Documentation

An object that specifies metadata for your organization's Config Custom Policy rule. The metadata includes the runtime system in use, which accounts have debug logging enabled, and other custom rule metadata, such as resource type, resource ID of Amazon Web Services resource, and organization trigger types that initiate Config to evaluate Amazon Web Services resources against a rule.

See: newOrganizationCustomPolicyRuleMetadata smart constructor.

Create a value of OrganizationCustomPolicyRuleMetadata with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:debugLogDeliveryAccounts:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_debugLogDeliveryAccounts - A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.

$sel:description:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_description - The description that you provide for your organization Config Custom Policy rule.

$sel:inputParameters:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_inputParameters - A string, in JSON format, that is passed to your organization Config Custom Policy rule.

$sel:maximumExecutionFrequency:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_maximumExecutionFrequency - The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

$sel:organizationConfigRuleTriggerTypes:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_organizationConfigRuleTriggerTypes - The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:

• ConfigurationItemChangeNotification - Initiates an evaluation when Config delivers a configuration item as a result of a resource change.
• OversizedConfigurationItemChangeNotification - Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.

$sel:resourceIdScope:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_resourceIdScope - The ID of the Amazon Web Services resource that was evaluated.

$sel:resourceTypesScope:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_resourceTypesScope - The type of the Amazon Web Services resource that was evaluated.

$sel:tagKeyScope:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_tagKeyScope - One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

$sel:tagValueScope:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_tagValueScope - The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

$sel:policyRuntime:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_policyRuntime - The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.

$sel:policyText:OrganizationCustomPolicyRuleMetadata', organizationCustomPolicyRuleMetadata_policyText - The policy definition containing the logic for your organization Config Custom Policy rule.

A list of accounts that you can enable debug logging for your organization Config Custom Policy rule. List is null when debug logging is enabled for all accounts.

The description that you provide for your organization Config Custom Policy rule.

A string, in JSON format, that is passed to your organization Config Custom Policy rule.

The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

The type of notification that initiates Config to run an evaluation for a rule. For Config Custom Policy rules, Config supports change-initiated notification types:

• ConfigurationItemChangeNotification - Initiates an evaluation when Config delivers a configuration item as a result of a resource change.
• OversizedConfigurationItemChangeNotification - Initiates an evaluation when Config delivers an oversized configuration item. Config may generate this notification type when a resource changes and the notification exceeds the maximum size allowed by Amazon SNS.

The ID of the Amazon Web Services resource that was evaluated.

The type of the Amazon Web Services resource that was evaluated.

One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

The runtime system for your organization Config Custom Policy rules. Guard is a policy-as-code language that allows you to write policies that are enforced by Config Custom Policy rules. For more information about Guard, see the Guard GitHub Repository.

The policy definition containing the logic for your organization Config Custom Policy rule.