Metadata-Version: 2.1
Name: aws-cdk.aws-config
Version: 1.67.0
Summary: The CDK Construct Library for AWS::Config
Home-page: https://github.com/aws/aws-cdk
Author: Amazon Web Services
License: Apache-2.0
Project-URL: Source, https://github.com/aws/aws-cdk.git
Description: ## AWS Config Construct Library
        
        <!--BEGIN STABILITY BANNER-->---
        
        
        | Features | Stability |
        | --- | --- |
        | CFN Resources | ![Stable](https://img.shields.io/badge/stable-success.svg?style=for-the-badge) |
        | Higher level constructs for Config Rules | ![Developer Preview](https://img.shields.io/badge/developer--preview-informational.svg?style=for-the-badge) |
        | Higher level constructs for initial set-up (delivery channel & configuration recorder) | ![Not Implemented](https://img.shields.io/badge/not--implemented-black.svg?style=for-the-badge) |
        
        > **CFN Resources:** All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) are always stable and safe to use.
        
        > **Developer Preview:** Higher level constructs in this module that are marked as developer preview have completed their phase of active development and are looking for adoption and feedback. While the same caveats around non-backward compatible as Experimental constructs apply, they will undergo fewer breaking changes. Just as with Experimental constructs, these are not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be announced in the release notes.
        
        ---
        <!--END STABILITY BANNER-->
        
        This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
        
        ### Initial Setup
        
        Before using the constructs provided in this module, you need to set up AWS Config
        in the region in which it will be used. This setup includes the one-time creation of the
        following resources per region:
        
        * `ConfigurationRecorder`: Configure which resources will be recorded for config changes.
        * `DeliveryChannel`: Configure where to store the recorded data.
        
        Following are the guides to setup AWS Config:
        
        * [Using the AWS Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html)
        * [Using the AWS CLI](https://docs.aws.amazon.com/config/latest/developerguide/gs-cli.html)
        
        ### Rules
        
        #### AWS managed rules
        
        To set up a managed rule, define a `ManagedRule` and specify its identifier:
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        ManagedRule(self, "AccessKeysRotated",
            identifier="ACCESS_KEYS_ROTATED"
        )
        ```
        
        Available identifiers and parameters are listed in the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html).
        
        Higher level constructs for managed rules are available, see [Managed Rules](https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-config/lib/managed-rules.ts). Prefer to use those constructs when available (PRs welcome to add more of those).
        
        #### Custom rules
        
        To set up a custom rule, define a `CustomRule` and specify the Lambda Function to run and the trigger types:
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        CustomRule(self, "CustomRule",
            lambda_function=my_fn,
            configuration_changes=True,
            periodic=True
        )
        ```
        
        #### Restricting the scope
        
        By default rules are triggered by changes to all [resources](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources).
        
        Use the `scopeToResource()`, `scopeToResources()` or `scopeToTag()` APIs to restrict
        the scope of both managed and custom rules:
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        ssh_rule = ManagedRule(self, "SSH",
            identifier="INCOMING_SSH_DISABLED"
        )
        
        # Restrict to a specific security group
        rule.scope_to_resource("AWS::EC2::SecurityGroup", "sg-1234567890abcdefgh")
        
        custom_rule = CustomRule(self, "CustomRule",
            lambda_function=my_fn,
            configuration_changes=True
        )
        
        # Restrict to a specific tag
        custom_rule.scope_to_tag("Cost Center", "MyApp")
        ```
        
        Only one type of scope restriction can be added to a rule (the last call to `scopeToXxx()` sets the scope).
        
        #### Events
        
        To define Amazon CloudWatch event rules, use the `onComplianceChange()` or `onReEvaluationStatus()` methods:
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        rule = CloudFormationStackDriftDetectionCheck(self, "Drift")
        rule.on_compliance_change("TopicEvent",
            target=targets.SnsTopic(topic)
        )
        ```
        
        #### Example
        
        The following example creates a custom rule that runs on configuration changes to EC2 instances and publishes
        compliance events to an SNS topic.
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        import aws_cdk.aws_config as config
        import aws_cdk.aws_lambda as lambda_
        
        # A custom rule that runs on configuration changes of EC2 instances
        fn = lambda_.Function(self, "CustomFunction",
            code=lambda_.AssetCode.from_inline("exports.handler = (event) => console.log(event);"),
            handler="index.handler",
            runtime=lambda_.Runtime.NODEJS_10_X
        )
        
        custom_rule = config.CustomRule(self, "Custom",
            configuration_changes=True,
            lambda_function=fn
        )
        
        custom_rule.scope_to_resource("AWS::EC2::Instance")
        
        # A rule to detect stack drifts
        drift_rule = config.CloudFormationStackDriftDetectionCheck(self, "Drift")
        
        # Topic to which compliance notification events will be published
        compliance_topic = sns.Topic(self, "ComplianceTopic")
        
        # Send notification on compliance change
        drift_rule.on_compliance_change("ComplianceChange",
            target=targets.SnsTopic(compliance_topic)
        )
        ```
        
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: JavaScript
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Typing :: Typed
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved
Classifier: Framework :: AWS CDK
Classifier: Framework :: AWS CDK :: 1
Requires-Python: >=3.6
Description-Content-Type: text/markdown
