rule.ts

import { createHash } from 'crypto';
import type { Construct } from 'constructs';
import type { ConfigRuleReference, IConfigRuleRef } from './config.generated';
import { CfnConfigRule } from './config.generated';
import * as events from '../../aws-events';
import * as iam from '../../aws-iam';
import type * as lambda from '../../aws-lambda';
import type { IResource } from '../../core';
import { ArnFormat, Lazy, Resource, Stack, ValidationError } from '../../core';
import { addConstructMetadata } from '../../core/lib/metadata-resource';
import { propertyInjectable } from '../../core/lib/prop-injectable';

/**
 * Interface representing an AWS Config rule
 */
export interface IRule extends IResource, IConfigRuleRef {
  /**
   * The name of the rule.
   *
   * @attribute
   */
  readonly configRuleName: string;

  /**
   * Defines an EventBridge event rule which triggers for rule events. Use
   * `rule.addEventPattern(pattern)` to specify a filter.
   */
  onEvent(id: string, options?: events.OnEventOptions): events.Rule;

  /**
   * Defines a EventBridge event rule which triggers for rule compliance events.
   */
  onComplianceChange(id: string, options?: events.OnEventOptions): events.Rule;

  /**
   * Defines a EventBridge event rule which triggers for rule re-evaluation status events.
   */
  onReEvaluationStatus(id: string, options?: events.OnEventOptions): events.Rule;
}

/**
 * The mode of evaluation for the rule.
 */
export class EvaluationMode {
  /**
   * Evaluate resources that have already been deployed
   */
  public static readonly DETECTIVE = new EvaluationMode(['DETECTIVE']);
  /**
   * Evaluate resources before they have been deployed
   */
  public static readonly PROACTIVE = new EvaluationMode(['PROACTIVE']);
  /**
   * Evaluate resources that have already been deployed and before they have been deployed
   */
  public static readonly DETECTIVE_AND_PROACTIVE = new EvaluationMode(['DETECTIVE', 'PROACTIVE']);

  /**
   * @param modes The modes of evaluation for the rule
   */
  protected constructor(public readonly modes: string[]) {}
}

/**
 * A new or imported rule.
 */
abstract class RuleBase extends Resource implements IRule {
  public abstract readonly configRuleName: string;

  /**
   * Defines an EventBridge event rule which triggers for rule events. Use
   * `rule.addEventPattern(pattern)` to specify a filter.
   */
  public onEvent(id: string, options: events.OnEventOptions = {}) {
    const rule = new events.Rule(this, id, options);
    rule.addEventPattern({
      source: ['aws.config'],
      detail: {
        configRuleName: [this.configRuleName],
      },
    });
    rule.addTarget(options.target);
    return rule;
  }

  /**
   * Defines an EventBridge event rule which triggers for rule compliance events.
   */
  public onComplianceChange(id: string, options: events.OnEventOptions = {}): events.Rule {
    const rule = this.onEvent(id, options);
    rule.addEventPattern({
      detailType: ['Config Rules Compliance Change'],
    });
    return rule;
  }

  /**
   * Defines an EventBridge event rule which triggers for rule re-evaluation status events.
   */
  public onReEvaluationStatus(id: string, options: events.OnEventOptions = {}): events.Rule {
    const rule = this.onEvent(id, options);
    rule.addEventPattern({
      detailType: ['Config Rules Re-evaluation Status'],
    });
    return rule;
  }

  public get configRuleRef(): ConfigRuleReference {
    const self = this;
    return {
      get configRuleArn(): string { throw new ValidationError('CannotConfigRuleCreatedWithout', 'Cannot get the ARN of this ConfigRule; it has been created without knowledge of its id', self); },
      configRuleName: this.configRuleName,
    };
  }
}

/**
 * A new managed or custom rule.
 */
abstract class RuleNew extends RuleBase {
  /**
   * Imports an existing rule.
   *
   * @param configRuleName the name of the rule
   */
  public static fromConfigRuleName(scope: Construct, id: string, configRuleName: string): IRule {
    class Import extends RuleBase {
      public readonly configRuleName = configRuleName;
    }

    return new Import(scope, id);
  }

  /**
   * The arn of the rule.
   */
  public abstract readonly configRuleArn: string;

  /**
   * The id of the rule.
   */
  public abstract readonly configRuleId: string;

  /**
   * The compliance status of the rule.
   */
  public abstract readonly configRuleComplianceType: string;

  protected ruleScope?: RuleScope;
  protected isManaged?: boolean;
  protected isCustomWithChanges?: boolean;

  public get configRuleRef(): ConfigRuleReference {
    return {
      configRuleArn: Stack.of(this).formatArn({
        service: 'config',
        account: this.env.account,
        region: this.env.region,
        resource: 'config-rule',
        resourceName: this.configRuleId,
        arnFormat: ArnFormat.SLASH_RESOURCE_NAME,
      }),
      configRuleName: this.configRuleName,
    };
  }
}

/**
 * Determines which resources trigger an evaluation of an AWS Config rule.
 */
export class RuleScope {
  /** restricts scope of changes to a specific resource type or resource identifier */
  public static fromResource(resourceType: ResourceType, resourceId?: string) {
    return new RuleScope(resourceId, [resourceType]);
  }
  /** restricts scope of changes to specific resource types */
  public static fromResources(resourceTypes: ResourceType[]) {
    return new RuleScope(undefined, resourceTypes);
  }
  /** restricts scope of changes to a specific tag */
  public static fromTag(key: string, value?: string) {
    return new RuleScope(undefined, undefined, key, value);
  }

  /** Resource types that will trigger evaluation of a rule */
  public readonly resourceTypes?: ResourceType[];

  /** ID of the only AWS resource that will trigger evaluation of a rule */
  public readonly resourceId?: string;

  /** tag key applied to resources that will trigger evaluation of a rule  */
  public readonly key?: string;

  /** tag value applied to resources that will trigger evaluation of a rule */
  public readonly value?: string;

  private constructor(resourceId?: string, resourceTypes?: ResourceType[], tagKey?: string, tagValue?: string) {
    this.resourceTypes = resourceTypes;
    this.resourceId = resourceId;
    this.key = tagKey;
    this.value = tagValue;
  }
}

/**
 * The maximum frequency at which the AWS Config rule runs evaluations.
 */
export enum MaximumExecutionFrequency {

  /**
   * 1 hour.
   */
  ONE_HOUR = 'One_Hour',

  /**
   * 3 hours.
   */
  THREE_HOURS = 'Three_Hours',

  /**
   * 6 hours.
   */
  SIX_HOURS = 'Six_Hours',

  /**
   * 12 hours.
   */
  TWELVE_HOURS = 'Twelve_Hours',

  /**
   * 24 hours.
   */
  TWENTY_FOUR_HOURS = 'TwentyFour_Hours',
}

/**
 * Construction properties for a new rule.
 */
export interface RuleProps {
  /**
   * A name for the AWS Config rule.
   *
   * @default - CloudFormation generated name
   */
  readonly configRuleName?: string;

  /**
   * A description about this AWS Config rule.
   *
   * @default - No description
   */
  readonly description?: string;

  /**
   * Input parameter values that are passed to the AWS Config rule.
   *
   * @default - No input parameters
   */
  readonly inputParameters?: { [key: string]: any };

  /**
   * The maximum frequency at which the AWS Config rule runs evaluations.
   *
   * @default MaximumExecutionFrequency.TWENTY_FOUR_HOURS
   */
  readonly maximumExecutionFrequency?: MaximumExecutionFrequency;

  /**
   * Defines which resources trigger an evaluation for an AWS Config rule.
   *
   * @default - evaluations for the rule are triggered when any resource in the recording group changes.
   */
  readonly ruleScope?: RuleScope;

  /**
   * The modes the AWS Config rule can be evaluated in. The valid values are distinct objects.
   *
   * @default - Detective evaluation mode only
   */
  readonly evaluationModes?: EvaluationMode;
}

/**
 * Construction properties for a ManagedRule.
 */
export interface ManagedRuleProps extends RuleProps {
  /**
   * The identifier of the AWS managed rule.
   *
   * @see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
   */
  readonly identifier: string;
}

/**
 * A new managed rule.
 *
 * @resource AWS::Config::ConfigRule
 */
@propertyInjectable
export class ManagedRule extends RuleNew {
  /** Uniquely identifies this class. */
  public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-config.ManagedRule';
  /** @attribute */
  public readonly configRuleName: string;

  /** @attribute */
  public readonly configRuleArn: string;

  /** @attribute */
  public readonly configRuleId: string;

  /** @attribute */
  public readonly configRuleComplianceType: string;

  constructor(scope: Construct, id: string, props: ManagedRuleProps) {
    super(scope, id, {
      physicalName: props.configRuleName,
    });
    // Enhanced CDK Analytics Telemetry
    addConstructMetadata(this, props);

    this.ruleScope = props.ruleScope;

    const rule = new CfnConfigRule(this, 'Resource', {
      configRuleName: this.physicalName,
      description: props.description,
      inputParameters: props.inputParameters,
      maximumExecutionFrequency: props.maximumExecutionFrequency,
      scope: Lazy.any({ produce: () => renderScope(this.ruleScope) }), // scope can use values such as stack id (see CloudFormationStackDriftDetectionCheck)
      source: {
        owner: 'AWS',
        sourceIdentifier: props.identifier,
      },
      evaluationModes: props.evaluationModes?.modes.map((mode) => ({
        mode,
      })),
    });

    this.configRuleName = rule.ref;
    this.configRuleArn = rule.attrArn;
    this.configRuleId = rule.attrConfigRuleId;
    this.configRuleComplianceType = rule.attrComplianceType;

    this.isManaged = true;
  }
}

/**
 * The source of the event, such as an AWS service,
 * that triggers AWS Config to evaluate your AWS resources.
 */
enum EventSource {

  /* from aws.config */
  AWS_CONFIG = 'aws.config',

}

/**
 * The type of notification that triggers AWS Config to run an evaluation for a rule.
 */
enum MessageType {

  /**
   * Triggers an evaluation when AWS Config delivers a configuration item as a result of a resource change.
   */
  CONFIGURATION_ITEM_CHANGE_NOTIFICATION = 'ConfigurationItemChangeNotification',

  /**
   * Triggers an evaluation when AWS Config delivers an oversized configuration item.
   */
  OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION = 'OversizedConfigurationItemChangeNotification',

  /**
   * Triggers a periodic evaluation at the frequency specified for MaximumExecutionFrequency.
   */
  SCHEDULED_NOTIFICATION = 'ScheduledNotification',

  /**
   * Triggers a periodic evaluation when AWS Config delivers a configuration snapshot.
   */
  CONFIGURATION_SNAPSHOT_DELIVERY_COMPLETED = 'ConfigurationSnapshotDeliveryCompleted',
}

/**
 * Construction properties for a CustomRule.
 */
interface SourceDetail {
  /**
   * The source of the event, such as an AWS service,
   * that triggers AWS Config to evaluate your AWS resources.
   *
   */
  readonly eventSource: EventSource;
  /**
   * The frequency at which you want AWS Config to run evaluations for a custom rule with a periodic trigger.
   */
  readonly maximumExecutionFrequency?: MaximumExecutionFrequency;
  /**
   * The type of notification that triggers AWS Config to run an evaluation for a rule.
   */
  readonly messageType: MessageType;
}

/**
 * Construction properties for a CustomRule.
 */
export interface CustomRuleProps extends RuleProps {
  /**
   * The Lambda function to run.
   */
  readonly lambdaFunction: lambda.IFunction;

  /**
   * Whether to run the rule on configuration changes.
   *
   * @default false
   */
  readonly configurationChanges?: boolean;

  /**
   * Whether to run the rule on a fixed frequency.
   *
   * @default false
   */
  readonly periodic?: boolean;
}
/**
 * A new custom rule.
 *
 * @resource AWS::Config::ConfigRule
 */
@propertyInjectable
export class CustomRule extends RuleNew {
  /** Uniquely identifies this class. */
  public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-config.CustomRule';
  /** @attribute */
  public readonly configRuleName: string;

  /** @attribute */
  public readonly configRuleArn: string;

  /** @attribute */
  public readonly configRuleId: string;

  /** @attribute */
  public readonly configRuleComplianceType: string;

  constructor(scope: Construct, id: string, props: CustomRuleProps) {
    super(scope, id, {
      physicalName: props.configRuleName,
    });
    // Enhanced CDK Analytics Telemetry
    addConstructMetadata(this, props);

    if (!props.configurationChanges && !props.periodic) {
      throw new ValidationError('MustBeLeastTrue', 'At least one of `configurationChanges` or `periodic` must be set to true.', this);
    }

    const sourceDetails: SourceDetail[] = [];
    this.ruleScope = props.ruleScope;
    if (props.configurationChanges) {
      sourceDetails.push({
        eventSource: EventSource.AWS_CONFIG,
        messageType: MessageType.CONFIGURATION_ITEM_CHANGE_NOTIFICATION,
      });
      sourceDetails.push({
        eventSource: EventSource.AWS_CONFIG,
        messageType: MessageType.OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION,
      });
    }

    if (props.periodic) {
      sourceDetails.push({
        eventSource: EventSource.AWS_CONFIG,
        maximumExecutionFrequency: props.maximumExecutionFrequency,
        messageType: MessageType.SCHEDULED_NOTIFICATION,
      });
    }
    const hash = createHash('sha256')
      .update(JSON.stringify({
        /* eslint-disable-next-line @typescript-eslint/unbound-method *//* REMOVEME: this is a latent bug */
        fnName: props.lambdaFunction.functionName.toString,
        accountId: Stack.of(this).resolve(this.env.account),
        region: Stack.of(this).resolve(this.env.region),
      }), 'utf8')
      .digest('base64');
    const customRulePermissionId: string = `CustomRulePermission${hash}`;
    if (!props.lambdaFunction.permissionsNode.tryFindChild(customRulePermissionId)) {
      props.lambdaFunction.addPermission(customRulePermissionId, {
        principal: new iam.ServicePrincipal('config.amazonaws.com'),
        sourceAccount: this.env.account,
      });
    }

    if (props.lambdaFunction.role) {
      props.lambdaFunction.role.addManagedPolicy(
        iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSConfigRulesExecutionRole'),
      );
    }

    // The lambda permission must be created before the rule
    this.node.addDependency(props.lambdaFunction);

    const rule = new CfnConfigRule(this, 'Resource', {
      configRuleName: this.physicalName,
      description: props.description,
      inputParameters: props.inputParameters,
      maximumExecutionFrequency: props.maximumExecutionFrequency,
      scope: Lazy.any({ produce: () => renderScope(this.ruleScope) }), // scope can use values such as stack id (see CloudFormationStackDriftDetectionCheck)
      source: {
        owner: 'CUSTOM_LAMBDA',
        sourceDetails,
        sourceIdentifier: props.lambdaFunction.functionArn,
      },
      evaluationModes: props.evaluationModes?.modes.map((mode) => ({
        mode,
      })),
    });

    this.configRuleName = rule.ref;
    this.configRuleArn = rule.attrArn;
    this.configRuleId = rule.attrConfigRuleId;
    this.configRuleComplianceType = rule.attrComplianceType;

    if (props.configurationChanges) {
      this.isCustomWithChanges = true;
    }
  }
}

/**
 * Construction properties for a CustomPolicy.
 */
export interface CustomPolicyProps extends RuleProps {
  /**
   * The policy definition containing the logic for your AWS Config Custom Policy rule.
   */
  readonly policyText: string;

  /**
   * The boolean expression for enabling debug logging for your AWS Config Custom Policy rule.
   *
   * @default false
   */
  readonly enableDebugLog?: boolean;
}

/**
 * A new custom policy.
 *
 * @resource AWS::Config::ConfigRule
 */
@propertyInjectable
export class CustomPolicy extends RuleNew {
  /**
   * Uniquely identifies this class.
   */
  public static readonly PROPERTY_INJECTION_ID: string = 'aws-cdk-lib.aws-config.CustomPolicy';

  /** @attribute */
  public readonly configRuleName: string;

  /** @attribute */
  public readonly configRuleArn: string;

  /** @attribute */
  public readonly configRuleId: string;

  /** @attribute */
  public readonly configRuleComplianceType: string;

  constructor(scope: Construct, id: string, props: CustomPolicyProps) {
    super(scope, id, {
      physicalName: props.configRuleName,
    });
    // Enhanced CDK Analytics Telemetry
    addConstructMetadata(this, props);

    if (!props.policyText || [...props.policyText].length === 0) {
      throw new ValidationError('PolicyTextCannotEmpty', 'Policy Text cannot be empty.', this);
    }
    if ([...props.policyText].length > 10000) {
      throw new ValidationError('PolicyTextLimitedCharactersLess', 'Policy Text is limited to 10,000 characters or less.', this);
    }

    const sourceDetails: SourceDetail[] = [];
    this.ruleScope = props.ruleScope;

    sourceDetails.push({
      eventSource: EventSource.AWS_CONFIG,
      messageType: MessageType.CONFIGURATION_ITEM_CHANGE_NOTIFICATION,
    });
    sourceDetails.push({
      eventSource: EventSource.AWS_CONFIG,
      messageType: MessageType.OVERSIZED_CONFIGURATION_ITEM_CHANGE_NOTIFICATION,
    });
    const rule = new CfnConfigRule(this, 'Resource', {
      configRuleName: this.physicalName,
      description: props.description,
      inputParameters: props.inputParameters,
      scope: Lazy.any({ produce: () => renderScope(this.ruleScope) }), // scope can use values such as stack id (see CloudFormationStackDriftDetectionCheck)
      source: {
        owner: 'CUSTOM_POLICY',
        sourceDetails,
        customPolicyDetails: {
          enableDebugLogDelivery: props.enableDebugLog,
          policyRuntime: 'guard-2.x.x',
          policyText: props.policyText,
        },
      },
      evaluationModes: props.evaluationModes?.modes.map((mode) => ({
        mode,
      })),
    });

    this.configRuleName = rule.ref;
    this.configRuleArn = rule.attrArn;
    this.configRuleId = rule.attrConfigRuleId;
    this.configRuleComplianceType = rule.attrComplianceType;
    this.isCustomWithChanges = true;
  }
}

