CfnGuardHook

The type name alias for the Hook. This alias must be unique per account and Region. The alias must be in the form `Name1::Name2::Name3` and must not begin with `AWS` . For example, `Private::Guard::MyTestHook` .

The IAM role that the Hook assumes to retrieve your Guard rules from S3 and optionally write a detailed Guard output report back.

Specifies how the Hook responds when rules fail their evaluation. - `FAIL` : Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies. - `WARN` : Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.

Default: - "WARN"

Specifies if the Hook is `ENABLED` or `DISABLED` .

Default: - "DISABLED"

Specifies the S3 location of your Guard rules.

Specifies the list of operations the Hook is run against. For more information, see [Hook targets](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-concepts.html#hook-terms-hook-target) in the *CloudFormation Hooks User Guide* . Valid values: `STACK` | `RESOURCE` | `CHANGE_SET` | `CLOUD_CONTROL`

Specifies the name of an S3 bucket to store the Guard output report. This report contains the results of your Guard rule validations.

Specifies the S3 location of your input parameters.

Specifies the stack level filters for the Hook. Example stack level filter in JSON: `"StackFilters": {"FilteringCriteria": "ALL", "StackNames": {"Exclude": [ "stack-1", "stack-2"]}}` Example stack level filter in YAML: `StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2`

Specifies the target filters for the Hook. Example target filter in JSON: `"TargetFilters": {"Actions": [ "CREATE", "UPDATE", "DELETE" ]}` Example target filter in YAML: `TargetFilters: Actions: - CREATE - UPDATE - DELETE`