_VPC_PEERING_CONNECTION() ResourceType

func ResourceType_EC2_VPN_CONNECTION 

func ResourceType_EC2_VPN_CONNECTION() ResourceType

func ResourceType_EC2_VPN_GATEWAY 

func ResourceType_EC2_VPN_GATEWAY() ResourceType

func ResourceType_ELASTICSEARCH_DOMAIN 

func ResourceType_ELASTICSEARCH_DOMAIN() ResourceType

func ResourceType_ELASTIC_BEANSTALK_APPLICATION 

func ResourceType_ELASTIC_BEANSTALK_APPLICATION() ResourceType

func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION 

func ResourceType_ELASTIC_BEANSTALK_APPLICATION_VERSION() ResourceType

func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT 

func ResourceType_ELASTIC_BEANSTALK_ENVIRONMENT() ResourceType

func ResourceType_ELBV2_LOAD_BALANCER 

func ResourceType_ELBV2_LOAD_BALANCER() ResourceType

func ResourceType_ELB_LOAD_BALANCER 

func ResourceType_ELB_LOAD_BALANCER() ResourceType

func ResourceType_IAM_GROUP 

func ResourceType_IAM_GROUP() ResourceType

func ResourceType_IAM_POLICY 

func ResourceType_IAM_POLICY() ResourceType

func ResourceType_IAM_ROLE 

func ResourceType_IAM_ROLE() ResourceType

func ResourceType_IAM_USER 

func ResourceType_IAM_USER() ResourceType

func ResourceType_KMS_KEY 

func ResourceType_KMS_KEY() ResourceType

func ResourceType_LAMBDA_FUNCTION 

func ResourceType_LAMBDA_FUNCTION() ResourceType

func ResourceType_Of 

func ResourceType_Of(type_ *string) ResourceType

A custom resource type to support future cases. Experimental.

func ResourceType_QLDB_LEDGER 

func ResourceType_QLDB_LEDGER() ResourceType

func ResourceType_RDS_DB_CLUSTER 

func ResourceType_RDS_DB_CLUSTER() ResourceType

func ResourceType_RDS_DB_CLUSTER_SNAPSHOT 

func ResourceType_RDS_DB_CLUSTER_SNAPSHOT() ResourceType

func ResourceType_RDS_DB_INSTANCE 

func ResourceType_RDS_DB_INSTANCE() ResourceType

func ResourceType_RDS_DB_SECURITY_GROUP 

func ResourceType_RDS_DB_SECURITY_GROUP() ResourceType

func ResourceType_RDS_DB_SNAPSHOT 

func ResourceType_RDS_DB_SNAPSHOT() ResourceType

func ResourceType_RDS_DB_SUBNET_GROUP 

func ResourceType_RDS_DB_SUBNET_GROUP() ResourceType

func ResourceType_RDS_EVENT_SUBSCRIPTION 

func ResourceType_RDS_EVENT_SUBSCRIPTION() ResourceType

func ResourceType_REDSHIFT_CLUSTER 

func ResourceType_REDSHIFT_CLUSTER() ResourceType

func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP 

func ResourceType_REDSHIFT_CLUSTER_PARAMETER_GROUP() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP 

func ResourceType_REDSHIFT_CLUSTER_SECURITY_GROUP() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT 

func ResourceType_REDSHIFT_CLUSTER_SNAPSHOT() ResourceType

func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP 

func ResourceType_REDSHIFT_CLUSTER_SUBNET_GROUP() ResourceType

func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION 

func ResourceType_REDSHIFT_EVENT_SUBSCRIPTION() ResourceType

func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK 

func ResourceType_S3_ACCOUNT_PUBLIC_ACCESS_BLOCK() ResourceType

func ResourceType_S3_BUCKET 

func ResourceType_S3_BUCKET() ResourceType

func ResourceType_SECRETS_MANAGER_SECRET 

func ResourceType_SECRETS_MANAGER_SECRET() ResourceType

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT 

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PRODUCT() ResourceType

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT 

func ResourceType_SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT() ResourceType

func ResourceType_SERVICE_CATALOG_PORTFOLIO 

func ResourceType_SERVICE_CATALOG_PORTFOLIO() ResourceType

func ResourceType_SHIELD_PROTECTION 

func ResourceType_SHIELD_PROTECTION() ResourceType

func ResourceType_SHIELD_REGIONAL_PROTECTION 

func ResourceType_SHIELD_REGIONAL_PROTECTION() ResourceType

func ResourceType_SNS_TOPIC 

func ResourceType_SNS_TOPIC() ResourceType

func ResourceType_SQS_QUEUE 

func ResourceType_SQS_QUEUE() ResourceType

func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE 

func ResourceType_SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE() ResourceType

func ResourceType_SYSTEMS_MANAGER_FILE_DATA 

func ResourceType_SYSTEMS_MANAGER_FILE_DATA() ResourceType

func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY 

func ResourceType_SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY() ResourceType