/**
 * Managed rules that are supported by AWS Config.
 * @see https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
 */
export class ManagedRuleIdentifiers {
  /**
   * Checks that the inline policies attached to your AWS Identity and Access Management users,
   * roles, and groups do not allow blocked actions on all AWS Key Management Service keys.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-inline-policy-blocked-kms-actions.html
   */
  public static readonly IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS = 'IAM_INLINE_POLICY_BLOCKED_KMS_ACTIONS';
  /**
   * Checks that the managed AWS Identity and Access Management policies that you create do not
   * allow blocked actions on all AWS AWS KMS keys.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-customer-policy-blocked-kms-actions.html
   */
  public static readonly IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS = 'IAM_CUSTOMER_POLICY_BLOCKED_KMS_ACTIONS';
  /**
   * Checks whether the active access keys are rotated within the number of days specified in maxAccessKeyAge.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
   */
  public static readonly ACCESS_KEYS_ROTATED = 'ACCESS_KEYS_ROTATED';
  /**
   * Checks whether AWS account is part of AWS Organizations.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/account-part-of-organizations.html
   */
  public static readonly ACCOUNT_PART_OF_ORGANIZATIONS = 'ACCOUNT_PART_OF_ORGANIZATIONS';
  /**
   * Checks whether ACM Certificates in your account are marked for expiration within the specified number of days.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html
   */
  public static readonly ACM_CERTIFICATE_EXPIRATION_CHECK = 'ACM_CERTIFICATE_EXPIRATION_CHECK';
  /**
   * Checks if an Application Load Balancer (ALB) is configured with a user defined desync mitigation mode.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-desync-mode-check.html
   */
  public static readonly ALB_DESYNC_MODE_CHECK = 'ALB_DESYNC_MODE_CHECK';
  /**
   * Checks if rule evaluates Application Load Balancers (ALBs) to ensure they are configured to drop http headers.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html
   */
  public static readonly ALB_HTTP_DROP_INVALID_HEADER_ENABLED = 'ALB_HTTP_DROP_INVALID_HEADER_ENABLED';
  /**
   * Checks whether HTTP to HTTPS redirection is configured on all HTTP listeners of Application Load Balancer.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-http-to-https-redirection-check.html
   */
  public static readonly ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK = 'ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK';
  /**
   * Checks if Web Application Firewall (WAF) is enabled on Application Load Balancers (ALBs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/alb-waf-enabled.html
   */
  public static readonly ALB_WAF_ENABLED = 'ALB_WAF_ENABLED';
  /**
   * Checks if Amazon API Gateway V2 stages have access logging enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-access-logs-enabled.html
   */
  public static readonly API_GWV2_ACCESS_LOGS_ENABLED = 'API_GWV2_ACCESS_LOGS_ENABLED';
  /**
   * Checks if Amazon API Gatewayv2 API routes have an authorization type set.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-authorization-type-configured.html
   */
  public static readonly API_GWV2_AUTHORIZATION_TYPE_CONFIGURED = 'API_GWV2_AUTHORIZATION_TYPE_CONFIGURED';
  /**
   * Checks if an Amazon API Gateway API stage is using an AWS WAF Web ACL.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-associated-with-waf.html
   */
  public static readonly API_GW_ASSOCIATED_WITH_WAF = 'API_GW_ASSOCIATED_WITH_WAF';
  /**
   * Checks that all methods in Amazon API Gateway stages have caching enabled and encrypted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-cache-enabled-and-encrypted.html
   */
  public static readonly API_GW_CACHE_ENABLED_AND_ENCRYPTED = 'API_GW_CACHE_ENABLED_AND_ENCRYPTED';
  /**
   * Checks that Amazon API Gateway APIs are of the type specified in the rule parameter endpointConfigurationType.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-endpoint-type-check.html
   */
  public static readonly API_GW_ENDPOINT_TYPE_CHECK = 'API_GW_ENDPOINT_TYPE_CHECK';
  /**
   * Checks that all methods in Amazon API Gateway stage has logging enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-execution-logging-enabled.html
   */
  public static readonly API_GW_EXECUTION_LOGGING_ENABLED = 'API_GW_EXECUTION_LOGGING_ENABLED';
  /**
   * Checks if a REST API stage uses an Secure Sockets Layer (SSL) certificate.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-ssl-enabled.html
   */
  public static readonly API_GW_SSL_ENABLED = 'API_GW_SSL_ENABLED';
  /**
   * Checks if AWS X-Ray tracing is enabled on Amazon API Gateway REST APIs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/api-gw-xray-enabled.html
   */
  public static readonly API_GW_XRAY_ENABLED = 'API_GW_XRAY_ENABLED';
  /**
   * Checks whether running instances are using specified AMIs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-id.html
   */
  public static readonly APPROVED_AMIS_BY_ID = 'APPROVED_AMIS_BY_ID';
  /**
   * Checks whether running instances are using specified AMIs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/approved-amis-by-tag.html
   */
  public static readonly APPROVED_AMIS_BY_TAG = 'APPROVED_AMIS_BY_TAG';
  /**
   * Checks if a recovery point was created for Amazon Aurora DB clusters.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-last-backup-recovery-point-created.html
   */
  public static readonly AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED = 'AURORA_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks if an Amazon Aurora MySQL cluster has backtracking enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-backtracking-enabled.html
   */
  public static readonly AURORA_MYSQL_BACKTRACKING_ENABLED = 'AURORA_MYSQL_BACKTRACKING_ENABLED';
  /**
   * Checks if Amazon Aurora DB clusters are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-protected-by-backup-plan.html
   */
  public static readonly AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'AURORA_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks if Capacity Rebalancing is enabled for Amazon EC2 Auto Scaling groups that use multiple instance types.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-capacity-rebalancing.html
   */
  public static readonly AUTOSCALING_CAPACITY_REBALANCING = 'AUTOSCALING_CAPACITY_REBALANCING';
  /**
   * Checks whether your Auto Scaling groups that are associated with a load balancer are using
   * Elastic Load Balancing health checks.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-group-elb-healthcheck-required.html
   */
  public static readonly AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED = 'AUTOSCALING_GROUP_ELB_HEALTHCHECK_REQUIRED';
  /**
   * Checks whether only IMDSv2 is enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launchconfig-requires-imdsv2.html
   */
  public static readonly AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2 = 'AUTOSCALING_LAUNCHCONFIG_REQUIRES_IMDSV2';
  /**
   * Checks the number of network hops that the metadata token can travel.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-hop-limit.html
   */
  public static readonly AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT = 'AUTOSCALING_LAUNCH_CONFIG_HOP_LIMIT';
  /**
   * Checks if Amazon EC2 Auto Scaling groups have public IP addresses enabled through Launch Configurations.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-public-ip-disabled.html
   */
  public static readonly AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED = 'AUTOSCALING_LAUNCH_CONFIG_PUBLIC_IP_DISABLED';
  /**
   * Checks if an Amazon Elastic Compute Cloud (EC2) Auto Scaling group is created from an EC2 launch template.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-template.html
   */
  public static readonly AUTOSCALING_LAUNCH_TEMPLATE = 'AUTOSCALING_LAUNCH_TEMPLATE';
  /**
   * Checks if the Auto Scaling group spans multiple Availability Zones.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-az.html
   */
  public static readonly AUTOSCALING_MULTIPLE_AZ = 'AUTOSCALING_MULTIPLE_AZ';
  /**
   * Checks if an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling group uses multiple instance types.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-instance-types.html
   */
  public static readonly AUTOSCALING_MULTIPLE_INSTANCE_TYPES = 'AUTOSCALING_MULTIPLE_INSTANCE_TYPES';
  /**
   * Checks if a backup plan has a backup rule that satisfies the required frequency and retention period.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-plan-min-frequency-and-min-retention-check.html
   */
  public static readonly BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK = 'BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK';
  /**
   * Checks if a recovery point is encrypted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-encrypted.html
   */
  public static readonly BACKUP_RECOVERY_POINT_ENCRYPTED = 'BACKUP_RECOVERY_POINT_ENCRYPTED';
  /**
   * Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-manual-deletion-disabled.html
   */
  public static readonly BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED = 'BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED';
  /**
   * Checks if a recovery point expires no earlier than after the specified period.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-minimum-retention-check.html
   */
  public static readonly BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK = 'BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK';
  /**
   * Checks if an AWS Elastic Beanstalk environment is configured for enhanced health reporting.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/beanstalk-enhanced-health-reporting-enabled.html
   */
  public static readonly BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED = 'BEANSTALK_ENHANCED_HEALTH_REPORTING_ENABLED';
  /**
   * Checks if Classic Load Balancers (CLB) are configured with a user defined Desync mitigation mode.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/clb-desync-mode-check.html
   */
  public static readonly CLB_DESYNC_MODE_CHECK = 'CLB_DESYNC_MODE_CHECK';
  /**
   * Checks if a Classic Load Balancer spans multiple Availability Zones (AZs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/clb-multiple-az.html
   */
  public static readonly CLB_MULTIPLE_AZ = 'CLB_MULTIPLE_AZ';
  /**
   * Checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted,
   * from its expected configuration.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-drift-detection-check.html
   */
  public static readonly CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK = 'CLOUDFORMATION_STACK_DRIFT_DETECTION_CHECK';
  /**
   * Checks whether your CloudFormation stacks are sending event notifications to an SNS topic.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-notification-check.html
   */
  public static readonly CLOUDFORMATION_STACK_NOTIFICATION_CHECK = 'CLOUDFORMATION_STACK_NOTIFICATION_CHECK';
  /**
   * Checks if Amazon CloudFront distributions are configured to capture information from
   * Amazon Simple Storage Service (Amazon S3) server access logs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-accesslogs-enabled.html
   */
  public static readonly CLOUDFRONT_ACCESSLOGS_ENABLED = 'CLOUDFRONT_ACCESSLOGS_ENABLED';
  /**
   * Checks if Amazon CloudFront distributions are associated with either WAF or WAFv2 web access control lists (ACLs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-associated-with-waf.html
   */
  public static readonly CLOUDFRONT_ASSOCIATED_WITH_WAF = 'CLOUDFRONT_ASSOCIATED_WITH_WAF';
  /**
   * Checks if the certificate associated with an Amazon CloudFront distribution is the default Secure Sockets Layer (SSL) certificate.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-custom-ssl-certificate.html
   */
  public static readonly CLOUDFRONT_CUSTOM_SSL_CERTIFICATE = 'CLOUDFRONT_CUSTOM_SSL_CERTIFICATE';
  /**
   * Checks if an Amazon CloudFront distribution is configured to return a specific object that is the default root object.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-default-root-object-configured.html
   */
  public static readonly CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED = 'CLOUDFRONT_DEFAULT_ROOT_OBJECT_CONFIGURED';
  /**
   * Checks if CloudFront distributions are using deprecated SSL protocols for HTTPS communication between
   * CloudFront edge locations and custom origins.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-no-deprecated-ssl-protocols.html
   */
  public static readonly CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS = 'CLOUDFRONT_NO_DEPRECATED_SSL_PROTOCOLS';
  /**
   * Checks that Amazon CloudFront distribution with Amazon S3 Origin type has Origin Access Identity (OAI) configured.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-access-identity-enabled.html
   */
  public static readonly CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED = 'CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ENABLED';
  /**
   * Checks whether an origin group is configured for the distribution of at least 2 origins in the
   * origin group for Amazon CloudFront.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-failover-enabled.html
   */
  public static readonly CLOUDFRONT_ORIGIN_FAILOVER_ENABLED = 'CLOUDFRONT_ORIGIN_FAILOVER_ENABLED';
  /**
   * Checks if Amazon CloudFront distributions are using a minimum security policy and cipher suite of TLSv1.2 or
   * greater for viewer connections.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-security-policy-check.html
   */
  public static readonly CLOUDFRONT_SECURITY_POLICY_CHECK = 'CLOUDFRONT_SECURITY_POLICY_CHECK';
  /**
   * Checks if Amazon CloudFront distributions are using a custom SSL certificate and are configured
   * to use SNI to serve HTTPS requests.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-sni-enabled.html
   */
  public static readonly CLOUDFRONT_SNI_ENABLED = 'CLOUDFRONT_SNI_ENABLED';
  /**
   * Checks if Amazon CloudFront distributions are encrypting traffic to custom origins.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-traffic-to-origin-encrypted.html
   */
  public static readonly CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED = 'CLOUDFRONT_TRAFFIC_TO_ORIGIN_ENCRYPTED';
  /**
   * Checks whether your Amazon CloudFront distributions use HTTPS (directly or via a redirection).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-viewer-policy-https.html
   */
  public static readonly CLOUDFRONT_VIEWER_POLICY_HTTPS = 'CLOUDFRONT_VIEWER_POLICY_HTTPS';
  /**
   * Checks whether AWS CloudTrail trails are configured to send logs to Amazon CloudWatch Logs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-cloud-watch-logs-enabled.html
   */
  public static readonly CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED = 'CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED';
  /**
   * Checks whether AWS CloudTrail is enabled in your AWS account.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html
   */
  public static readonly CLOUD_TRAIL_ENABLED = 'CLOUD_TRAIL_ENABLED';
  /**
   * Checks whether AWS CloudTrail is configured to use the server side encryption (SSE)
   * AWS Key Management Service (AWS KMS) customer master key (CMK) encryption.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-encryption-enabled.html
   */
  public static readonly CLOUD_TRAIL_ENCRYPTION_ENABLED = 'CLOUD_TRAIL_ENCRYPTION_ENABLED';
  /**
   * Checks whether AWS CloudTrail creates a signed digest file with logs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloud-trail-log-file-validation-enabled.html
   */
  public static readonly CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED = 'CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED';
  /**
   * Checks whether at least one AWS CloudTrail trail is logging Amazon S3 data events for all S3 buckets.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-dataevents-enabled.html
   */
  public static readonly CLOUDTRAIL_S3_DATAEVENTS_ENABLED = 'CLOUDTRAIL_S3_DATAEVENTS_ENABLED';
  /**
   * Checks that there is at least one AWS CloudTrail trail defined with security best practices.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-security-trail-enabled.html
   */
  public static readonly CLOUDTRAIL_SECURITY_TRAIL_ENABLED = 'CLOUDTRAIL_SECURITY_TRAIL_ENABLED';
  /**
   * Checks whether CloudWatch alarms have at least one alarm action, one INSUFFICIENT_DATA action,
   * or one OK action enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-check.html
   */
  public static readonly CLOUDWATCH_ALARM_ACTION_CHECK = 'CLOUDWATCH_ALARM_ACTION_CHECK';
  /**
   * Checks if Amazon CloudWatch alarms actions are in enabled state.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-enabled-check.html
   */
  public static readonly CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK = 'CLOUDWATCH_ALARM_ACTION_ENABLED_CHECK';
  /**
   * Checks whether the specified resource type has a CloudWatch alarm for the specified metric.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-resource-check.html
   */
  public static readonly CLOUDWATCH_ALARM_RESOURCE_CHECK = 'CLOUDWATCH_ALARM_RESOURCE_CHECK';
  /**
   * Checks whether CloudWatch alarms with the given metric name have the specified settings.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-settings-check.html
   */
  public static readonly CLOUDWATCH_ALARM_SETTINGS_CHECK = 'CLOUDWATCH_ALARM_SETTINGS_CHECK';
  /**
   * Checks whether a log group in Amazon CloudWatch Logs is encrypted with
   * a AWS Key Management Service (KMS) managed Customer Master Keys (CMK).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-log-group-encrypted.html
   */
  public static readonly CLOUDWATCH_LOG_GROUP_ENCRYPTED = 'CLOUDWATCH_LOG_GROUP_ENCRYPTED';
  /**
   * Checks that key rotation is enabled for each key and matches to the key ID of the
   * customer created customer master key (CMK).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cmk-backing-key-rotation-enabled.html
   */
  public static readonly CMK_BACKING_KEY_ROTATION_ENABLED = 'CMK_BACKING_KEY_ROTATION_ENABLED';
  /**
   * Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-artifact-encryption.html
   */
  public static readonly CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION = 'CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION';
  /**
   * Checks if an AWS CodeBuild project environment has privileged mode enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-environment-privileged-check.html
   */
  public static readonly CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK = 'CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK';
  /**
   * Checks whether the project contains environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-envvar-awscred-check.html
   */
  public static readonly CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK = 'CODEBUILD_PROJECT_ENVVAR_AWSCRED_CHECK';
  /**
   * Checks if an AWS CodeBuild project environment has at least one log option enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-logging-enabled.html
   */
  public static readonly CODEBUILD_PROJECT_LOGGING_ENABLED = 'CODEBUILD_PROJECT_LOGGING_ENABLED';
  /**
   * Checks if a AWS CodeBuild project configured with Amazon S3 Logs has encryption enabled for its logs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-s3-logs-encrypted.html
   */
  public static readonly CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED = 'CODEBUILD_PROJECT_S3_LOGS_ENCRYPTED';
  /**
   * Checks whether the GitHub or Bitbucket source repository URL contains either personal access tokens
   * or user name and password.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-source-repo-url-check.html
   */
  public static readonly CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK = 'CODEBUILD_PROJECT_SOURCE_REPO_URL_CHECK';
  /**
   * Checks if the deployment group is configured with automatic deployment rollback and
   * deployment monitoring with alarms attached.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-auto-rollback-monitor-enabled.html
   */
  public static readonly CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED = 'CODEDEPLOY_AUTO_ROLLBACK_MONITOR_ENABLED';
  /**
   * Checks if the deployment group for EC2/On-Premises Compute Platform is configured with
   * a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-ec2-minimum-healthy-hosts-configured.html
   */
  public static readonly CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED = 'CODEDEPLOY_EC2_MINIMUM_HEALTHY_HOSTS_CONFIGURED';
  /**
   * Checks if the deployment group for Lambda Compute Platform is not using the default deployment configuration.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-lambda-allatonce-traffic-shift-disabled.html
   */
