| source_rule |
(Required) The identifier for AWS Config managed rule. Use the format like root-account-mfa-enabled instead of predefiend format like ROOT_ACCOUNT_MFA_ENABLED. |
string |
n/a |
yes |
| description |
(Optional) The description of the rule. Use default description if not provided. |
string |
null |
no |
| evaluation_modes |
(Optional) A set of evaluation modes to enable for the Config rule. Valid values are DETECTIVE, PROACTIVE. Default value contains only DETECTIVE. |
set(string) |
[
"DETECTIVE"
] |
no |
| excluded_accounts |
(Optional) A list of AWS account identifiers to exclude from the rule. Only need when level is configured with value ORGANIZATION. |
list(string) |
[] |
no |
| level |
(Optional) Choose to create a rule across all accounts in your Organization. Valid values are ACCOUNT and ORGANIZATION. Use ORGANIZATION level in Organization master account or delegated administrator accounts. |
string |
"ACCOUNT" |
no |
| module_tags_enabled |
(Optional) Whether to create AWS Resource Tags for the module informations. |
bool |
true |
no |
| name |
(Optional) The name of the rule. Use default rule name if not provided. |
string |
null |
no |
| parameters |
(Optional) A map of parameters that is passed to the AWS Config rule Lambda function. |
any |
{} |
no |
| resource_group_description |
(Optional) The description of Resource Group. |
string |
"Managed by Terraform." |
no |
| resource_group_enabled |
(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. |
bool |
true |
no |
| resource_group_name |
(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with AWS or aws. |
string |
"" |
no |
| resource_id |
(Optional) The ID of the only AWS resource that you want to trigger an evaluation for the rule. If you specify this, you must specify only one resource type for resource_types. Only need when scope is configured with value RESOURCES. |
string |
null |
no |
| resource_tag |
(Optional) The tag that are applied to only those AWS resources that you want you want to trigger an evaluation for the rule. You can configure with only key or a set of key and value. Only need when scope is configured with value TAGS. |
map(string) |
{} |
no |
| resource_types |
(Optional) A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. For example, AWS::EC2::Instance or AWS::CloudTrail::Trail. Only need when scope is configured with value RESOURCES. |
list(string) |
[] |
no |
| schedule_frequency |
(Optional) The frequency with which AWS Config runs evaluations for a rule. Use default value if not provided. Valid values are 1h, 3h, 6h, 12h, or 24h. |
string |
null |
no |
| scope |
(Optional) Choose when evaluations will occur. Valid values are ALL_CHANGES, RESOURCES, or TAGS. |
string |
"RESOURCES" |
no |
| tags |
(Optional) A map of tags to add to all resources. |
map(string) |
{} |
no |