AWS Fundamentals Logo
AWS Fundamentals
AWS::Config::ConfigRule

Config ConfigRule

You must first create and start the CC configuration recorder in order to create CC managed rules with CFNlong. For more information, see [Managing the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html). Adds or updates an CC rule to evaluate if your AWS resources comply with your desired configurations. For information on how many CC rules you can have per account, see [Service Limits](https://docs.aws.amazon.com/config/latest/develop...

Properties

8 configurable properties. 1 required. Click a row to see details.

Filter:
PropertyTypeFlags
Source
Source
Required
Compliance
object
ConfigRuleName
string
Create-only
Description
string
EvaluationModes
Array<EvaluationModeConfiguration>
InputParameters
stringobject
MaximumExecutionFrequency
string
Scope
Scope

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
Arnstring-
ConfigRuleIdstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Config::ConfigRule

Resources:
  MyResource:
    Type: AWS::Config::ConfigRule
    Properties:
      Source: "value"
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

config:PutConfigRuleconfig:DescribeConfigRules

read

config:DescribeConfigRulesconfig:DescribeComplianceByConfigRule

delete

config:DeleteConfigRuleconfig:DescribeConfigRules

list

config:DescribeConfigRules

update

config:PutConfigRuleconfig:DescribeConfigRules

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceConfig
Properties10
Required1
TaggingNot supported
Primary IDConfigRuleName

Supported Operations

CreateReadDeleteListUpdate

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

ConfigRuleName

Related Resources

External Links