  public static readonly CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED = 'CODEDEPLOY_LAMBDA_ALLATONCE_TRAFFIC_SHIFT_DISABLED';
  /**
   * Checks whether the first deployment stage of the AWS CodePipeline performs more than one deployment.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-deployment-count-check.html
   */
  public static readonly CODEPIPELINE_DEPLOYMENT_COUNT_CHECK = 'CODEPIPELINE_DEPLOYMENT_COUNT_CHECK';
  /**
   * Checks whether each stage in the AWS CodePipeline deploys to more than N times the number of
   * the regions the AWS CodePipeline has deployed in all the previous combined stages,
   * where N is the region fanout number.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/codepipeline-region-fanout-check.html
   */
  public static readonly CODEPIPELINE_REGION_FANOUT_CHECK = 'CODEPIPELINE_REGION_FANOUT_CHECK';
  /**
   * Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/cw-loggroup-retention-period-check.html
   */
  public static readonly CW_LOGGROUP_RETENTION_PERIOD_CHECK = 'CW_LOGGROUP_RETENTION_PERIOD_CHECK';
  /**
   * Checks that DynamoDB Accelerator (DAX) clusters are encrypted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dax-encryption-enabled.html
   */
  public static readonly DAX_ENCRYPTION_ENABLED = 'DAX_ENCRYPTION_ENABLED';
  /**
   * Checks whether RDS DB instances have backups enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/db-instance-backup-enabled.html
   */
  public static readonly RDS_DB_INSTANCE_BACKUP_ENABLED = 'DB_INSTANCE_BACKUP_ENABLED';
  /**
   * Checks instances for specified tenancy.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-tenancy.html
   */
  public static readonly EC2_DESIRED_INSTANCE_TENANCY = 'DESIRED_INSTANCE_TENANCY';
  /**
   * Checks whether your EC2 instances are of the specified instance types.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/desired-instance-type.html
   */
  public static readonly EC2_DESIRED_INSTANCE_TYPE = 'DESIRED_INSTANCE_TYPE';
  /**
   * Checks whether AWS Database Migration Service replication instances are public.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-not-public.html
   */
  public static readonly DMS_REPLICATION_NOT_PUBLIC = 'DMS_REPLICATION_NOT_PUBLIC';
  /**
   * Checks whether Auto Scaling or On-Demand is enabled on your DynamoDB tables and/or global secondary indexes.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-autoscaling-enabled.html
   */
  public static readonly DYNAMODB_AUTOSCALING_ENABLED = 'DYNAMODB_AUTOSCALING_ENABLED';
  /**
   * Checks whether Amazon DynamoDB table is present in AWS Backup plans.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-in-backup-plan.html
   */
  public static readonly DYNAMODB_IN_BACKUP_PLAN = 'DYNAMODB_IN_BACKUP_PLAN';
  /**
   * Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-last-backup-recovery-point-created.html
   */
  public static readonly DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED = 'DYNAMODB_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-pitr-enabled.html
   */
  public static readonly DYNAMODB_PITR_ENABLED = 'DYNAMODB_PITR_ENABLED';
  /**
   * Checks if Amazon DynamoDB tables are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-resources-protected-by-backup-plan.html
   */
  public static readonly DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'DYNAMODB_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encrypted-kms.html
   */
  public static readonly DYNAMODB_TABLE_ENCRYPTED_KMS = 'DYNAMODB_TABLE_ENCRYPTED_KMS';
  /**
   * Checks whether the Amazon DynamoDB tables are encrypted and checks their status.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-encryption-enabled.html
   */
  public static readonly DYNAMODB_TABLE_ENCRYPTION_ENABLED = 'DYNAMODB_TABLE_ENCRYPTION_ENABLED';
  /**
   * Checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-throughput-limit-check.html
   */
  public static readonly DYNAMODB_THROUGHPUT_LIMIT_CHECK = 'DYNAMODB_THROUGHPUT_LIMIT_CHECK';
  /**
   * Checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-in-backup-plan.html
   */
  public static readonly EBS_IN_BACKUP_PLAN = 'EBS_IN_BACKUP_PLAN';
  /**
   * Checks whether Amazon Elastic File System (Amazon EFS) file systems are added
   * in the backup plans of AWS Backup.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-in-backup-plan.html
   */
  public static readonly EFS_IN_BACKUP_PLAN = 'EFS_IN_BACKUP_PLAN';
  /**
   * Check that Amazon Elastic Block Store (EBS) encryption is enabled by default.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-ebs-encryption-by-default.html
   */
  public static readonly EC2_EBS_ENCRYPTION_BY_DEFAULT = 'EC2_EBS_ENCRYPTION_BY_DEFAULT';
  /**
   * Checks whether EBS optimization is enabled for your EC2 instances that can be EBS-optimized.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-optimized-instance.html
   */
  public static readonly EBS_OPTIMIZED_INSTANCE = 'EBS_OPTIMIZED_INSTANCE';
  /**
   * Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-resources-protected-by-backup-plan.html
   */
  public static readonly EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'EBS_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks whether Amazon Elastic Block Store snapshots are not publicly restorable.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-public-restorable-check.html
   */
  public static readonly EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK = 'EBS_SNAPSHOT_PUBLIC_RESTORABLE_CHECK';
  /**
   * Checks whether detailed monitoring is enabled for EC2 instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-detailed-monitoring-enabled.html
   */
  public static readonly EC2_INSTANCE_DETAILED_MONITORING_ENABLED = 'EC2_INSTANCE_DETAILED_MONITORING_ENABLED';
  /**
   * Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html
   */
  public static readonly EC2_INSTANCE_MANAGED_BY_SSM = 'EC2_INSTANCE_MANAGED_BY_SSM';
  /**
   * Checks if an Amazon Elastic Compute Cloud (Amazon EC2) instance has an Identity and Access
   * Management (IAM) profile attached to it. This rule is NON_COMPLIANT if no IAM profile is
   * attached to the Amazon EC2 instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-profile-attached.html
   */
  public static readonly EC2_INSTANCE_PROFILE_ATTACHED = 'EC2_INSTANCE_PROFILE_ATTACHED';
  /**
   * Checks if Amazon Elastic Compute Cloud (Amazon EC2) uses multiple ENIs (Elastic Network Interfaces)
   * or Elastic Fabric Adapters (EFAs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-multiple-eni-check.html
   */
  public static readonly EC2_INSTANCE_MULTIPLE_ENI_CHECK = 'EC2_INSTANCE_MULTIPLE_ENI_CHECK';
  /**
   * Checks whether Amazon Elastic Compute Cloud (Amazon EC2) instances have a public IP association.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-no-public-ip.html
   */
  public static readonly EC2_INSTANCE_NO_PUBLIC_IP = 'EC2_INSTANCE_NO_PUBLIC_IP';
  /**
   * Checks if a recovery point was created for Amazon Elastic Compute Cloud (Amazon EC2) instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-last-backup-recovery-point-created.html
   */
  public static readonly EC2_LAST_BACKUP_RECOVERY_POINT_CREATED = 'EC2_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks whether your EC2 instances belong to a virtual private cloud (VPC).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html
   */
  public static readonly EC2_INSTANCES_IN_VPC = 'INSTANCES_IN_VPC';
  /**
   * Checks that none of the specified applications are installed on the instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-blacklisted.html
   */
  public static readonly EC2_MANAGED_INSTANCE_APPLICATIONS_BLOCKED = 'EC2_MANAGEDINSTANCE_APPLICATIONS_BLACKLISTED';
  /**
   * Checks whether all of the specified applications are installed on the instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-applications-required.html
   */
  public static readonly EC2_MANAGED_INSTANCE_APPLICATIONS_REQUIRED = 'EC2_MANAGEDINSTANCE_APPLICATIONS_REQUIRED';
  /**
   * Checks whether the compliance status of AWS Systems Manager association compliance is COMPLIANT
   * or NON_COMPLIANT after the association execution on the instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-association-compliance-status-check.html
   */
  public static readonly EC2_MANAGED_INSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK = 'EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK';
  /**
   * Checks whether instances managed by AWS Systems Manager are configured to collect blocked inventory types.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-inventory-blacklisted.html
   */
  public static readonly EC2_MANAGED_INSTANCE_INVENTORY_BLOCKED = 'EC2_MANAGEDINSTANCE_INVENTORY_BLACKLISTED';
  /**
   * Checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is
   * COMPLIANT or NON_COMPLIANT after the patch installation on the instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-patch-compliance-status-check.html
   */
  public static readonly EC2_MANAGED_INSTANCE_PATCH_COMPLIANCE_STATUS_CHECK = 'EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK';
  /**
   * Checks whether EC2 managed instances have the desired configurations.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-managedinstance-platform-check.html
   */
  public static readonly EC2_MANAGED_INSTANCE_PLATFORM_CHECK = 'EC2_MANAGEDINSTANCE_PLATFORM_CHECK';
  /**
   * Checks if running Amazon Elastic Compute Cloud (EC2) instances are launched using amazon key pairs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-no-amazon-key-pair.html
   */
  public static readonly EC2_NO_AMAZON_KEY_PAIR = 'EC2_NO_AMAZON_KEY_PAIR';
  /**
   * Checks if the virtualization type of an EC2 instance is paravirtual.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-paravirtual-instance-check.html
   */
  public static readonly EC2_PARAVIRTUAL_INSTANCE_CHECK = 'EC2_PARAVIRTUAL_INSTANCE_CHECK';
  /**
   * Checks if Amazon Elastic Compute Cloud (Amazon EC2) instances are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-resources-protected-by-backup-plan.html
   */
  public static readonly EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'EC2_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks that security groups are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances
   * or to an elastic network interface.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni.html
   */
  public static readonly EC2_SECURITY_GROUP_ATTACHED_TO_ENI = 'EC2_SECURITY_GROUP_ATTACHED_TO_ENI';
  /**
   * Checks if non-default security groups are attached to Elastic network interfaces (ENIs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni-periodic.html
   */
  public static readonly EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC = 'EC2_SECURITY_GROUP_ATTACHED_TO_ENI_PERIODIC';
  /**
   * Checks whether there are instances stopped for more than the allowed number of days.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html
   */
  public static readonly EC2_STOPPED_INSTANCE = 'EC2_STOPPED_INSTANCE';
  /**
   * Checks if an Amazon Elastic Compute Cloud (EC2) instance metadata
   * has a specified token hop limit that is below the desired limit.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-token-hop-limit-check.html
   */
  public static readonly EC2_TOKEN_HOP_LIMIT_CHECK = 'EC2_TOKEN_HOP_LIMIT_CHECK';
  /**
   * Checks if Amazon Elastic Compute Cloud (Amazon EC2) Transit Gateways have 'AutoAcceptSharedAttachments' enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-transit-gateway-auto-vpc-attach-disabled.html
   */
  public static readonly EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED = 'EC2_TRANSIT_GATEWAY_AUTO_VPC_ATTACH_DISABLED';
  /**
   * Checks whether EBS volumes are attached to EC2 instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html
   */
  public static readonly EC2_VOLUME_INUSE_CHECK = 'EC2_VOLUME_INUSE_CHECK';
  /**
   * Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-image-scanning-enabled.html
   */
  public static readonly ECR_PRIVATE_IMAGE_SCANNING_ENABLED = 'ECR_PRIVATE_IMAGE_SCANNING_ENABLED';
  /**
   * Checks if a private Amazon Elastic Container Registry (ECR) repository has at least one lifecycle policy configured.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-lifecycle-policy-configured.html
   */
  public static readonly ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED = 'ECR_PRIVATE_LIFECYCLE_POLICY_CONFIGURED';
  /**
   * Checks if a private Amazon Elastic Container Registry (ECR) repository has tag immutability enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-tag-immutability-enabled.html
   */
  public static readonly ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED = 'ECR_PRIVATE_TAG_IMMUTABILITY_ENABLED';
  /**
   * Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-awsvpc-networking-enabled.html
   */
  public static readonly ECS_AWSVPC_NETWORKING_ENABLED = 'ECS_AWSVPC_NETWORKING_ENABLED';
  /**
   * Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-instances-in-vpc.html
   */
  public static readonly ECS_CONTAINERS_NONPRIVILEGED = 'ECS_CONTAINERS_NONPRIVILEGED';
  /**
   * Checks if Amazon Elastic Container Service (Amazon ECS) Containers only have read-only access to its root filesystems.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html
   */
  public static readonly ECS_CONTAINERS_READONLY_ACCESS = 'ECS_CONTAINERS_READONLY_ACCESS';
  /**
   * Checks if Amazon Elastic Container Service clusters have container insights enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-container-insights-enabled.html
   */
  public static readonly ECS_CONTAINER_INSIGHTS_ENABLED = 'ECS_CONTAINER_INSIGHTS_ENABLED';
  /**
   * Checks if Amazon Elastic Container Service (ECS) Fargate Services
   * is running on the latest Fargate platform version.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-fargate-latest-platform-version.html
   */
  public static readonly ECS_FARGATE_LATEST_PLATFORM_VERSION = 'ECS_FARGATE_LATEST_PLATFORM_VERSION';
  /**
   * Checks if secrets are passed as container environment variables.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-no-environment-secrets.html
   */
  public static readonly ECS_NO_ENVIRONMENT_SECRETS = 'ECS_NO_ENVIRONMENT_SECRETS';
  /**
   * Checks if logConfiguration is set on active ECS Task Definitions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-log-configuration.html
   */
  public static readonly ECS_TASK_DEFINITION_LOG_CONFIGURATION = 'ECS_TASK_DEFINITION_LOG_CONFIGURATION';
  /**
   * Checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-memory-hard-limit.html
   */
  public static readonly ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT = 'ECS_TASK_DEFINITION_MEMORY_HARD_LIMIT';
  /**
   * Checks if ECSTaskDefinitions specify a user
   * for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-nonroot-user.html
   */
  public static readonly ECS_TASK_DEFINITION_NONROOT_USER = 'ECS_TASK_DEFINITION_NONROOT_USER';
  /**
   * Checks if ECSTaskDefinitions are configured to share a host’s process namespace
   * with its Amazon Elastic Container Service (Amazon ECS) containers.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-stopped-instance.html
   */
  public static readonly ECS_TASK_DEFINITION_PID_MODE_CHECK = 'ECS_TASK_DEFINITION_PID_MODE_CHECK';
  /**
   * Checks if an Amazon Elastic Container Service (Amazon ECS) task definition
   * with host networking mode has 'privileged' or 'user' container definitions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html
   */
  public static readonly EC2_VOLUME_IECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECKNUSE_CHECK = 'ECS_TASK_DEFINITION_USER_FOR_HOST_MODE_CHECK';
  /**
   * Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a root directory.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-access-point-enforce-root-directory.html
   */
  public static readonly EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY = 'EFS_ACCESS_POINT_ENFORCE_ROOT_DIRECTORY';
  /**
   * Checks if Amazon Elastic File System (Amazon EFS) access points are configured to enforce a user identity.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-volume-inuse-check.html
   */
  public static readonly EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY = 'EFS_ACCESS_POINT_ENFORCE_USER_IDENTITY';
  /**
   * hecks whether Amazon Elastic File System (Amazon EFS) is configured to encrypt the file data
   * using AWS Key Management Service (AWS KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-encrypted-check.html
   */
  public static readonly EFS_ENCRYPTED_CHECK = 'EFS_ENCRYPTED_CHECK';
  /**
   * Checks if a recovery point was created for Amazon Elastic File System (Amazon EFS) File Systems.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-last-backup-recovery-point-created.html
   */
  public static readonly EFS_LAST_BACKUP_RECOVERY_POINT_CREATED = 'EFS_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks if Amazon Elastic File System (Amazon EFS) File Systems are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/efs-resources-protected-by-backup-plan.html
   */
  public static readonly EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'EFS_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks whether all Elastic IP addresses that are allocated to a VPC are attached to
   * EC2 instances or in-use elastic network interfaces (ENIs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/eip-attached.html
   */
  public static readonly EIP_ATTACHED = 'EIP_ATTACHED';
  /**
   * Checks whether Amazon Elasticsearch Service (Amazon ES) domains have encryption
   * at rest configuration enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-encrypted-at-rest.html
   */
  public static readonly ELASTICSEARCH_ENCRYPTED_AT_REST = 'ELASTICSEARCH_ENCRYPTED_AT_REST';
  /**
   * Checks whether Amazon Elasticsearch Service (Amazon ES) domains are in
   * Amazon Virtual Private Cloud (Amazon VPC).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-in-vpc-only.html
   */
  public static readonly ELASTICSEARCH_IN_VPC_ONLY = 'ELASTICSEARCH_IN_VPC_ONLY';
  /**
   * Check if the Amazon ElastiCache Redis clusters have automatic backup turned on.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticache-redis-cluster-automatic-backup-check.html
   */
  public static readonly ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK = 'ELASTICACHE_REDIS_CLUSTER_AUTOMATIC_BACKUP_CHECK';
  /**
   * Checks whether your Amazon Elastic Compute Cloud (Amazon EC2) instance metadata version
   * is configured with Instance Metadata Service Version 2 (IMDSv2).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ec2-imdsv2-check.html
   */
  public static readonly EC2_IMDSV2_CHECK = 'EC2_IMDSV2_CHECK';
  /**
   * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running the oldest supported version.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-oldest-supported-version.html
   */
  public static readonly EKS_CLUSTER_OLDEST_SUPPORTED_VERSION = 'EKS_CLUSTER_OLDEST_SUPPORTED_VERSION';
  /**
   * Checks if an Amazon Elastic Kubernetes Service (EKS) cluster is running a supported Kubernetes version.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-supported-version.html
   */
  public static readonly EKS_CLUSTER_SUPPORTED_VERSION = 'EKS_CLUSTER_SUPPORTED_VERSION';
  /**
   * Checks whether Amazon Elastic Kubernetes Service (Amazon EKS) endpoint is not publicly accessible.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-endpoint-no-public-access.html
   */
  public static readonly EKS_ENDPOINT_NO_PUBLIC_ACCESS = 'EKS_ENDPOINT_NO_PUBLIC_ACCESS';
  /**
   * Checks whether Amazon Elastic Kubernetes Service clusters are configured to have Kubernetes
   * secrets encrypted using AWS Key Management Service (KMS) keys.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/eks-secrets-encrypted.html
   */
  public static readonly EKS_SECRETS_ENCRYPTED = 'EKS_SECRETS_ENCRYPTED';
  /**
   * Check that Amazon ElasticSearch Service nodes are encrypted end to end.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-node-to-node-encryption-check.html
   */
  public static readonly ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK = 'ELASTICSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK';
  /**
   * Checks if managed platform updates in an AWS Elastic Beanstalk environment is enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elastic-beanstalk-managed-updates-enabled.html
   */
  public static readonly ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED = 'ELASTIC_BEANSTALK_MANAGED_UPDATES_ENABLED';
  /**
   * Checks if Application Load Balancers and Network Load Balancers
   * have listeners that are configured to use certificates from AWS Certificate Manager (ACM).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elbv2-acm-certificate-required.html
   */
  public static readonly ELBV2_ACM_CERTIFICATE_REQUIRED = 'ELBV2_ACM_CERTIFICATE_REQUIRED';
  /**
   * Checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer)
