AWS::Config::ConfigRule Scope
Defines which resources trigger an evaluation for an Amazon Config rule. The scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. Specify a scope to constrain which resources trigger an evaluation for a rule. Otherwise, evaluations for the rule are triggered when any resource in your recording group changes in configuration.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "ComplianceResourceId" :String, "ComplianceResourceTypes" :[ String, ... ], "TagKey" :String, "TagValue" :String}
YAML
ComplianceResourceId:StringComplianceResourceTypes:- StringTagKey:StringTagValue:String
Properties
ComplianceResourceId-
The ID of the only Amazon resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for
ComplianceResourceTypes.Required: No
Type: String
Minimum:
1Maximum:
768Update requires: No interruption
ComplianceResourceTypes-
The resource types of only those Amazon resources that you want to trigger an evaluation for the rule. You can only specify one type if you also specify a resource ID for
ComplianceResourceId.Required: No
Type: List of String
Maximum:
100Update requires: No interruption
TagKey-
The tag key that is applied to only those Amazon resources that you want to trigger an evaluation for the rule.
Required: No
Type: String
Minimum:
1Maximum:
128Update requires: No interruption
TagValue-
The tag value applied to only those Amazon resources that you want to trigger an evaluation for the rule. If you specify a value for
TagValue, you must also specify a value forTagKey.Required: No
Type: String
Minimum:
1Maximum:
256Update requires: No interruption