func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE 

func ResourceType_SYSTEMS_MANAGER_PATCH_COMPLIANCE() ResourceType

func ResourceType_WAFV2_MANAGED_RULE_SET 

func ResourceType_WAFV2_MANAGED_RULE_SET() ResourceType

func ResourceType_WAFV2_RULE_GROUP 

func ResourceType_WAFV2_RULE_GROUP() ResourceType

func ResourceType_WAFV2_WEB_ACL 

func ResourceType_WAFV2_WEB_ACL() ResourceType

func ResourceType_WAF_RATE_BASED_RULE 

func ResourceType_WAF_RATE_BASED_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RATE_BASED_RULE 

func ResourceType_WAF_REGIONAL_RATE_BASED_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RULE 

func ResourceType_WAF_REGIONAL_RULE() ResourceType

func ResourceType_WAF_REGIONAL_RULE_GROUP 

func ResourceType_WAF_REGIONAL_RULE_GROUP() ResourceType

func ResourceType_WAF_REGIONAL_WEB_ACL 

func ResourceType_WAF_REGIONAL_WEB_ACL() ResourceType

func ResourceType_WAF_RULE 

func ResourceType_WAF_RULE() ResourceType

func ResourceType_WAF_RULE_GROUP 

func ResourceType_WAF_RULE_GROUP() ResourceType

func ResourceType_WAF_WEB_ACL 

func ResourceType_WAF_WEB_ACL() ResourceType

func ResourceType_XRAY_ENCRYPTION_CONFIGURATION 

func ResourceType_XRAY_ENCRYPTION_CONFIGURATION() ResourceType

type RuleProps 

type RuleProps struct {
	// A name for the AWS Config rule.
	// Experimental.
	ConfigRuleName *string `field:"optional" json:"configRuleName" yaml:"configRuleName"`
	// A description about this AWS Config rule.
	// Experimental.
	Description *string `field:"optional" json:"description" yaml:"description"`
	// Input parameter values that are passed to the AWS Config rule.
	// Experimental.
	InputParameters *map[string]interface{} `field:"optional" json:"inputParameters" yaml:"inputParameters"`
	// The maximum frequency at which the AWS Config rule runs evaluations.
	// Experimental.
	MaximumExecutionFrequency MaximumExecutionFrequency `field:"optional" json:"maximumExecutionFrequency" yaml:"maximumExecutionFrequency"`
	// Defines which resources trigger an evaluation for an AWS Config rule.
	// Experimental.
	RuleScope RuleScope `field:"optional" json:"ruleScope" yaml:"ruleScope"`
}

Construction properties for a new rule.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var inputParameters interface{}
var ruleScope ruleScope

ruleProps := &ruleProps{
	configRuleName: jsii.String("configRuleName"),
	description: jsii.String("description"),
	inputParameters: map[string]interface{}{
		"inputParametersKey": inputParameters,
	},
	maximumExecutionFrequency: awscdk.Aws_config.maximumExecutionFrequency_ONE_HOUR,
	ruleScope: ruleScope,
}

Experimental.

type RuleScope 

type RuleScope interface {
	// tag key applied to resources that will trigger evaluation of a rule.
	// Experimental.
	Key() *string
	// ID of the only AWS resource that will trigger evaluation of a rule.
	// Experimental.
	ResourceId() *string
	// Resource types that will trigger evaluation of a rule.
	// Experimental.
	ResourceTypes() *[]ResourceType
	// tag value applied to resources that will trigger evaluation of a rule.
	// Experimental.
	Value() *string
}

Determines which resources trigger an evaluation of an AWS Config rule.

Example: 

var evalComplianceFn function
sshRule := config.NewManagedRule(this, jsii.String("SSH"), &managedRuleProps{
	identifier: config.managedRuleIdentifiers_EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED(),
	ruleScope: config.ruleScope.fromResource(config.resourceType_EC2_SECURITY_GROUP(), jsii.String("sg-1234567890abcdefgh")),
})
customRule := config.NewCustomRule(this, jsii.String("Lambda"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromResources([]*resourceType{
		config.*resourceType_CLOUDFORMATION_STACK(),
		config.*resourceType_S3_BUCKET(),
	}),
})

tagRule := config.NewCustomRule(this, jsii.String("CostCenterTagRule"), &customRuleProps{
	lambdaFunction: evalComplianceFn,
	configurationChanges: jsii.Boolean(true),
	ruleScope: config.*ruleScope.fromTag(jsii.String("Cost Center"), jsii.String("MyApp")),
})

Experimental.

func RuleScope_FromResource 

func RuleScope_FromResource(resourceType ResourceType, resourceId *string) RuleScope

restricts scope of changes to a specific resource type or resource identifier. Experimental.

func RuleScope_FromResources 

func RuleScope_FromResources(resourceTypes *[]ResourceType) RuleScope

restricts scope of changes to specific resource types. Experimental.

func RuleScope_FromTag 

func RuleScope_FromTag(key *string, value *string) RuleScope

restricts scope of changes to a specific tag. Experimental.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.