   * has registered instances from multiple Availability Zones (AZ's).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elbv2-multiple-az.html
   */
  public static readonly ELBV2_MULTIPLE_AZ = 'ELBV2_MULTIPLE_AZ';
  /**
   * Checks if cross-zone load balancing is enabled for the Classic Load Balancers (CLBs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-cross-zone-load-balancing-enabled.html
   */
  public static readonly ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED = 'ELB_CROSS_ZONE_LOAD_BALANCING_ENABLED';
  /**
   * Checks whether your Classic Load Balancer is configured with SSL or HTTPS listeners.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-tls-https-listeners-only.html
   */
  public static readonly ELB_TLS_HTTPS_LISTENERS_ONLY = 'ELB_TLS_HTTPS_LISTENERS_ONLY';
  /**
   * Checks whether the Classic Load Balancers use SSL certificates provided by AWS Certificate Manager.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-acm-certificate-required.html
   */
  public static readonly ELB_ACM_CERTIFICATE_REQUIRED = 'ELB_ACM_CERTIFICATE_REQUIRED';
  /**
   * Checks whether your Classic Load Balancer SSL listeners are using a custom policy.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-custom-security-policy-ssl-check.html
   */
  public static readonly ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK = 'ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK';
  /**
   * Checks whether Elastic Load Balancing has deletion protection enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-deletion-protection-enabled.html
   */
  public static readonly ELB_DELETION_PROTECTION_ENABLED = 'ELB_DELETION_PROTECTION_ENABLED';
  /**
   * Checks whether the Application Load Balancer and the Classic Load Balancer have logging enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-logging-enabled.html
   */
  public static readonly ELB_LOGGING_ENABLED = 'ELB_LOGGING_ENABLED';
  /**
   * Checks whether your Classic Load Balancer SSL listeners are using a predefined policy.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/elb-predefined-security-policy-ssl-check.html
   */
  public static readonly ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK = 'ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK';
  /**
   * Checks that Amazon EMR clusters have Kerberos enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/emr-kerberos-enabled.html
   */
  public static readonly EMR_KERBEROS_ENABLED = 'EMR_KERBEROS_ENABLED';
  /**
   * Checks whether Amazon Elastic MapReduce (EMR) clusters' master nodes have public IPs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/emr-master-no-public-ip.html
   */
  public static readonly EMR_MASTER_NO_PUBLIC_IP = 'EMR_MASTER_NO_PUBLIC_IP';
  /**
   * Checks whether the EBS volumes that are in an attached state are encrypted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html
   */
  public static readonly EBS_ENCRYPTED_VOLUMES = 'ENCRYPTED_VOLUMES';
  /**
   * Checks whether the security groups associated inScope resources are compliant with the
   * master security groups at each rule level based on allowSecurityGroup and denySecurityGroup flag.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-audit-policy-check.html
   *
   * @deprecated Inactive managed rule
   *
   */
  public static readonly FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK = 'FMS_SECURITY_GROUP_AUDIT_POLICY_CHECK';
  /**
   * Checks whether AWS Firewall Manager created security groups content is the same as the master security groups.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-content-check.html
   *
   * @deprecated Inactive managed rule
   *
   */
  public static readonly FMS_SECURITY_GROUP_CONTENT_CHECK = 'FMS_SECURITY_GROUP_CONTENT_CHECK';
  /**
   * Checks whether Amazon EC2 or an elastic network interface is associated with AWS Firewall Manager security groups.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-security-group-resource-association-check.html
   *
   * @deprecated Inactive managed rule
   *
   */
  public static readonly FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK = 'FMS_SECURITY_GROUP_RESOURCE_ASSOCIATION_CHECK';
  /**
   * Checks whether an Application Load Balancer, Amazon CloudFront distributions,
   * Elastic Load Balancer or Elastic IP has AWS Shield protection.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-shield-resource-policy-check.html
   */
  public static readonly FMS_SHIELD_RESOURCE_POLICY_CHECK = 'FMS_SHIELD_RESOURCE_POLICY_CHECK';
  /**
   * Checks whether the web ACL is associated with an Application Load Balancer, API Gateway stage,
   * or Amazon CloudFront distributions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-resource-policy-check.html
   */
  public static readonly FMS_WEBACL_RESOURCE_POLICY_CHECK = 'FMS_WEBACL_RESOURCE_POLICY_CHECK';
  /**
   * Checks that the rule groups associate with the web ACL at the correct priority.
   * The correct priority is decided by the rank of the rule groups in the ruleGroups parameter.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fms-webacl-rulegroup-association-check.html
   */
  public static readonly FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK = 'FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK';
  /**
   * Checks if a recovery point was created for Amazon FSx File Systems.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fsx-last-backup-recovery-point-created.html
   */
  public static readonly FSX_LAST_BACKUP_RECOVERY_POINT_CREATED = 'FSX_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks if Amazon FSx File Systems are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/fsx-resources-protected-by-backup-plan.html
   */
  public static readonly FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'FSX_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks whether Amazon GuardDuty is enabled in your AWS account and region. If you provide an AWS account for centralization,
   * the rule evaluates the Amazon GuardDuty results in the centralized account.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/guardduty-enabled-centralized.html
   */
  public static readonly GUARDDUTY_ENABLED_CENTRALIZED = 'GUARDDUTY_ENABLED_CENTRALIZED';
  /**
   * Checks whether the Amazon GuardDuty has findings that are non archived.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/guardduty-non-archived-findings.html
   */
  public static readonly GUARDDUTY_NON_ARCHIVED_FINDINGS = 'GUARDDUTY_NON_ARCHIVED_FINDINGS';
  /**
   * Checks that inline policy feature is not in use.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-no-inline-policy-check.html
   */
  public static readonly IAM_NO_INLINE_POLICY_CHECK = 'IAM_NO_INLINE_POLICY_CHECK';
  /**
   * Checks whether IAM groups have at least one IAM user.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-group-has-users-check.html
   */
  public static readonly IAM_GROUP_HAS_USERS_CHECK = 'IAM_GROUP_HAS_USERS_CHECK';
  /**
   * Checks whether the account password policy for IAM users meets the specified requirements
   * indicated in the parameters.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html
   */
  public static readonly IAM_PASSWORD_POLICY = 'IAM_PASSWORD_POLICY';
  /**
   * Checks whether for each IAM resource, a policy ARN in the input parameter is attached to the IAM resource.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-blacklisted-check.html
   */
  public static readonly IAM_POLICY_BLOCKED_CHECK = 'IAM_POLICY_BLACKLISTED_CHECK';
  /**
   * Checks whether the IAM policy ARN is attached to an IAM user, or an IAM group with one or more IAM users,
   * or an IAM role with one or more trusted entity.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-in-use.html
   */
  public static readonly IAM_POLICY_IN_USE = 'IAM_POLICY_IN_USE';
  /**
   * Checks the IAM policies that you create for Allow statements that grant permissions to all actions on all resources.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-admin-access.html
   */
  public static readonly IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS = 'IAM_POLICY_NO_STATEMENTS_WITH_ADMIN_ACCESS';
  /**
   * Checks if AWS Identity and Access Management (IAM) policies that you create grant permissions to all actions on individual AWS resources.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-full-access.html
   */
  public static readonly IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS = 'IAM_POLICY_NO_STATEMENTS_WITH_FULL_ACCESS';
  /**
   * Checks that AWS Identity and Access Management (IAM) policies in a list of policies are attached to all AWS roles.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-role-managed-policy-check.html
   */
  public static readonly IAM_ROLE_MANAGED_POLICY_CHECK = 'IAM_ROLE_MANAGED_POLICY_CHECK';
  /**
   * Checks whether the root user access key is available.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html
   */
  public static readonly IAM_ROOT_ACCESS_KEY_CHECK = 'IAM_ROOT_ACCESS_KEY_CHECK';
  /**
   * Checks whether IAM users are members of at least one IAM group.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-group-membership-check.html
   */
  public static readonly IAM_USER_GROUP_MEMBERSHIP_CHECK = 'IAM_USER_GROUP_MEMBERSHIP_CHECK';
  /**
   * Checks whether the AWS Identity and Access Management users have multi-factor authentication (MFA) enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-mfa-enabled.html
   */
  public static readonly IAM_USER_MFA_ENABLED = 'IAM_USER_MFA_ENABLED';
  /**
   * Checks that none of your IAM users have policies attached. IAM users must inherit permissions from IAM groups or roles.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-no-policies-check.html
   */
  public static readonly IAM_USER_NO_POLICIES_CHECK = 'IAM_USER_NO_POLICIES_CHECK';
  /**
   * Checks whether your AWS Identity and Access Management (IAM) users have passwords or
   * active access keys that have not been used within the specified number of days you provided.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html
   */
  public static readonly IAM_USER_UNUSED_CREDENTIALS_CHECK = 'IAM_USER_UNUSED_CREDENTIALS_CHECK';
  /**
   * Checks that Internet gateways (IGWs) are only attached to an authorized Amazon Virtual Private Cloud (VPCs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/internet-gateway-authorized-vpc-only.html
   */
  public static readonly INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY = 'INTERNET_GATEWAY_AUTHORIZED_VPC_ONLY';
  /**
   * Checks if Amazon Kinesis streams are encrypted at rest with server-side encryption.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/kinesis-stream-encrypted.html
   */
  public static readonly KINESIS_STREAM_ENCRYPTED = 'KINESIS_STREAM_ENCRYPTED';
  /**
   * Checks whether customer master keys (CMKs) are not scheduled for deletion in AWS Key Management Service (KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/kms-cmk-not-scheduled-for-deletion.html
   */
  public static readonly KMS_CMK_NOT_SCHEDULED_FOR_DELETION = 'KMS_CMK_NOT_SCHEDULED_FOR_DELETION';
  /**
   * Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-concurrency-check.html
   */
  public static readonly LAMBDA_CONCURRENCY_CHECK = 'LAMBDA_CONCURRENCY_CHECK';
  /**
   * Checks whether an AWS Lambda function is configured with a dead-letter queue.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-dlq-check.html
   */
  public static readonly LAMBDA_DLQ_CHECK = 'LAMBDA_DLQ_CHECK';
  /**
   * Checks whether the AWS Lambda function policy attached to the Lambda resource prohibits public access.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-public-access-prohibited.html
   */
  public static readonly LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED = 'LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED';
  /**
   * Checks that the lambda function settings for runtime, role, timeout, and memory size match the expected values.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-settings-check.html
   */
  public static readonly LAMBDA_FUNCTION_SETTINGS_CHECK = 'LAMBDA_FUNCTION_SETTINGS_CHECK';
  /**
   * Checks whether an AWS Lambda function is in an Amazon Virtual Private Cloud.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-inside-vpc.html
   */
  public static readonly LAMBDA_INSIDE_VPC = 'LAMBDA_INSIDE_VPC';
  /**
   * Checks if Lambda has more than 1 availability zone associated.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/lambda-vpc-multi-az-check.html
   */
  public static readonly LAMBDA_VPC_MULTI_AZ_CHECK = 'LAMBDA_VPC_MULTI_AZ_CHECK';
  /**
   * Checks whether AWS Multi-Factor Authentication (MFA) is enabled for all IAM users that use a console password.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/mfa-enabled-for-iam-console-access.html
   */
  public static readonly MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS = 'MFA_ENABLED_FOR_IAM_CONSOLE_ACCESS';
  /**
   * Checks that there is at least one multi-region AWS CloudTrail.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/multi-region-cloudtrail-enabled.html
   */
  public static readonly CLOUDTRAIL_MULTI_REGION_ENABLED = 'MULTI_REGION_CLOUD_TRAIL_ENABLED';
  /**
   * Checks if default ports for SSH/RDP ingress traffic for network access control lists (NACLs) is unrestricted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/nacl-no-unrestricted-ssh-rdp.html
   */
  public static readonly NACL_NO_UNRESTRICTED_SSH_RDP = 'NACL_NO_UNRESTRICTED_SSH_RDP';
  /**
   * Checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-fragment-packets.html
   */
  public static readonly NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS = 'NETFW_POLICY_DEFAULT_ACTION_FRAGMENT_PACKETS';
  /**
   * Checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-full-packets.html
   */
  public static readonly NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS = 'NETFW_POLICY_DEFAULT_ACTION_FULL_PACKETS';
  /**
   * Check AWS Network Firewall policy is associated with stateful OR stateless rule groups.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-rule-group-associated.html
   */
  public static readonly NETFW_POLICY_RULE_GROUP_ASSOCIATED = 'NETFW_POLICY_RULE_GROUP_ASSOCIATED';
  /**
   * Checks if a Stateless Network Firewall Rule Group contains rules.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/netfw-stateless-rule-group-not-empty.html
   */
  public static readonly NETFW_STATELESS_RULE_GROUP_NOT_EMPTY = 'NETFW_STATELESS_RULE_GROUP_NOT_EMPTY';
  /**
   * Checks if cross-zone load balancing is enabled on Network Load Balancers (NLBs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/nlb-cross-zone-load-balancing-enabled.html
   */
  public static readonly NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED = 'NLB_CROSS_ZONE_LOAD_BALANCING_ENABLED';
  /**
   * Checks if Amazon OpenSearch Service domains have fine-grained access control enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-access-control-enabled.html
   */
  public static readonly OPENSEARCH_ACCESS_CONTROL_ENABLED = 'OPENSEARCH_ACCESS_CONTROL_ENABLED';
  /**
   * Checks if Amazon OpenSearch Service domains have audit logging enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-audit-logging-enabled.html
   */
  public static readonly OPENSEARCH_AUDIT_LOGGING_ENABLED = 'OPENSEARCH_AUDIT_LOGGING_ENABLED';
  /**
   * Checks if Amazon OpenSearch Service domains are configured with at least three data nodes and zoneAwarenessEnabled is true.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-data-node-fault-tolerance.html
   */
  public static readonly OPENSEARCH_DATA_NODE_FAULT_TOLERANCE = 'OPENSEARCH_DATA_NODE_FAULT_TOLERANCE';
  /**
   * Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-encrypted-at-rest.html
   */
  public static readonly OPENSEARCH_ENCRYPTED_AT_REST = 'OPENSEARCH_ENCRYPTED_AT_REST';
  /**
   * Checks whether connections to OpenSearch domains are using HTTPS.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-https-required.html
   */
  public static readonly OPENSEARCH_HTTPS_REQUIRED = 'OPENSEARCH_HTTPS_REQUIRED';
  /**
   * Checks if Amazon OpenSearch Service domains are in an Amazon Virtual Private Cloud (VPC).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-in-vpc-only.html
   */
  public static readonly OPENSEARCH_IN_VPC_ONLY = 'OPENSEARCH_IN_VPC_ONLY';
  /**
   * Checks if Amazon OpenSearch Service domains are configured to send logs to Amazon CloudWatch Logs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-logs-to-cloudwatch.html
   */
  public static readonly OPENSEARCH_LOGS_TO_CLOUDWATCH = 'OPENSEARCH_LOGS_TO_CLOUDWATCH';
  /**
   * Check if Amazon OpenSearch Service nodes are encrypted end to end.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/opensearch-node-to-node-encryption-check.html
   */
  public static readonly OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK = 'OPENSEARCH_NODE_TO_NODE_ENCRYPTION_CHECK';
  /**
   * Checks if Amazon Relational Database Service (RDS) database instances are configured for automatic minor version upgrades.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-automatic-minor-version-upgrade-enabled.html
   */
  public static readonly RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED = 'RDS_AUTOMATIC_MINOR_VERSION_UPGRADE_ENABLED';
  /**
   * Checks if an Amazon Relational Database Service (Amazon RDS) database cluster has changed the admin username from its default value.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-default-admin-check.html
   */
  public static readonly RDS_CLUSTER_DEFAULT_ADMIN_CHECK = 'RDS_CLUSTER_DEFAULT_ADMIN_CHECK';
  /**
   * Checks if an Amazon Relational Database Service (Amazon RDS) cluster has deletion protection enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-deletion-protection-enabled.html
   */
  public static readonly RDS_CLUSTER_DELETION_PROTECTION_ENABLED = 'RDS_CLUSTER_DELETION_PROTECTION_ENABLED';
  /**
   * Checks if an Amazon RDS Cluster has AWS Identity and Access Management (IAM) authentication enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-iam-authentication-enabled.html
   */
  public static readonly RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED = 'RDS_CLUSTER_IAM_AUTHENTICATION_ENABLED';
  /**
   * Checks if Multi-AZ replication is enabled on Amazon Aurora and Hermes clusters managed by Amazon Relational Database Service (Amazon RDS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-multi-az-enabled.html
   */
  public static readonly RDS_CLUSTER_MULTI_AZ_ENABLED = 'RDS_CLUSTER_MULTI_AZ_ENABLED';
  /**
   * Checks if an Amazon Relational Database Service (Amazon RDS) database has changed the admin username from its default value.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-default-admin-check.html
   */
  public static readonly RDS_INSTANCE_DEFAULT_ADMIN_CHECK = 'RDS_INSTANCE_DEFAULT_ADMIN_CHECK';
  /**
   *Checks if there are any Amazon Relational Database Service (RDS) DB security groups that are not the default DB security group.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-db-security-group-not-allowed.html
   */
  public static readonly RDS_DB_SECURITY_GROUP_NOT_ALLOWED = 'RDS_DB_SECURITY_GROUP_NOT_ALLOWED';
  /**
   * Checks if an Amazon Relational Database Service (Amazon RDS) instance has deletion protection enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-deletion-protection-enabled.html
   */
  public static readonly RDS_INSTANCE_DELETION_PROTECTION_ENABLED = 'RDS_INSTANCE_DELETION_PROTECTION_ENABLED';
  /**
   * Checks if an Amazon RDS instance has AWS Identity and Access Management (IAM) authentication enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-iam-authentication-enabled.html
   */
  public static readonly RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED = 'RDS_INSTANCE_IAM_AUTHENTICATION_ENABLED';
  /**
   * Checks that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-logging-enabled.html
   */
  public static readonly RDS_LOGGING_ENABLED = 'RDS_LOGGING_ENABLED';
  /**
   * Checks that Amazon Redshift automated snapshots are enabled for clusters.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-backup-enabled.html
   */
  public static readonly REDSHIFT_BACKUP_ENABLED = 'REDSHIFT_BACKUP_ENABLED';
  /**
   * Checks whether enhanced monitoring is enabled for Amazon Relational Database Service (Amazon RDS) instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-enhanced-monitoring-enabled.html
   */
  public static readonly RDS_ENHANCED_MONITORING_ENABLED = 'RDS_ENHANCED_MONITORING_ENABLED';
  /**
   * Checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshot-encrypted.html
   */
  public static readonly RDS_SNAPSHOT_ENCRYPTED = 'RDS_SNAPSHOT_ENCRYPTED';
  /**
   * Checks whether Amazon Redshift clusters require TLS/SSL encryption to connect to SQL clients.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-require-tls-ssl.html
   */
  public static readonly REDSHIFT_REQUIRE_TLS_SSL = 'REDSHIFT_REQUIRE_TLS_SSL';
  /**
   * Checks whether Amazon RDS database is present in back plans of AWS Backup.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-in-backup-plan.html
