Skip to content


Sample rules

A few rules that use objects from this package:

from typing import List, Dict
from import AwsEnvironmentContext
from import AwsBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType

class EnsureConfigAggregatorEnabledAllRegionsRule(AwsBaseRule):

    def get_id(self) -> str:
        return 'non_car_config_aggregator_is_enabled_in_all_regions'

    def execute(self, env_context: AwsEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []

        for aggregator in env_context.aws_config_aggregators:
            if not aggregator.is_enabled_all_regions:
                        f'The {aggregator.get_type()} `{aggregator.get_friendly_name()}` is not enabled in all regions', aggregator, aggregator))
        return issues

    def should_run_rule(self, environment_context: AwsEnvironmentContext) -> bool:
        return bool(environment_context.aws_config_aggregators)

ConfigAggregator (AwsResource)


Name Type Description
aggregator_name str

The name of the Config Aggregator.

arn str

The ARN of the Config Aggregator.

account_aggregation_used bool

An indication if the aggregation data is set for the account.

organization_aggregation_used bool

An indication if the aggregation data is set for the organization.

account_aggregation_all_regions_enabled Optional[bool]

An indication if the account to aggregate data is enabled on all regions.

organization_aggregation_all_regions_enabled Optional[bool]

An indication if the organization to aggregate data is enabled on all regions.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process