conformance_packs

Creates, updates, deletes or gets a conformance_pack resource or lists conformance_packs in a region

Overview

Name	`conformance_packs`
Type	Resource
Description	A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a region or across an entire AWS Organization.
Id	`aws.config.conformance_packs`

Fields

Name	Datatype	Description
`conformance_pack_name`	`string`	Name of the conformance pack which will be assigned as the unique identifier.
`delivery_s3_bucket`	`string`	AWS Config stores intermediate files while processing conformance pack template.
`delivery_s3_key_prefix`	`string`	The prefix for delivery S3 bucket.
`template_body`	`string`	A string containing full conformance pack template body. You can only specify one of the template body or template S3Uri fields.
`template_s3_uri`	`string`	Location of file containing the template body which points to the conformance pack template that is located in an Amazon S3 bucket. You can only specify one of the template body or template S3Uri fields.
`template_ssm_document_details`	`object`	The TemplateSSMDocumentDetails object contains the name of the SSM document and the version of the SSM document.
`conformance_pack_input_parameters`	`array`	A list of ConformancePackInputParameter objects.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`ConformancePackName, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all conformance_packs in a region.

SELECT
region,
conformance_pack_name,
delivery_s3_bucket,
delivery_s3_key_prefix,
template_body,
template_s3_uri,
template_ssm_document_details,
conformance_pack_input_parameters
FROM aws.config.conformance_packs
WHERE region = 'us-east-1';

Gets all properties from an individual conformance_pack.

SELECT
region,
conformance_pack_name,
delivery_s3_bucket,
delivery_s3_key_prefix,
template_body,
template_s3_uri,
template_ssm_document_details,
conformance_pack_input_parameters
FROM aws.config.conformance_packs
WHERE region = 'us-east-1' AND data__Identifier = '<ConformancePackName>';

`INSERT` example

Use the following StackQL query and manifest file to create a new conformance_pack resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.config.conformance_packs (
 ConformancePackName,
 region
)
SELECT 
'{{ ConformancePackName }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.config.conformance_packs (
 ConformancePackName,
 DeliveryS3Bucket,
 DeliveryS3KeyPrefix,
 TemplateBody,
 TemplateS3Uri,
 TemplateSSMDocumentDetails,
 ConformancePackInputParameters,
 region
)
SELECT 
 '{{ ConformancePackName }}',
 '{{ DeliveryS3Bucket }}',
 '{{ DeliveryS3KeyPrefix }}',
 '{{ TemplateBody }}',
 '{{ TemplateS3Uri }}',
 '{{ TemplateSSMDocumentDetails }}',
 '{{ ConformancePackInputParameters }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: conformance_pack
    props:
      - name: ConformancePackName
        value: '{{ ConformancePackName }}'
      - name: DeliveryS3Bucket
        value: '{{ DeliveryS3Bucket }}'
      - name: DeliveryS3KeyPrefix
        value: '{{ DeliveryS3KeyPrefix }}'
      - name: TemplateBody
        value: '{{ TemplateBody }}'
      - name: TemplateS3Uri
        value: '{{ TemplateS3Uri }}'
      - name: TemplateSSMDocumentDetails
        value:
          DocumentName: '{{ DocumentName }}'
          DocumentVersion: '{{ DocumentVersion }}'
      - name: ConformancePackInputParameters
        value:
          - ParameterName: '{{ ParameterName }}'
            ParameterValue: '{{ ParameterValue }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.config.conformance_packs
WHERE data__Identifier = '<ConformancePackName>'
AND region = 'us-east-1';

Permissions

To operate on the conformance_packs resource, the following permissions are required:

Create

config:PutConformancePack,
config:DescribeConformancePackStatus,
config:DescribeConformancePacks,
s3:GetObject,
s3:GetBucketAcl,
iam:CreateServiceLinkedRole,
iam:PassRole

Read

config:DescribeConformancePacks

Update

config:PutConformancePack,
config:DescribeConformancePackStatus,
s3:GetObject,
s3:GetBucketAcl,
iam:CreateServiceLinkedRole,
iam:PassRole

Delete

config:DeleteConformancePack,
config:DescribeConformancePackStatus

List

config:DescribeConformancePacks

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​