   */
  public static readonly RDS_IN_BACKUP_PLAN = 'RDS_IN_BACKUP_PLAN';
  /**
   * Checks if a recovery point was created for Amazon Relational Database Service (Amazon RDS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-last-backup-recovery-point-created.html
   */
  public static readonly RDS_LAST_BACKUP_RECOVERY_POINT_CREATED = 'RDS_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Check whether the Amazon Relational Database Service instances are not publicly accessible.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-public-access-check.html
   */
  public static readonly RDS_INSTANCE_PUBLIC_ACCESS_CHECK = 'RDS_INSTANCE_PUBLIC_ACCESS_CHECK';
  /**
   * Checks whether high availability is enabled for your RDS DB instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-multi-az-support.html
   */
  public static readonly RDS_MULTI_AZ_SUPPORT = 'RDS_MULTI_AZ_SUPPORT';
  /**
   * Checks if Amazon Relational Database Service (Amazon RDS) instances are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-resources-protected-by-backup-plan.html
   */
  public static readonly RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'RDS_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks if Amazon Relational Database Service (Amazon RDS) snapshots are public.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-snapshots-public-prohibited.html
   */
  public static readonly RDS_SNAPSHOTS_PUBLIC_PROHIBITED = 'RDS_SNAPSHOTS_PUBLIC_PROHIBITED';
  /**
   * Checks whether storage encryption is enabled for your RDS DB instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html
   */
  public static readonly RDS_STORAGE_ENCRYPTED = 'RDS_STORAGE_ENCRYPTED';
  /**
   * Checks if Amazon Redshift clusters are logging audits to a specific bucket.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-audit-logging-enabled.html
   */
  public static readonly REDSHIFT_AUDIT_LOGGING_ENABLED = 'REDSHIFT_AUDIT_LOGGING_ENABLED';
  /**
   * Checks whether Amazon Redshift clusters have the specified settings.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-configuration-check.html
   */
  public static readonly REDSHIFT_CLUSTER_CONFIGURATION_CHECK = 'REDSHIFT_CLUSTER_CONFIGURATION_CHECK';
  /**
   * Checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-kms-enabled.html
   */
  public static readonly REDSHIFT_CLUSTER_KMS_ENABLED = 'REDSHIFT_CLUSTER_KMS_ENABLED';
  /**
   * Checks whether Amazon Redshift clusters have the specified maintenance settings.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-maintenancesettings-check.html
   */
  public static readonly REDSHIFT_CLUSTER_MAINTENANCE_SETTINGS_CHECK = 'REDSHIFT_CLUSTER_MAINTENANCESETTINGS_CHECK';
  /**
   * Checks whether Amazon Redshift clusters are not publicly accessible.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-public-access-check.html
   */
  public static readonly REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK = 'REDSHIFT_CLUSTER_PUBLIC_ACCESS_CHECK';
  /**
   * Checks if an Amazon Redshift cluster has changed the admin username from its default value.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-admin-check.html
   */
  public static readonly REDSHIFT_DEFAULT_ADMIN_CHECK = 'REDSHIFT_DEFAULT_ADMIN_CHECK';
  /**
   * Checks if a Redshift cluster has changed its database name from the default value.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-db-name-check.html
   */
  public static readonly REDSHIFT_DEFAULT_DB_NAME_CHECK = 'REDSHIFT_DEFAULT_DB_NAME_CHECK';
  /**
   * Checks if Amazon Redshift cluster has 'enhancedVpcRouting' enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/redshift-enhanced-vpc-routing-enabled.html
   */
  public static readonly REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED = 'REDSHIFT_ENHANCED_VPC_ROUTING_ENABLED';
  /**
   * Checks whether your resources have the tags that you specify.
   * For example, you can check whether your Amazon EC2 instances have the CostCenter tag.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
   */
  public static readonly REQUIRED_TAGS = 'REQUIRED_TAGS';
  /**
   * Checks whether the security groups in use do not allow unrestricted incoming TCP traffic to the specified ports.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/restricted-common-ports.html
   */
  public static readonly EC2_SECURITY_GROUPS_RESTRICTED_INCOMING_TRAFFIC = 'RESTRICTED_INCOMING_TRAFFIC';
  /**
   * Checks whether the incoming SSH traffic for the security groups is accessible.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/restricted-ssh.html
   */
  public static readonly EC2_SECURITY_GROUPS_INCOMING_SSH_DISABLED = 'INCOMING_SSH_DISABLED';
  /**
   * Checks whether your AWS account is enabled to use multi-factor authentication (MFA) hardware
   * device to sign in with root credentials.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/root-account-hardware-mfa-enabled.html
   */
  public static readonly ROOT_ACCOUNT_HARDWARE_MFA_ENABLED = 'ROOT_ACCOUNT_HARDWARE_MFA_ENABLED';
  /**
   * Checks whether users of your AWS account require a multi-factor authentication (MFA) device
   * to sign in with root credentials.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html
   */
  public static readonly ROOT_ACCOUNT_MFA_ENABLED = 'ROOT_ACCOUNT_MFA_ENABLED';
  /**
   * Checks whether Amazon Simple Storage Service (Amazon S3) bucket has lock enabled, by default.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-default-lock-enabled.html
   */
  public static readonly S3_BUCKET_DEFAULT_LOCK_ENABLED = 'S3_BUCKET_DEFAULT_LOCK_ENABLED';
  /**
   * Checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted
   * with AWS Key Management Service (AWS KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-default-encryption-kms.html
   */
  public static readonly S3_DEFAULT_ENCRYPTION_KMS = 'S3_DEFAULT_ENCRYPTION_KMS';
  /**
   * Checks that AWS Security Hub is enabled for an AWS account.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/securityhub-enabled.html
   */
  public static readonly SECURITYHUB_ENABLED = 'SECURITYHUB_ENABLED';
  /**
   * Checks whether Amazon SNS topic is encrypted with AWS Key Management Service (AWS KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/sns-encrypted-kms.html
   */
  public static readonly SNS_ENCRYPTED_KMS = 'SNS_ENCRYPTED_KMS';
  /**
   * Checks if Amazon Simple Notification Service (SNS) logging is enabled
   * for the delivery status of notification messages sent to a topic for the endpoints.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-message-delivery-notification-enabled.html
   */
  public static readonly SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED = 'SNS_TOPIC_MESSAGE_DELIVERY_NOTIFICATION_ENABLED';
  /**
   * Checks if AWS Systems Manager documents owned by the account are public.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/ssm-document-not-public.html
   */
  public static readonly SSM_DOCUMENT_NOT_PUBLIC = 'SSM_DOCUMENT_NOT_PUBLIC';
  /**
   * Checks if a recovery point was created for AWS Storage Gateway volumes.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/storagegateway-last-backup-recovery-point-created.html
   */
  public static readonly STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED = 'STORAGEGATEWAY_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * hecks if Amazon Virtual Private Cloud (Amazon VPC) subnets are assigned a public IP address.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/subnet-auto-assign-public-ip-disabled.html
   */
  public static readonly SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED = 'SUBNET_AUTO_ASSIGN_PUBLIC_IP_DISABLED';
  /**
   * Checks whether the required public access block settings are configured from account level.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks.html
   */
  public static readonly S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS = 'S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS';
  /**
   * Checks if the required public access block settings are configured from account level.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks-periodic.html
   */
  public static readonly S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC = 'S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS_PERIODIC';
  /**
   * Checks if Amazon Simple Storage Service (Amazon S3) Buckets allow user permissions through access control lists (ACLs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html
   */
  public static readonly S3_BUCKET_ACL_PROHIBITED = 'S3_BUCKET_ACL_PROHIBITED';
  /**
   * Checks if the Amazon Simple Storage Service bucket policy does not allow blacklisted bucket-level
   * and object-level actions on resources in the bucket for principals from other AWS accounts.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-blacklisted-actions-prohibited.html
   */
  public static readonly S3_BUCKET_BLOCKED_ACTIONS_PROHIBITED = 'S3_BUCKET_BLACKLISTED_ACTIONS_PROHIBITED';
  /**
   * Checks if Amazon Simple Storage Service (Amazon S3) buckets are publicly accessible.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-level-public-access-prohibited.html
   */
  public static readonly S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED = 'S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED';
  /**
   * Checks whether logging is enabled for your S3 buckets.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-logging-enabled.html
   */
  public static readonly S3_BUCKET_LOGGING_ENABLED = 'S3_BUCKET_LOGGING_ENABLED';
  /**
   * Checks that the access granted by the Amazon S3 bucket is restricted by any of the AWS principals, federated users,
   * service principals, IP addresses, or VPCs that you provide.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-grantee-check.html
   */
  public static readonly S3_BUCKET_POLICY_GRANTEE_CHECK = 'S3_BUCKET_POLICY_GRANTEE_CHECK';
  /**
   * Checks if your Amazon Simple Storage Service bucket policies do not allow other inter-account permissions
   * than the control Amazon S3 bucket policy that you provide.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy-not-more-permissive.html
   */
  public static readonly S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE = 'S3_BUCKET_POLICY_NOT_MORE_PERMISSIVE';
  /**
   * Checks if your Amazon S3 buckets do not allow public read access.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-read-prohibited.html
   */
  public static readonly S3_BUCKET_PUBLIC_READ_PROHIBITED = 'S3_BUCKET_PUBLIC_READ_PROHIBITED';
  /**
   * Checks that your Amazon S3 buckets do not allow public write access.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-public-write-prohibited.html
   */
  public static readonly S3_BUCKET_PUBLIC_WRITE_PROHIBITED = 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED';
  /**
   * Checks whether S3 buckets have cross-region replication enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-replication-enabled.html
   */
  public static readonly S3_BUCKET_REPLICATION_ENABLED = 'S3_BUCKET_REPLICATION_ENABLED';
  /**
   * Checks that your Amazon S3 bucket either has Amazon S3 default encryption enabled or that the
   * S3 bucket policy explicitly denies put-object requests without server side encryption that
   * uses AES-256 or AWS Key Management Service.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html
   */
  public static readonly S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED = 'S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED';
  /**
   * Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-ssl-requests-only.html
   */
  public static readonly S3_BUCKET_SSL_REQUESTS_ONLY = 'S3_BUCKET_SSL_REQUESTS_ONLY';
  /**
   * Checks whether versioning is enabled for your S3 buckets.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-versioning-enabled.html
   */
  public static readonly S3_BUCKET_VERSIONING_ENABLED = 'S3_BUCKET_VERSIONING_ENABLED';
  /**
   * Checks if Amazon S3 Events Notifications are enabled on an S3 bucket.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-event-notifications-enabled.html
   */
  public static readonly S3_EVENT_NOTIFICATIONS_ENABLED = 'S3_EVENT_NOTIFICATIONS_ENABLED';
  /**
   * Checks if a recovery point was created for Amazon Simple Storage Service (Amazon S3).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-last-backup-recovery-point-created.html
   */
  public static readonly S3_LAST_BACKUP_RECOVERY_POINT_CREATED = 'S3_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks if a lifecycle rule is configured for an Amazon Simple Storage Service (Amazon S3) bucket.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-lifecycle-policy-check.html
   */
  public static readonly S3_LIFECYCLE_POLICY_CHECK = 'S3_LIFECYCLE_POLICY_CHECK';
  /**
   * Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-resources-protected-by-backup-plan.html
   */
  public static readonly S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'S3_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks if Amazon Simple Storage Service (Amazon S3) version enabled buckets have lifecycle policy configured.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/s3-version-lifecycle-policy-check.html
   */
  public static readonly S3_VERSION_LIFECYCLE_POLICY_CHECK = 'S3_VERSION_LIFECYCLE_POLICY_CHECK';
  /**
   * Checks whether AWS Key Management Service (KMS) key is configured for an Amazon SageMaker endpoint configuration.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-endpoint-configuration-kms-key-configured.html
   */
  public static readonly SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED = 'SAGEMAKER_ENDPOINT_CONFIGURATION_KMS_KEY_CONFIGURED';
  /**
   * Check whether an AWS Key Management Service (KMS) key is configured for SageMaker notebook instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-kms-key-configured.html
   */
  public static readonly SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED = 'SAGEMAKER_NOTEBOOK_INSTANCE_KMS_KEY_CONFIGURED';
  /**
   * Checks whether direct internet access is disabled for an Amazon SageMaker notebook instance.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-no-direct-internet-access.html
   */
  public static readonly SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS = 'SAGEMAKER_NOTEBOOK_NO_DIRECT_INTERNET_ACCESS';
  /**
   * Checks whether AWS Secrets Manager secret has rotation enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-rotation-enabled-check.html
   */
  public static readonly SECRETSMANAGER_ROTATION_ENABLED_CHECK = 'SECRETSMANAGER_ROTATION_ENABLED_CHECK';
  /**
   * Checks whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-scheduled-rotation-success-check.html
   */
  public static readonly SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK = 'SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK';
  /**
   * Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-periodic-rotation.html
   */
  public static readonly SECRETSMANAGER_SECRET_PERIODIC_ROTATION = 'SECRETSMANAGER_SECRET_PERIODIC_ROTATION';
  /**
   * Checks if AWS Secrets Manager secrets have been accessed within a specified number of days.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-unused.html
   */
  public static readonly SECRETSMANAGER_SECRET_UNUSED = 'SECRETSMANAGER_SECRET_UNUSED';
  /**
   * Checks if all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager)
   * or a customer managed key that was created in AWS Key Management Service (AWS KMS).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-using-cmk.html
   */
  public static readonly SECRETSMANAGER_USING_CMK = 'SECRETSMANAGER_USING_CMK';
  /**
   * Checks whether Service Endpoint for the service provided in rule parameter is created for each Amazon VPC.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/service-vpc-endpoint-enabled.html
   */
  public static readonly SERVICE_VPC_ENDPOINT_ENABLED = 'SERVICE_VPC_ENDPOINT_ENABLED';
  /**
   * Checks whether EBS volumes are attached to EC2 instances.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/shield-advanced-enabled-autorenew.html
   */
  public static readonly SHIELD_ADVANCED_ENABLED_AUTO_RENEW = 'SHIELD_ADVANCED_ENABLED_AUTORENEW';
  /**
   * Verify that DDoS response team (DRT) can access AWS account.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/shield-drt-access.html
   */
  public static readonly SHIELD_DRT_ACCESS = 'SHIELD_DRT_ACCESS';
  /**
   * Checks if a recovery point was created for AWS Backup-Gateway VirtualMachines.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-last-backup-recovery-point-created.html
   */
  public static readonly VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED = 'VIRTUALMACHINE_LAST_BACKUP_RECOVERY_POINT_CREATED';
  /**
   * Checks if AWS Backup-Gateway VirtualMachines are protected by a backup plan.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-resources-protected-by-backup-plan.html
   */
  public static readonly VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN = 'VIRTUALMACHINE_RESOURCES_PROTECTED_BY_BACKUP_PLAN';
  /**
   * Checks that the default security group of any Amazon Virtual Private Cloud (VPC) does not
   * allow inbound or outbound traffic. The rule returns NOT_APPLICABLE if the security group
   * is not default.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-default-security-group-closed.html
   */
  public static readonly VPC_DEFAULT_SECURITY_GROUP_CLOSED = 'VPC_DEFAULT_SECURITY_GROUP_CLOSED';
  /**
   * Checks whether Amazon Virtual Private Cloud flow logs are found and enabled for Amazon VPC.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-flow-logs-enabled.html
   */
  public static readonly VPC_FLOW_LOGS_ENABLED = 'VPC_FLOW_LOGS_ENABLED';
  /**
   * Checks if there are unused network access control lists (network ACLs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-network-acl-unused-check.html
   */
  public static readonly VPC_NETWORK_ACL_UNUSED_CHECK = 'VPC_NETWORK_ACL_UNUSED_CHECK';
  /**
   * Checks if DNS resolution from accepter/requester VPC to private IP is enabled.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-peering-dns-resolution-check.html
   */
  public static readonly VPC_PEERING_DNS_RESOLUTION_CHECK = 'VPC_PEERING_DNS_RESOLUTION_CHECK';
  /**
   * Checks whether the security group with 0.0.0.0/0 of any Amazon Virtual Private Cloud (Amazon VPC)
   * allows only specific inbound TCP or UDP traffic.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-open-only-to-authorized-ports.html
   */
  public static readonly VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS = 'VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS';
  /**
   * Checks that both AWS Virtual Private Network tunnels provided by AWS Site-to-Site VPN are in
   * UP status.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/vpc-vpn-2-tunnels-up.html
   */
  public static readonly VPC_VPN_2_TUNNELS_UP = 'VPC_VPN_2_TUNNELS_UP';
  /**
   * Checks if logging is enabled on AWS Web Application Firewall (WAF) classic global web ACLs.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-classic-logging-enabled.html
   */
  public static readonly WAF_CLASSIC_LOGGING_ENABLED = 'WAF_CLASSIC_LOGGING_ENABLED';
  /**
   * Checks whether logging is enabled on AWS Web Application Firewall (WAFV2) regional and global
   * web access control list (ACLs).
   * @see https://docs.aws.amazon.com/config/latest/developerguide/wafv2-logging-enabled.html
   */
  public static readonly WAFV2_LOGGING_ENABLED = 'WAFV2_LOGGING_ENABLED';
  /**
   * Checks if an AWS WAF Classic rule group contains any rules.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rulegroup-not-empty.html
   */
  public static readonly WAF_GLOBAL_RULEGROUP_NOT_EMPTY = 'WAF_GLOBAL_RULEGROUP_NOT_EMPTY';
  /**
   * Checks if an AWS WAF global rule contains any conditions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rule-not-empty.html
   */
  public static readonly WAF_GLOBAL_RULE_NOT_EMPTY = 'WAF_GLOBAL_RULE_NOT_EMPTY';
  /**
   * Checks whether a WAF Global Web ACL contains any WAF rules or rule groups.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-global-webacl-not-empty.html
   */
  public static readonly WAF_GLOBAL_WEBACL_NOT_EMPTY = 'WAF_GLOBAL_WEBACL_NOT_EMPTY';
  /**
   * Checks if WAF Regional rule groups contain any rules.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rulegroup-not-empty.html
   */
  public static readonly WAF_REGIONAL_RULEGROUP_NOT_EMPTY = 'WAF_REGIONAL_RULEGROUP_NOT_EMPTY';
  /**
   * Checks whether WAF regional rule contains conditions.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rule-not-empty.html
   */
  public static readonly WAF_REGIONAL_RULE_NOT_EMPTY = 'WAF_REGIONAL_RULE_NOT_EMPTY';
  /**
   * Checks if a WAF regional Web ACL contains any WAF rules or rule groups.
   * @see https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-webacl-not-empty.html
   */
  public static readonly WAF_REGIONAL_WEBACL_NOT_EMPTY = 'WAF_REGIONAL_WEBACL_NOT_EMPTY';

