organization_conformance_packs
Creates, updates, deletes or gets an organization_conformance_pack resource or lists organization_conformance_packs in a region
Overview
| Name | organization_conformance_packs |
| Type | Resource |
| Description | Resource schema for AWS::Config::OrganizationConformancePack. |
| Id | awscc.config.organization_conformance_packs |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
organization_conformance_pack_name | string | The name of the organization conformance pack. |
template_s3_uri | string | Location of file containing the template body. |
template_body | string | A string containing full conformance pack template body. |
delivery_s3_bucket | string | AWS Config stores intermediate files while processing conformance pack template. |
delivery_s3_key_prefix | string | The prefix for the delivery S3 bucket. |
conformance_pack_input_parameters | array | A list of ConformancePackInputParameter objects. |
excluded_accounts | array | A list of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
organization_conformance_pack_name | string | The name of the organization conformance pack. |
region | string | AWS region. |
For more information, see AWS::Config::OrganizationConformancePack.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | organization_conformance_packs | INSERT | OrganizationConformancePackName, region |
delete_resource | organization_conformance_packs | DELETE | Identifier, region |
update_resource | organization_conformance_packs | UPDATE | Identifier, PatchDocument, region |
list_resources | organization_conformance_packs_list_only | SELECT | region |
get_resource | organization_conformance_packs | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual organization_conformance_pack.
SELECT
region,
organization_conformance_pack_name,
template_s3_uri,
template_body,
delivery_s3_bucket,
delivery_s3_key_prefix,
conformance_pack_input_parameters,
excluded_accounts
FROM awscc.config.organization_conformance_packs
WHERE
region = 'us-east-1' AND
Identifier = '{{ organization_conformance_pack_name }}';
Lists all organization_conformance_packs in a region.
SELECT
region,
organization_conformance_pack_name
FROM awscc.config.organization_conformance_packs_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new organization_conformance_pack resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.config.organization_conformance_packs (
OrganizationConformancePackName,
region
)
SELECT
'{{ organization_conformance_pack_name }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.config.organization_conformance_packs (
OrganizationConformancePackName,
TemplateS3Uri,
TemplateBody,
DeliveryS3Bucket,
DeliveryS3KeyPrefix,
ConformancePackInputParameters,
ExcludedAccounts,
region
)
SELECT
'{{ organization_conformance_pack_name }}',
'{{ template_s3_uri }}',
'{{ template_body }}',
'{{ delivery_s3_bucket }}',
'{{ delivery_s3_key_prefix }}',
'{{ conformance_pack_input_parameters }}',
'{{ excluded_accounts }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: organization_conformance_pack
props:
- name: organization_conformance_pack_name
value: '{{ organization_conformance_pack_name }}'
- name: template_s3_uri
value: '{{ template_s3_uri }}'
- name: template_body
value: '{{ template_body }}'
- name: delivery_s3_bucket
value: '{{ delivery_s3_bucket }}'
- name: delivery_s3_key_prefix
value: '{{ delivery_s3_key_prefix }}'
- name: conformance_pack_input_parameters
value:
- parameter_name: '{{ parameter_name }}'
parameter_value: '{{ parameter_value }}'
- name: excluded_accounts
value:
- '{{ excluded_accounts[0] }}'
UPDATE example
Use the following StackQL query and manifest file to update a organization_conformance_pack resource, using stack-deploy.
/*+ update */
UPDATE awscc.config.organization_conformance_packs
SET PatchDocument = string('{{ {
"TemplateS3Uri": template_s3_uri,
"TemplateBody": template_body,
"DeliveryS3Bucket": delivery_s3_bucket,
"DeliveryS3KeyPrefix": delivery_s3_key_prefix,
"ConformancePackInputParameters": conformance_pack_input_parameters,
"ExcludedAccounts": excluded_accounts
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ organization_conformance_pack_name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.config.organization_conformance_packs
WHERE
Identifier = '{{ organization_conformance_pack_name }}' AND
region = 'us-east-1';
Permissions
To operate on the organization_conformance_packs resource, the following permissions are required:
- Create
- Read
- Delete
- Update
- List
config:PutOrganizationConformancePack,
config:DescribeOrganizationConformancePackStatuses,
config:GetOrganizationConformancePackDetailedStatus,
config:DescribeOrganizationConformancePacks,
s3:GetObject,
s3:GetBucketAcl,
iam:CreateServiceLinkedRole,
iam:PassRole,
organizations:ListDelegatedAdministrators,
organizations:EnableAWSServiceAccess
config:DescribeOrganizationConformancePacks
config:DeleteOrganizationConformancePack,
config:DescribeOrganizationConformancePackStatuses,
config:GetOrganizationConformancePackDetailedStatus,
organizations:ListDelegatedAdministrators
config:PutOrganizationConformancePack,
config:DescribeOrganizationConformancePackStatuses,
config:GetOrganizationConformancePackDetailedStatus,
s3:GetObject,
s3:GetBucketAcl,
iam:CreateServiceLinkedRole,
iam:PassRole,
organizations:ListDelegatedAdministrators,
organizations:EnableAWSServiceAccess
config:DescribeOrganizationConformancePacks