  // utility class
  private constructor() { }
}

/**
 * Resources types that are supported by AWS Config
 * @see https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html
 */
export class ResourceType {
  /** API Gateway Stage */
  public static readonly APIGATEWAY_STAGE = new ResourceType('AWS::ApiGateway::Stage');
  /** API Gatewayv2 Stage */
  public static readonly APIGATEWAYV2_STAGE = new ResourceType('AWS::ApiGatewayV2::Stage');
  /** API Gateway REST API */
  public static readonly APIGATEWAY_REST_API = new ResourceType('AWS::ApiGateway::RestApi');
  /** API Gatewayv2 API */
  public static readonly APIGATEWAYV2_API = new ResourceType('AWS::ApiGatewayV2::Api');
  /** Amazon CloudFront Distribution */
  public static readonly CLOUDFRONT_DISTRIBUTION = new ResourceType('AWS::CloudFront::Distribution');
  /** Amazon CloudFront streaming distribution */
  public static readonly CLOUDFRONT_STREAMING_DISTRIBUTION = new ResourceType('AWS::CloudFront::StreamingDistribution');
  /** Amazon CloudWatch Alarm */
  public static readonly CLOUDWATCH_ALARM = new ResourceType('AWS::CloudWatch::Alarm');
  /** Amazon CloudWatch RUM */
  public static readonly CLOUDWATCH_RUM_APP_MONITOR = new ResourceType('AWS::RUM::AppMonitor');
  /** Amazon DynamoDB Table */
  public static readonly DYNAMODB_TABLE = new ResourceType('AWS::DynamoDB::Table');
  /** Elastic Block Store (EBS) volume */
  public static readonly EBS_VOLUME = new ResourceType('AWS::EC2::Volume');
  /** EC2 host */
  public static readonly EC2_HOST = new ResourceType('AWS::EC2::Host');
  /** EC2 Elastic IP */
  public static readonly EC2_EIP = new ResourceType('AWS::EC2::EIP');
  /** EC2 instance */
  public static readonly EC2_INSTANCE = new ResourceType('AWS::EC2::Instance');
  /** EC2 Network Interface */
  public static readonly EC2_NETWORK_INTERFACE = new ResourceType('AWS::EC2::NetworkInterface');
  /** EC2 security group */
  public static readonly EC2_SECURITY_GROUP = new ResourceType('AWS::EC2::SecurityGroup');
  /** EC2 NAT gateway */
  public static readonly EC2_NAT_GATEWAY = new ResourceType('AWS::EC2::NatGateway');
  /** EC2 Egress only internet gateway */
  public static readonly EC2_EGRESS_ONLY_INTERNET_GATEWAY = new ResourceType('AWS::EC2::EgressOnlyInternetGateway');
  /** EC2 flow log */
  public static readonly EC2_FLOW_LOG = new ResourceType('AWS::EC2::FlowLog');
  /** EC2 transit gateway */
  public static readonly EC2_TRANSIT_GATEWAY = new ResourceType('AWS::EC2::TransitGateway');
  /** EC2 transit gateway attachment */
  public static readonly EC2_TRANSIT_GATEWAY_ATTACHMENT = new ResourceType('AWS::EC2::TransitGatewayAttachment');
  /** EC2 transit gateway route table */
  public static readonly EC2_TRANSIT_GATEWAY_ROUTE_TABLE = new ResourceType('AWS::EC2::TransitGatewayRouteTable');
  /** EC2 VPC endpoint */
  public static readonly EC2_VPC_ENDPOINT = new ResourceType('AWS::EC2::VPCEndpoint');
  /** EC2 VPC endpoint service */
  public static readonly EC2_VPC_ENDPOINT_SERVICE = new ResourceType('AWS::EC2::VPCEndpointService');
  /** EC2 VPC peering connection */
  public static readonly EC2_VPC_PEERING_CONNECTION = new ResourceType('AWS::EC2::VPCPeeringConnection');
  /** EC2 registered HA instance */
  public static readonly EC2_REGISTERED_HA_INSTANCE = new ResourceType('AWS::EC2::RegisteredHAInstance');
  /** EC2 launch template */
  public static readonly EC2_LAUNCH_TEMPLATE = new ResourceType('AWS::EC2::LaunchTemplate');
  /** EC2 Network Insights Access Scope Analysis */
  public static readonly EC2_NETWORK_INSIGHTS_ACCESS_SCOPE_ANALYSIS = new ResourceType('AWS::EC2::NetworkInsightsAccessScopeAnalysis');
  /** EC2 Image Builder ContainerRecipe */
  public static readonly IMAGEBUILDER_CONTAINER_RECIPE = new ResourceType('AWS::ImageBuilder::ContainerRecipe');
  /** EC2 Image Builder DistributionConfiguration */
  public static readonly IMAGEBUILDER_DISTRIBUTION_CONFIGURATION = new ResourceType('AWS::ImageBuilder::DistributionConfiguration');
  /** EC2 Image Builder InfrastructureConfiguration */
  public static readonly IMAGEBUILDER_INFRASTRUCTURE_CONFIGURATION = new ResourceType('AWS::ImageBuilder::InfrastructureConfiguration');
  /** Amazon ECR repository */
  public static readonly ECR_REPOSITORY = new ResourceType('AWS::ECR::Repository');
  /** Amazon ECR registry policy */
  public static readonly ECR_REGISTRY_POLICY = new ResourceType('AWS::ECR::RegistryPolicy');
  /** Amazon ECR public repository */
  public static readonly ECR_PUBLIC_REPOSITORY = new ResourceType('AWS::ECR::PublicRepository');
  /** Amazon ECS cluster */
  public static readonly ECS_CLUSTER = new ResourceType('AWS::ECS::Cluster');
  /** Amazon ECS task definition */
  public static readonly ECS_TASK_DEFINITION = new ResourceType('AWS::ECS::TaskDefinition');
  /** Amazon ECS service */
  public static readonly ECS_SERVICE = new ResourceType('AWS::ECS::Service');
  /** Amazon EFS file system */
  public static readonly EFS_FILE_SYSTEM = new ResourceType('AWS::EFS::FileSystem');
  /** Amazon EFS access point */
  public static readonly EFS_ACCESS_POINT = new ResourceType('AWS::EFS::AccessPoint');
  /** Amazon Elastic Kubernetes Service cluster */
  public static readonly EKS_CLUSTER = new ResourceType('AWS::EKS::Cluster');
  /** Amazon Elastic Kubernetes Service identity provider config */
  public static readonly EKS_IDENTITY_PROVIDER_CONFIG = new ResourceType('AWS::EKS::IdentityProviderConfig');
  /** Amazon Elastic Kubernetes Service addon */
  public static readonly EKS_ADDON = new ResourceType('AWS::EKS::Addon');
  /** Amazon EMR security configuration */
  public static readonly EMR_SECURITY_CONFIGURATION = new ResourceType('AWS::EMR::SecurityConfiguration');
  /** Amazon EventBridge EventBus */
  public static readonly EVENTBRIDGE_EVENTBUS = new ResourceType('AWS::Events::EventBus');
  /** Amazon EventBridge Api Destination */
  public static readonly EVENTBRIDGE_API_DESTINATION = new ResourceType('AWS::Events::ApiDestination');
  /** Amazon EventBridge Archive */
  public static readonly EVENTBRIDGE_ARCHIVE = new ResourceType('AWS::Events::Archive');
  /** Amazon EventBridge Endpoint */
  public static readonly EVENTBRIDGE_ENDPOINT = new ResourceType('AWS::Events::Endpoint');
  /** Amazon EventBridge EventSchemas registry */
  public static readonly EVENTSCHEMAS_REGISTRY = new ResourceType('AWS::EventSchemas::Registry');
  /** Amazon EventBridge EventSchemas registry policy */
  public static readonly EVENTSCHEMAS_REGISTRY_POLICY = new ResourceType('AWS::EventSchemas::RegistryPolicy');
  /** Amazon EventBridge EventSchemas discoverer */
  public static readonly EVENTSCHEMAS_DISCOVERER = new ResourceType('AWS::EventSchemas::Discoverer');
  /** AWS FraudDetector label */
  public static readonly FRAUDDETECTOR_LABEL = new ResourceType('AWS::FraudDetector::Label');
  /** AWS FraudDetector entity type */
  public static readonly FRAUDDETECTOR_ENTITY_TYPE = new ResourceType('AWS::FraudDetector::EntityType');
  /** AWS FraudDetector variable */
  public static readonly FRAUDDETECTOR_VARIABLE = new ResourceType('AWS::FraudDetector::Variable');
  /** AWS FraudDetector outcome */
  public static readonly FRAUDDETECTOR_OUTCOME = new ResourceType('AWS::FraudDetector::Outcome');
  /** Amazon GuardDuty detector */
  public static readonly GUARDDUTY_DETECTOR = new ResourceType('AWS::GuardDuty::Detector');
  /** Amazon GuardDuty Threat Intel Set */
  public static readonly GUARDDUTY_THREAT_INTEL_SET = new ResourceType('AWS::GuardDuty::ThreatIntelSet');
  /** Amazon GuardDuty IP Set */
  public static readonly GUARDDUTY_IP_SET = new ResourceType(' AWS::GuardDuty::IPSet');
  /** Amazon GuardDuty Filter */
  public static readonly GUARDDUTY_FILTER = new ResourceType('AWS::GuardDuty::Filter');
  /** Amazon ElasticSearch domain */
  public static readonly ELASTICSEARCH_DOMAIN = new ResourceType('AWS::Elasticsearch::Domain');
  /** Amazon Interactive Video Service (IVS) channel */
  public static readonly IVS_CHANNEL = new ResourceType('AWS::IVS::Channel');
  /** Amazon Interactive Video Service (IVS) recording configuration */
  public static readonly IVS_RECORDING_CONFIGURATION = new ResourceType('AWS::IVS::RecordingConfiguration');
  /** Amazon Interactive Video Service (IVS) playback key pair */
  public static readonly IVS_PLAYBACK_KEYPAIR = new ResourceType('AWS::IVS::PlaybackKeyPair');
  /** Amazon OpenSearch domain */
  public static readonly OPENSEARCH_DOMAIN = new ResourceType('AWS::OpenSearch::Domain');
  /** Amazon QLDB ledger */
  public static readonly QLDB_LEDGER = new ResourceType('AWS::QLDB::Ledger');
  /** Amazon Kinesis stream */
  public static readonly KINESIS_STREAM = new ResourceType('AWS::Kinesis::Stream');
  /** Amazon Kinesis stream consumer */
  public static readonly KINESIS_STREAM_CONSUMER = new ResourceType('AWS::Kinesis::StreamConsumer');
  /** Amazon Kinesis Analytics V2 application */
  public static readonly KINESIS_ANALYTICS_V2_APPLICATION = new ResourceType('AWS::KinesisAnalyticsV2::Application');
  /** Amazon Lightsail Certificate */
  public static readonly LIGHTSAIL_CERTIFICATE = new ResourceType('AWS::Lightsail::Certificate');
  /** Amazon Lightsail Disk */
  public static readonly LIGHTSAIL_DISK = new ResourceType('AWS::Lightsail::Disk');
  /** AWS Lightsail bucket */
  public static readonly LIGHTSAIL_BUCKET = new ResourceType('AWS::Lightsail::Bucket');
  /** AWS Lightsail static IP */
  public static readonly LIGHTSAIL_STATIC_IP = new ResourceType('AWS::Lightsail::StaticIp');
  /** Amazon MQ broker */
  public static readonly AMAZON_MQ_BROKER = new ResourceType('AWS::AmazonMQ::Broker');
  /** Amazon MSK cluster */
  public static readonly MSK_CLUSTER = new ResourceType('AWS::MSK::Cluster');
  /** Amazon Redshift cluster */
  public static readonly REDSHIFT_CLUSTER = new ResourceType('AWS::Redshift::Cluster');
  /** Amazon Redshift cluster parameter group */
  public static readonly REDSHIFT_CLUSTER_PARAMETER_GROUP = new ResourceType('AWS::Redshift::ClusterParameterGroup');
  /** Amazon Redshift cluster security group */
  public static readonly REDSHIFT_CLUSTER_SECURITY_GROUP = new ResourceType('AWS::Redshift::ClusterSecurityGroup');
  /** Amazon Redshift cluster snapshot */
  public static readonly REDSHIFT_CLUSTER_SNAPSHOT = new ResourceType('AWS::Redshift::ClusterSnapshot');
  /** Amazon Redshift cluster subnet group */
  public static readonly REDSHIFT_CLUSTER_SUBNET_GROUP = new ResourceType('AWS::Redshift::ClusterSubnetGroup');
  /** Amazon Redshift event subscription */
  public static readonly REDSHIFT_EVENT_SUBSCRIPTION = new ResourceType('AWS::Redshift::EventSubscription');
  /** Amazon RDS database instance */
  public static readonly RDS_DB_INSTANCE = new ResourceType('AWS::RDS::DBInstance');
  /** Amazon RDS database security group */
  public static readonly RDS_DB_SECURITY_GROUP = new ResourceType('AWS::RDS::DBSecurityGroup');
  /** Amazon RDS database snapshot */
  public static readonly RDS_DB_SNAPSHOT = new ResourceType('AWS::RDS::DBSnapshot');
  /** Amazon RDS database subnet group */
  public static readonly RDS_DB_SUBNET_GROUP = new ResourceType('AWS::RDS::DBSubnetGroup');
  /** Amazon RDS event subscription */
  public static readonly RDS_EVENT_SUBSCRIPTION = new ResourceType('AWS::RDS::EventSubscription');
  /** Amazon RDS database cluster */
  public static readonly RDS_DB_CLUSTER = new ResourceType('AWS::RDS::DBCluster');
  /** Amazon RDS database cluster snapshot */
  public static readonly RDS_DB_CLUSTER_SNAPSHOT = new ResourceType('AWS::RDS::DBClusterSnapshot');
  /** Amazon RDS global cluster */
  public static readonly RDS_GLOBAL_CLUSTER = new ResourceType('AWS::RDS::GlobalCluster');
  /** Amazon Route53 Hosted Zone */
  public static readonly ROUTE53_HOSTED_ZONE = new ResourceType('AWS::Route53::HostedZone');
  /** Amazon Route53 Health Check */
  public static readonly ROUTE53_HEALTH_CHECK = new ResourceType('AWS::Route53::HealthCheck');
  /** Amazon Route53 resolver resolver endpoint */
  public static readonly ROUTE53_RESOLVER_RESOLVER_ENDPOINT = new ResourceType('AWS::Route53Resolver::ResolverEndpoint');
  /** Amazon Route53 resolver resolver rule */
  public static readonly ROUTE53_RESOLVER_RESOLVER_RULE = new ResourceType('AWS::Route53Resolver::ResolverRule');
  /** Amazon Route53 resolver resolver rule association */
  public static readonly ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION = new ResourceType('AWS::Route53Resolver::ResolverRuleAssociation');
  /** Amazon Route 53 Application Recovery Controller Cell */
  public static readonly ROUTE53_RECOVERY_READINESS_CELL = new ResourceType('AWS::Route53RecoveryReadiness::Cell');
  /** Amazon Route 53 Application Recovery Controller Readiness Check */
  public static readonly ROUTE53_RECOVERY_READINESS_READINESS_CHECK = new ResourceType('AWS::Route53RecoveryReadiness::ReadinessCheck');
  /** Amazon Route53 recovery readiness recovery group */
  public static readonly ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP = new ResourceType('AWS::Route53RecoveryReadiness::RecoveryGroup');
  /** Amazon SQS queue */
  public static readonly SQS_QUEUE = new ResourceType('AWS::SQS::Queue');
  /** Amazon SNS topic */
  public static readonly SNS_TOPIC = new ResourceType('AWS::SNS::Topic');
  /** Amazon S3 bucket */
  public static readonly S3_BUCKET = new ResourceType('AWS::S3::Bucket');
  /** Amazon S3 Multi-Region Access Point */
  public static readonly S3_MULTIREGION_ACCESS_POINT = new ResourceType('AWS::S3::MultiRegionAccessPoint');
  /** Amazon SageMaker code repository */
  public static readonly SAGEMAKER_CODE_REPOSITORY = new ResourceType('AWS::SageMaker::CodeRepository');
  /** Amazon SageMaker model */
  public static readonly SAGEMAKER_MODEL = new ResourceType('AWS::SageMaker::Model');
  /** Amazon SageMaker notebook instance */
  public static readonly SAGEMAKER_NOTEBOOK_INSTANCE = new ResourceType('AWS::SageMaker::NotebookInstance');
  /** Amazon SageMaker workteam */
  public static readonly SAGEMAKER_WORKTEAM = new ResourceType('AWS::SageMaker::Workteam');
  /** Amazon SES Configuration Set */
  public static readonly SES_CONFIGURATION_SET = new ResourceType('AWS::SES::ConfigurationSet');
  /** Amazon SES Contact List */
  public static readonly SES_CONTACT_LIST = new ResourceType('AWS::SES::ContactList');
  /** Amazon SES Template */
  public static readonly SES_TEMPLATE = new ResourceType('AWS::SES::Template');
  /** Amazon SES ReceiptFilter */
  public static readonly SES_RECEIPT_FILTER = new ResourceType('AWS::SES::ReceiptFilter');
  /** Amazon SES ReceiptRuleSet */
  public static readonly SES_RECEIPT_RECEIPT_RULE_SET = new ResourceType('AWS::SES::ReceiptRuleSet');
  /** Amazon S3 account public access block */
  public static readonly S3_ACCOUNT_PUBLIC_ACCESS_BLOCK = new ResourceType('AWS::S3::AccountPublicAccessBlock');
  /** Amazon EC2 customer gateway */
  public static readonly EC2_CUSTOMER_GATEWAY = new ResourceType('AWS::EC2::CustomerGateway');
  /** Amazon EC2 internet gateway */
  public static readonly EC2_INTERNET_GATEWAY = new ResourceType('AWS::EC2::InternetGateway');
  /** Amazon EC2 network ACL */
  public static readonly EC2_NETWORK_ACL = new ResourceType('AWS::EC2::NetworkAcl');
  /** Amazon EC2 route table */
  public static readonly EC2_ROUTE_TABLE = new ResourceType('AWS::EC2::RouteTable');
  /** Amazon EC2 subnet table */
  public static readonly EC2_SUBNET = new ResourceType('AWS::EC2::Subnet');
  /** Amazon EC2 VPC */
  public static readonly EC2_VPC = new ResourceType('AWS::EC2::VPC');
  /** Amazon EC2 VPN connection */
  public static readonly EC2_VPN_CONNECTION = new ResourceType('AWS::EC2::VPNConnection');
  /** Amazon EC2 VPN gateway */
  public static readonly EC2_VPN_GATEWAY = new ResourceType('AWS::EC2::VPNGateway');
  /** AWS Auto Scaling group */
  public static readonly AUTO_SCALING_GROUP = new ResourceType('AWS::AutoScaling::AutoScalingGroup');
  /** AWS Auto Scaling launch configuration */
  public static readonly AUTO_SCALING_LAUNCH_CONFIGURATION = new ResourceType('AWS::AutoScaling::LaunchConfiguration');
  /** AWS Auto Scaling policy */
  public static readonly AUTO_SCALING_POLICY = new ResourceType('AWS::AutoScaling::ScalingPolicy');
  /** AWS Auto Scaling scheduled action */
  public static readonly AUTO_SCALING_SCHEDULED_ACTION = new ResourceType('AWS::AutoScaling::ScheduledAction');
  /** Amazon WorkSpaces connection alias */
  public static readonly WORKSPACES_CONNECTION_ALIAS = new ResourceType('AWS::WorkSpaces::ConnectionAlias');
  /** Amazon WorkSpaces workSpace */
  public static readonly WORKSPACES_WORKSPACE = new ResourceType('AWS::WorkSpaces::Workspace');
  /** AWS AppConfig application */
  public static readonly APPCONFIG_APPLICATION = new ResourceType('AWS::AppConfig::Application');
  /** AWS AppConfig environment */
  public static readonly APPCONFIG_ENVIRONMENT = new ResourceType('AWS::AppConfig::Environment');
  /** AWS AppConfig configuration profile */
  public static readonly APPCONFIG_CONFIGURATION_PROFILE = new ResourceType('AWS::AppConfig::ConfigurationProfile');
  /** AWS AppSync GraphQL Api */
  public static readonly APPSYNC_GRAPHQL_API = new ResourceType('AWS::AppSync::GraphQLApi');
  /** AWS Backup backup plan */
  public static readonly BACKUP_BACKUP_PLAN = new ResourceType('AWS::Backup::BackupPlan');
  /** AWS Backup backup selection */
  public static readonly BACKUP_BACKUP_SELECTION = new ResourceType('AWS::Backup::BackupSelection');
  /** AWS Backup backup vault */
  public static readonly BACKUP_BACKUP_VAULT = new ResourceType('AWS::Backup::BackupVault');
  /** AWS Backup recovery point */
  public static readonly BACKUP_RECOVERY_POINT = new ResourceType('AWS::Backup::RecoveryPoint');
  /** AWS Backup report plan */
  public static readonly BACKUP_REPORT_PLAN = new ResourceType('AWS::Backup::ReportPlan');
  /** AWS Batch job queue */
  public static readonly BATCH_JOB_QUEUE = new ResourceType('AWS::Batch::JobQueue');
  /** AWS Batch compute environment */
  public static readonly BATCH_COMPUTE_ENVIRONMENT = new ResourceType('AWS::Batch::ComputeEnvironment');
  /** AWS Certificate manager certificate */
  public static readonly ACM_CERTIFICATE = new ResourceType('AWS::ACM::Certificate');
  /** AWS CloudFormation stack */
  public static readonly CLOUDFORMATION_STACK = new ResourceType('AWS::CloudFormation::Stack');
  /** AWS CloudTrail trail */
  public static readonly CLOUDTRAIL_TRAIL = new ResourceType('AWS::CloudTrail::Trail');
  /** AWS Cloud9 environment EC2 */
  public static readonly CLOUD9_ENVIRONMENT_EC2 = new ResourceType('AWS::Cloud9::EnvironmentEC2');
  /** AWS Cloud Map(ServiceDiscovery) service */
  public static readonly SERVICEDISCOVERY_SERVICE = new ResourceType('AWS::ServiceDiscovery::Service');
  /** AWS Cloud Map(ServiceDiscovery) Public Dns Namespace */
  public static readonly SERVICEDISCOVERY_PUBLIC_DNS_NAMESPACE = new ResourceType('AWS::ServiceDiscovery::PublicDnsNamespace');
  /** AWS Cloud Map(ServiceDiscovery) Http Namespace */
  public static readonly SERVICEDISCOVERY_HTTP_NAMESPACE = new ResourceType('AWS::ServiceDiscovery::HttpNamespace');
  /** AWS CodeBuild project */
  public static readonly CODEBUILD_PROJECT = new ResourceType('AWS::CodeBuild::Project');
  /** AWS CodeDeploy application */
  public static readonly CODEDEPLOY_APPLICATION = new ResourceType('AWS::CodeDeploy::Application');
  /** AWS CodeDeploy deployment config */
  public static readonly CODEDEPLOY_DEPLOYMENT_CONFIG = new ResourceType('AWS::CodeDeploy::DeploymentConfig');
  /** AWS CodeDeploy deployment group */
  public static readonly CODEDEPLOY_DEPLOYMENT_GROUP = new ResourceType('AWS::CodeDeploy::DeploymentGroup');
  /** AWS CodePipeline pipeline */
  public static readonly CODEPIPELINE_PIPELINE = new ResourceType('AWS::CodePipeline::Pipeline');
  /** AWS Config resource compliance */
  public static readonly CONFIG_RESOURCE_COMPLIANCE = new ResourceType('AWS::Config::ResourceCompliance');
  /** AWS Config conformance pack compliance */
  public static readonly CONFIG_CONFORMANCE_PACK_COMPLIANCE = new ResourceType('AWS::Config::ConformancePackCompliance');
  /** AWS DMS event subscription */
  public static readonly DMS_EVENT_SUBSCRIPTION = new ResourceType('AWS::DMS::EventSubscription');
  /** AWS DMS replication subnet group */
  public static readonly DMS_REPLICATION_SUBNET_GROUP = new ResourceType('AWS::DMS::ReplicationSubnetGroup');
  /** AWS DataSync location SMB */
  public static readonly DATASYNC_LOCATION_SMB = new ResourceType('AWS::DataSync::LocationSMB');
  /** AWS DataSync location FSx Lustre */
  public static readonly DATASYNC_LOCATION_FSX_LUSTRE = new ResourceType('AWS::DataSync::LocationFSxLustre');
  /** AWS DataSync location FSx Windows */
  public static readonly DATASYNC_LOCATION_FSX_WINDOWS = new ResourceType('AWS::DataSync::LocationFSxWindows');
  /** AWS DataSync location S3 */
  public static readonly DATASYNC_LOCATION_S3 = new ResourceType('AWS::DataSync::LocationS3');
  /** AWS DataSync location EFS */
  public static readonly DATASYNC_LOCATION_EFS = new ResourceType('AWS::DataSync::LocationEFS');
  /** AWS DataSync task */
  public static readonly DATASYNC_TASK = new ResourceType('AWS::DataSync::Task');
  /** AWS DataSync location NFS */
  public static readonly DATASYNC_LOCATION_NFS = new ResourceType('AWS::DataSync::LocationNFS');
  /** AWS DataSync location object storage */
  public static readonly DATASYNC_LOCATION_OBJECT_STORAGE = new ResourceType('AWS::DataSync::LocationObjectStorage');
  /** AWS DataSync location HDFS */
  public static readonly DATASYNC_LOCATION_HDFS = new ResourceType('AWS::DataSync::LocationHDFS');
  /** AWS Elastic Beanstalk (EB) application */
  public static readonly ELASTIC_BEANSTALK_APPLICATION = new ResourceType('AWS::ElasticBeanstalk::Application');
  /** AWS Elastic Beanstalk (EB) application version */
  public static readonly ELASTIC_BEANSTALK_APPLICATION_VERSION = new ResourceType('AWS::ElasticBeanstalk::ApplicationVersion');
  /** AWS Elastic Beanstalk (EB) environment */
  public static readonly ELASTIC_BEANSTALK_ENVIRONMENT = new ResourceType('AWS::ElasticBeanstalk::Environment');
  /** AWS Fault Injection Simulator Experiment_Template */
  public static readonly FIS_EXPERIMENT_TEMPLATE = new ResourceType('AWS::FIS::ExperimentTemplate');
  /** AWS GlobalAccelerator listener */
  public static readonly GLOBALACCELERATOR_LISTENER = new ResourceType('AWS::GlobalAccelerator::Listener');
  /** AWS GlobalAccelerator endpoint group */
  public static readonly GLOBALACCELERATOR_ENDPOINT_GROUP = new ResourceType('AWS::GlobalAccelerator::EndpointGroup');
  /** AWS GlobalAccelerator accelerator */
  public static readonly GLOBALACCELERATOR_ACCELERATOR = new ResourceType('AWS::GlobalAccelerator::Accelerator');
  /** AWS Glue Job */
  public static readonly GLUE_JOB = new ResourceType('AWS::Glue::Job');
  /** AWS Glue Classifier */
  public static readonly GLUE_CLASSIFIER = new ResourceType('AWS::Glue::Classifier');
  /** AWS Glue machine learning transform */
  public static readonly GLUE_ML_TRANSFORM = new ResourceType('AWS::Glue::MLTransform');
  /** AWS IAM user */
  public static readonly IAM_USER = new ResourceType('AWS::IAM::User');
  /** AWS IAM group */
  public static readonly IAM_GROUP = new ResourceType('AWS::IAM::Group');
  /** AWS IAM role */
  public static readonly IAM_ROLE = new ResourceType('AWS::IAM::Role');
  /** AWS IAM policy */
  public static readonly IAM_POLICY = new ResourceType('AWS::IAM::Policy');
  /** AWS IAM AccessAnalyzer analyzer */
  public static readonly IAM_ACCESSANALYZER_ANALYZER = new ResourceType('AWS::AccessAnalyzer::Analyzer');
  /** AWS IoT authorizer */
  public static readonly IOT_AUTHORIZER = new ResourceType('AWS::IoT::Authorizer');
  /** AWS IoT security profile */
  public static readonly IOT_SECURITY_PROFILE = new ResourceType('AWS::IoT::SecurityProfile');
  /** AWS IoT role alias */
  public static readonly IOT_ROLE_ALIAS = new ResourceType('AWS::IoT::RoleAlias');
  /** AWS IoT dimension */
  public static readonly IOT_DIMENSION = new ResourceType('AWS::IoT::Dimension');
  /** AWS IoT policy */
  public static readonly IOT_POLICY = new ResourceType('AWS::IoT::Policy');
  /** AWS IoT mitigation action */
  public static readonly IOT_MITIGATION_ACTION = new ResourceType('AWS::IoT::MitigationAction');
  /** AWS IoT TwinMaker workspace */
  public static readonly IOT_TWINMAKER_WORKSPACE = new ResourceType('AWS::IoTTwinMaker::Workspace');
  /** AWS IoT TwinMaker entity */
  public static readonly IOT_TWINMAKER_ENTITY = new ResourceType('AWS::IoTTwinMaker::Entity');
  /** AWS IoT Analytics datastore */
  public static readonly IOT_ANALYTICS_DATASTORE = new ResourceType('AWS::IoTAnalytics::Datastore');
  /** AWS IoT Analytics dataset */
  public static readonly IOT_ANALYTICS_DATASET = new ResourceType('AWS::IoTAnalytics::Dataset');
  /** AWS IoT Analytics pipeline */
  public static readonly IOT_ANALYTICS_PIPELINE = new ResourceType('AWS::IoTAnalytics::Pipeline');
  /** AWS IoT Analytics channel */
  public static readonly IOT_ANALYTICS_CHANNEL = new ResourceType('AWS::IoTAnalytics::Channel');
  /** AWS IoT Events Input */
  public static readonly IOT_EVENTS_INPUT = new ResourceType('AWS::IoTEvents::Input');
  /** AWS IoT Events Detector Model */
  public static readonly IOT_EVENTS_DETECTOR_MODEL = new ResourceType('AWS::IoTEvents::DetectorModel');
  /** AWS IoT Events Alarm Model */
  public static readonly IOT_EVENTS_ALARM_MODEL = new ResourceType('AWS::IoTEvents::AlarmModel');
  /** AWS IoT SiteWise dashboard */
  public static readonly IOT_SITEWISE_DASHBOARD = new ResourceType('AWS::IoTSiteWise::Dashboard');
  /** AWS IoT SiteWise project */
  public static readonly IOT_SITEWISE_PROJECT = new ResourceType('AWS::IoTSiteWise::Project');
  /** AWS IoT SiteWise portal */
  public static readonly IOT_SITEWISE_PORTAL = new ResourceType('AWS::IoTSiteWise::Portal');
  /** AWS IoT SiteWise asset model */
  public static readonly IOT_SITEWISE_ASSETMODEL = new ResourceType('AWS::IoTSiteWise::AssetModel');
  /** AWS KMS Key */
  public static readonly KMS_KEY = new ResourceType('AWS::KMS::Key');
  /** AWS Lambda function */
  public static readonly LAMBDA_FUNCTION = new ResourceType('AWS::Lambda::Function');
  /** AWS Network Firewall Firewall */
  public static readonly NETWORK_FIREWALL_FIREWALL = new ResourceType('AWS::NetworkFirewall::Firewall');
  /** AWS Network Firewall Firewall Policy */
  public static readonly NETWORK_FIREWALL_FIREWALL_POLICY = new ResourceType('AWS::NetworkFirewall::FirewallPolicy');
  /** AWS Network Firewall Rule Group */
  public static readonly NETWORK_FIREWALL_RULE_GROUP = new ResourceType('AWS::NetworkFirewall::RuleGroup');
  /** AWS ResilienceHub resiliency policy */
  public static readonly RESILIENCEHUB_RESILIENCY_POLICY = new ResourceType('AWS::ResilienceHub::ResiliencyPolicy');
  /** AWS Secrets Manager secret */
  public static readonly SECRETS_MANAGER_SECRET = new ResourceType('AWS::SecretsManager::Secret');
  /** AWS Service Catalog CloudFormation product */
  public static readonly SERVICE_CATALOG_CLOUDFORMATION_PRODUCT = new ResourceType('AWS::ServiceCatalog::CloudFormationProduct');
  /** AWS Service Catalog CloudFormation provisioned product */
  public static readonly SERVICE_CATALOG_CLOUDFORMATION_PROVISIONED_PRODUCT = new ResourceType(
    'AWS::ServiceCatalog::CloudFormationProvisionedProduct');
  /** AWS Service Catalog portfolio */
  public static readonly SERVICE_CATALOG_PORTFOLIO = new ResourceType('AWS::ServiceCatalog::Portfolio');
  /** AWS Shield protection */
  public static readonly SHIELD_PROTECTION = new ResourceType('AWS::Shield::Protection');
  /** AWS Shield regional protection */
  public static readonly SHIELD_REGIONAL_PROTECTION = new ResourceType('AWS::ShieldRegional::Protection');
  /** AWS StepFunctions activity */
  public static readonly STEPFUNCTIONS_ACTIVITY = new ResourceType('AWS::StepFunctions::Activity');
  /** AWS StepFunctions state machine */
  public static readonly STEPFUNCTIONS_STATE_MACHINE = new ResourceType('AWS::StepFunctions::StateMachine');
  /** AWS Systems Manager managed instance inventory */
  public static readonly SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY = new ResourceType('AWS::SSM::ManagedInstanceInventory');
  /** AWS Systems Manager patch compliance */
  public static readonly SYSTEMS_MANAGER_PATCH_COMPLIANCE = new ResourceType('AWS::SSM::PatchCompliance');
  /** AWS Systems Manager association compliance */
  public static readonly SYSTEMS_MANAGER_ASSOCIATION_COMPLIANCE = new ResourceType('AWS::SSM::AssociationCompliance');
  /** AWS Systems Manager file data */
  public static readonly SYSTEMS_MANAGER_FILE_DATA = new ResourceType('AWS::SSM::FileData');
  /** AWS Transfer workflow */
  public static readonly TRANSFER_WORKFLOW = new ResourceType('AWS::Transfer::Workflow');
  /** AWS WAF rate based rule */
  public static readonly WAF_RATE_BASED_RULE = new ResourceType('AWS::WAF::RateBasedRule');
  /** AWS WAF rule */
  public static readonly WAF_RULE = new ResourceType('AWS::WAF::Rule');
  /** AWS WAF web ACL */
  public static readonly WAF_WEB_ACL = new ResourceType('AWS::WAF::WebACL');
  /** AWS WAF rule group */
  public static readonly WAF_RULE_GROUP = new ResourceType('AWS::WAF::RuleGroup');
  /** AWS WAF regional rate based rule */
  public static readonly WAF_REGIONAL_RATE_BASED_RULE = new ResourceType('AWS::WAFRegional::RateBasedRule');
  /** AWS WAF regional rule */
  public static readonly WAF_REGIONAL_RULE = new ResourceType('AWS::WAFRegional::Rule');
  /** AWS WAF web ACL */
  public static readonly WAF_REGIONAL_WEB_ACL = new ResourceType('AWS::WAFRegional::WebACL');
  /** AWS WAF regional rule group */
  public static readonly WAF_REGIONAL_RULE_GROUP = new ResourceType('AWS::WAFRegional::RuleGroup');
  /** AWS WAFv2 web ACL */
  public static readonly WAFV2_WEB_ACL = new ResourceType('AWS::WAFv2::WebACL');
  /** AWS WAFv2 rule group */
  public static readonly WAFV2_RULE_GROUP = new ResourceType('AWS::WAFv2::RuleGroup');
  /** AWS WAFv2 managed rule set */
  public static readonly WAFV2_MANAGED_RULE_SET = new ResourceType('AWS::WAFv2::ManagedRuleSet');
  /** AWS WAFv2 ip set */
  public static readonly WAFV2_IP_SET = new ResourceType('AWS::WAFv2::IPSet');
  /** AWS WAFv2 regex pattern set */
  public static readonly WAFV2_REGEX_PATTERN_SET = new ResourceType('AWS::WAFv2::RegexPatternSet');
  /** AWS X-Ray encryption configuration */
  public static readonly XRAY_ENCRYPTION_CONFIGURATION = new ResourceType('AWS::XRay::EncryptionConfig');
  /** AWS ELB classic load balancer */
  public static readonly ELB_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancing::LoadBalancer');
  /** AWS ELBv2 network load balancer or AWS ELBv2 application load balancer */
  public static readonly ELBV2_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancingV2::LoadBalancer');
  /** AWS ELBv2 application load balancer listener */
  public static readonly ELBV2_LISTENER = new ResourceType('AWS::ElasticLoadBalancingV2::Listener');
  /** AWS Elemental MediaPackage packaging group */
  public static readonly MEDIAPACKAGE_PACKAGING_GROUP = new ResourceType('AWS::MediaPackage::PackagingGroup');
  /** AWS Device Farm Test Grid Project */
  public static readonly DEVICE_FARM_TEST_GRID_PROJECT = new ResourceType('AWS::DeviceFarm::TestGridProject');
  /** AWS Budgets Budgets Action */
  public static readonly BUDGETS_BUDGETS_ACTION = new ResourceType('AWS::Budgets::BudgetsAction');
  /** Amazon Lex Bot */
  public static readonly LEX_BOT = new ResourceType('AWS::Lex::Bot');
  /** Amazon Lex Bot Alias */
  public static readonly LEX_BOT_ALIAS = new ResourceType('AWS::Lex::BotAlias');
  /** Amazon CodeGuru Reviewer Repository Association */
  public static readonly CODE_GURU_REVIEWER_REPOSITORY_ASSOCIATION = new ResourceType('AWS::CodeGuruReviewer::RepositoryAssociation');
  /** AWS IoT Custom Metric */
  public static readonly IOT_CUSTOM_METRIC = new ResourceType('AWS::IoT::CustomMetric');
  /** AWS IoT Account Audit Configuration */
  public static readonly IOT_ACCOUNT_AUDIT_CONFIGURATION = new ResourceType('AWS::IoT::AccountAuditConfiguration');
  /** AWS IoT Scheduled Audit */
  public static readonly IOT_SCHEDULED_AUDIT = new ResourceType('AWS::IoT::ScheduledAudit');
  /** Amazon Route53 Resolver Firewall Domain List */
  public static readonly ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST = new ResourceType('AWS::Route53Resolver::FirewallDomainList');
  /** AWS RoboMaker Robot Application Version */
  public static readonly ROBO_MAKER_ROBOT_APPLICATION_VERSION = new ResourceType('AWS::RoboMaker::RobotApplicationVersion');
  /** EC2 Traffic Mirror Session */
  public static readonly EC2_TRAFFIC_MIRROR_SESSION = new ResourceType('AWS::EC2::TrafficMirrorSession');
  /** EC2 Traffic Mirror Target */
  public static readonly EC2_TRAFFIC_MIRROR_TARGET = new ResourceType('AWS::EC2::TrafficMirrorTarget');
  /** AWS IoT SiteWise Gateway */
  public static readonly IOT_SITEWISE_GATEWAY = new ResourceType('AWS::IoTSiteWise::Gateway');
  /** AWS Lookout Metrics Alert */
  public static readonly LOOKOUT_METRICS_ALERT = new ResourceType('AWS::LookoutMetrics::Alert');
  /** Amazon S3 Storage Lens */
  public static readonly S3_STORAGE_LENS = new ResourceType('AWS::S3::StorageLens');
  /** Amazon EventBridge Connection */
  public static readonly EVENTS_CONNECTION = new ResourceType('AWS::Events::Connection');
  /** Amazon EventBridge Schemas Schema */
  public static readonly EVENT_SCHEMAS_SCHEMA = new ResourceType('AWS::EventSchemas::Schema');
  /** AWS Elemental MediaPackage Packaging Configuration */
  public static readonly MEDIA_PACKAGE_PACKAGING_CONFIGURATION = new ResourceType('AWS::MediaPackage::PackagingConfiguration');
  /** Amazon AppStream Directory Config */
  public static readonly APP_STREAM_DIRECTORY_CONFIG = new ResourceType('AWS::AppStream::DirectoryConfig');
  /** EC2 Auto Scaling Warm Pool */
  public static readonly AUTO_SCALING_WARM_POOL = new ResourceType('AWS::AutoScaling::WarmPool');
  /** Amazon Connect Phone Number */
  public static readonly CONNECT_PHONE_NUMBER = new ResourceType('AWS::Connect::PhoneNumber');
  /** Amazon Connect Customer Profiles Domain */
  public static readonly CUSTOMER_PROFILES_DOMAIN = new ResourceType('AWS::CustomerProfiles::Domain');
  /** EC2 DHCP Options */
  public static readonly EC2_DHCP_OPTIONS = new ResourceType('AWS::EC2::DHCPOptions');
  /** EC2 IPAM */
  public static readonly EC2_IPAM = new ResourceType('AWS::EC2::IPAM');
  /** EC2 Network Insights Path */
  public static readonly EC2_NETWORK_INSIGHTS_PATH = new ResourceType('AWS::EC2::NetworkInsightsPath');
  /** EC2 Traffic Mirror Filter */
  public static readonly EC2_TRAFFIC_MIRROR_FILTER = new ResourceType('AWS::EC2::TrafficMirrorFilter');
  /** Amazon EventBridge Events Rule */
  public static readonly EVENTS_RULE = new ResourceType('AWS::Events::Rule');
  /** AWS HealthLake FHIR Datastore */
  public static readonly HEALTH_LAKE_FHIR_DATASTORE = new ResourceType('AWS::HealthLake::FHIRDatastore');
  /** AWS IoT Twin Maker Scene */
  public static readonly IOT_TWIN_MAKER_SCENE = new ResourceType('AWS::IoTTwinMaker::Scene');
  /** Amazon Kinesis Video Streams Signaling Channel */
  public static readonly KINESIS_VIDEO_SIGNALING_CHANNEL = new ResourceType('AWS::KinesisVideo::SignalingChannel');
  /** Amazon Lookout Vision Project */
  public static readonly LOOKOUT_VISION_PROJECT = new ResourceType('AWS::LookoutVision::Project');
  /** AWS Network Manager Transit Gateway Registration */
  public static readonly NETWORK_MANAGER_TRANSIT_GATEWAY_REGISTRATION = new ResourceType('AWS::NetworkManager::TransitGatewayRegistration');
  /** Amazon Pinpoint Application Settings */
  public static readonly PINPOINT_APPLICATION_SETTINGS = new ResourceType('AWS::Pinpoint::ApplicationSettings');
  /** Amazon Pinpoint Segment */
  public static readonly PINPOINT_SEGMENT = new ResourceType('AWS::Pinpoint::Segment');
  /** AWS RoboMaker Robot Application */
  public static readonly ROBO_MAKER_ROBOT_APPLICATION = new ResourceType('AWS::RoboMaker::RobotApplication');
  /** AWS RoboMaker Simulation Application */
  public static readonly ROBO_MAKER_SIMULATION_APPLICATION = new ResourceType('AWS::RoboMaker::SimulationApplication');
  /** Amazon Route53 Recovery Control Cluster */
  public static readonly ROUTE53_RECOVERY_CONTROL_CLUSTER = new ResourceType('AWS::Route53RecoveryControl::Cluster');
  /** Amazon Route53 Recovery Control Control Panel */
  public static readonly ROUTE53_RECOVERY_CONTROL_CONTROL_PANEL = new ResourceType('AWS::Route53RecoveryControl::ControlPanel');
  /** Amazon Route53 Recovery Control Routing Control */
  public static readonly ROUTE53_RECOVERY_CONTROL_ROUTING_CONTROL = new ResourceType('AWS::Route53RecoveryControl::RoutingControl');
  /** Amazon Route53 Recovery Control Safety Rule */
  public static readonly ROUTE53_RECOVERY_CONTROL_SAFETY_RULE = new ResourceType('AWS::Route53RecoveryControl::SafetyRule');
  /** Amazon Route53 Recovery Readiness Resource Set */
  public static readonly ROUTE53_RECOVERY_READINESS_RESOURCE_SET = new ResourceType('AWS::Route53RecoveryReadiness::ResourceSet');
  /** Amazon Route53 Resolver Firewall Rule Group Association */
  public static readonly ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION = new ResourceType('AWS::Route53Resolver::FirewallRuleGroupAssociation');
  /** EC2 EC2 Fleet */
  public static readonly EC2_EC2_FLEET = new ResourceType('AWS::EC2::EC2Fleet');
  /** AWS IoTWireless Service Profile */
  public static readonly IOT_WIRELESS_SERVICE_PROFILE = new ResourceType('AWS::IoTWireless::ServiceProfile');
  /** EC2 Subnet Route Table Association */
  public static readonly EC2_SUBNET_ROUTE_TABLE_ASSOCIATION = new ResourceType('AWS::EC2::SubnetRouteTableAssociation');
  /** AWS Network Manager Global Network */
  public static readonly NETWORK_MANAGER_GLOBAL_NETWORK = new ResourceType('AWS::NetworkManager::GlobalNetwork');
  /** AWS DeviceFarm Instance Profile */
  public static readonly DEVICE_FARM_INSTANCE_PROFILE = new ResourceType('AWS::DeviceFarm::InstanceProfile');
  /** AWS GroundStation Config */
  public static readonly GROUND_STATION_CONFIG = new ResourceType('AWS::GroundStation::Config');
  /** Amazon AppFlow Flow */
  public static readonly APP_FLOW_FLOW = new ResourceType('AWS::AppFlow::Flow');
  /** Amazon Redshift Scheduled Action */
  public static readonly REDSHIFT_SCHEDULED_ACTION = new ResourceType('AWS::Redshift::ScheduledAction');
  /** Amazon Pinpoint App */
  public static readonly PINPOINT_APP = new ResourceType('AWS::Pinpoint::App');
  /** AWS IoT Fleet Metric */
  public static readonly IOT_FLEET_METRIC = new ResourceType('AWS::IoT::FleetMetric');
  /** AWS AppConfig Deployment Strategy */
  public static readonly APP_CONFIG_DEPLOYMENT_STRATEGY = new ResourceType('AWS::AppConfig::DeploymentStrategy');
  /** AWS Network Manager Device */
  public static readonly NETWORK_MANAGER_DEVICE = new ResourceType('AWS::NetworkManager::Device');
  /** EC2 Image Builder Image Pipeline */
  public static readonly IMAGE_BUILDER_IMAGE_PIPELINE = new ResourceType('AWS::ImageBuilder::ImagePipeline');
  /** Amazon CloudWatch Metric Stream */
  public static readonly CLOUD_WATCH_METRIC_STREAM = new ResourceType('AWS::CloudWatch::MetricStream');
  /** AWS Panorama Package */
  public static readonly PANORAMA_PACKAGE = new ResourceType('AWS::Panorama::Package');
  /** Amazon SageMaker Image */
  public static readonly SAGE_MAKER_IMAGE = new ResourceType('AWS::SageMaker::Image');
  /** Amazon ECR PullThrough Cache Rule */
  public static readonly ECR_PULL_THROUGH_CACHE_RULE = new ResourceType('AWS::ECR::PullThroughCacheRule');
  /** AWS AuditManager Assessment */
  public static readonly AUDIT_MANAGER_ASSESSMENT = new ResourceType('AWS::AuditManager::Assessment');
  /** AWS NetworkManager Site */
  public static readonly NETWORK_MANAGER_SITE = new ResourceType('AWS::NetworkManager::Site');
  /** Amazon SageMaker AppImageConfig */
  public static readonly SAGE_MAKER_APP_IMAGE_CONFIG = new ResourceType('AWS::SageMaker::AppImageConfig');
  /** AWS DeviceFarm Project */
  public static readonly DEVICE_FARM_PROJECT = new ResourceType('AWS::DeviceFarm::Project');
  /** AWS NetworkManager Link */
  public static readonly NETWORK_MANAGER_LINK = new ResourceType('AWS::NetworkManager::Link');
  /** AWS NetworkFirewall TLSInspectionConfiguration */
  public static readonly NETWORK_FIREWALL_TLS_INSPECTION_CONFIGURATION = new ResourceType('AWS::NetworkFirewall::TLSInspectionConfiguration');
  /** AWS Amplify App */
  public static readonly AMPLIFY_APP = new ResourceType('AWS::Amplify::App');
  /** AWS AppMesh VirtualNode */
  public static readonly APP_MESH_VIRTUAL_NODE = new ResourceType('AWS::AppMesh::VirtualNode');
  /** AWS AppMesh VirtualService */
  public static readonly APP_MESH_VIRTUAL_SERVICE = new ResourceType('AWS::AppMesh::VirtualService');
  /** AWS AppRunner VpcConnector */
  public static readonly APP_RUNNER_VPC_CONNECTOR = new ResourceType('AWS::AppRunner::VpcConnector');
  /** Amazon AppStream Application */
  public static readonly APP_STREAM_APPLICATION = new ResourceType('AWS::AppStream::Application');
  /** Amazon KeySpaces Cassandra Keyspace */
  public static readonly CASSANDRA_KEYSPACE = new ResourceType('AWS::Cassandra::Keyspace');
  /** AWS CodeArtifact Repository */
  public static readonly CODE_ARTIFACT_REPOSITORY = new ResourceType('AWS::CodeArtifact::Repository');
  /** EC2 PrefixList */
  public static readonly EC2_PREFIX_LIST = new ResourceType('AWS::EC2::PrefixList');
  /** EC2 SpotFleet */
  public static readonly EC2_SPOT_FLEET = new ResourceType('AWS::EC2::SpotFleet');
  /** Amazon ECS TaskSet */
  public static readonly ECS_TASK_SET = new ResourceType('AWS::ECS::TaskSet');
  /** Amazon CloudWatch Evidently Project */
  public static readonly EVIDENTLY_PROJECT = new ResourceType('AWS::Evidently::Project');
  /** Amazon Forecast Dataset */
  public static readonly FORECAST_DATASET = new ResourceType('AWS::Forecast::Dataset');
  /** AWS IAM SAMLProvider */
  public static readonly IAM_SAML_PROVIDER = new ResourceType('AWS::IAM::SAMLProvider');
  /** AWS IAM ServerCertificate */
  public static readonly IAM_SERVER_CERTIFICATE = new ResourceType('AWS::IAM::ServerCertificate');
  /** Amazon Data Firehose DeliveryStream */
  public static readonly KINESIS_FIREHOSE_DELIVERY_STREAM = new ResourceType('AWS::KinesisFirehose::DeliveryStream');
  /** Amazon Pinpoint Campaign */
  public static readonly PINPOINT_CAMPAIGN = new ResourceType('AWS::Pinpoint::Campaign');
  /** Amazon Pinpoint InAppTemplate */
  public static readonly PINPOINT_IN_APP_TEMPLATE = new ResourceType('AWS::Pinpoint::InAppTemplate');
  /** AWS Signer SigningProfile */
  public static readonly SIGNER_SIGNING_PROFILE = new ResourceType('AWS::Signer::SigningProfile');
  /** Amazon SageMaker Domain */
  public static readonly SAGEMAKER_DOMAIN = new ResourceType('AWS::SageMaker::Domain');
  /** AWS Transfer Agreement */
  public static readonly TRANSFER_AGREEMENT = new ResourceType('AWS::Transfer::Agreement');
  /** AWS Transfer Connector */
  public static readonly TRANSFER_CONNECTOR = new ResourceType('AWS::Transfer::Connector');
  /** AWS Private Certificate Authority CertificateAuthority */
  public static readonly ACMPCA_CERTIFICATE_AUTHORITY = new ResourceType('AWS::ACMPCA::CertificateAuthority');
  /** AWS AppConfig HostedConfigurationVersion */
  public static readonly APP_CONFIG_HOSTED_CONFIGURATION_VERSION = new ResourceType('AWS::AppConfig::HostedConfigurationVersion');
  /** AWS AppMesh VirtualGateway */
  public static readonly APP_MESH_VIRTUAL_GATEWAY = new ResourceType('AWS::AppMesh::VirtualGateway');
  /** AWS AppMesh VirtualRouter */
  public static readonly APP_MESH_VIRTUAL_ROUTER = new ResourceType('AWS::AppMesh::VirtualRouter');
  /** AWS AppRunner Service */
  public static readonly APP_RUNNER_SERVICE = new ResourceType('AWS::AppRunner::Service');
  /** Amazon Connect CustomerProfiles ObjectType */
  public static readonly CUSTOMER_PROFILES_OBJECT_TYPE = new ResourceType('AWS::CustomerProfiles::ObjectType');
  /** AWS DMS Endpoint */
  public static readonly DMS_ENDPOINT = new ResourceType('AWS::DMS::Endpoint');
  /** EC2 CapacityReservation */
  public static readonly EC2_CAPACITY_RESERVATION = new ResourceType('AWS::EC2::CapacityReservation');
  /** EC2 ClientVpnEndpoint */
  public static readonly EC2_CLIENT_VPN_ENDPOINT = new ResourceType('AWS::EC2::ClientVpnEndpoint');
  /** Amazon Kendra Index */
  public static readonly KENDRA_INDEX = new ResourceType('AWS::Kendra::Index');
  /** Amazon Kinesis Video Stream */
  public static readonly KINESIS_VIDEO_STREAM = new ResourceType('AWS::KinesisVideo::Stream');
  /** Amazon CloudWatch Logs Destination */
  public static readonly LOGS_DESTINATION = new ResourceType('AWS::Logs::Destination');
  /** AWS NetworkManager CustomerGatewayAssociation */
  public static readonly NETWORK_MANAGER_CUSTOMER_GATEWAY_ASSOCIATION = new ResourceType('AWS::NetworkManager::CustomerGatewayAssociation');
  /** AWS NetworkManager LinkAssociation */
  public static readonly NETWORK_MANAGER_LINK_ASSOCIATION = new ResourceType('AWS::NetworkManager::LinkAssociation');
  /** Amazon Pinpoint EmailChannel */
  public static readonly PINPOINT_EMAIL_CHANNEL = new ResourceType('AWS::Pinpoint::EmailChannel');
  /** Amazon S3 AccessPoint */
  public static readonly S3_ACCESS_POINT = new ResourceType('AWS::S3::AccessPoint');
  /** AWS Amplify Branch */
  public static readonly AMPLIFY_BRANCH = new ResourceType('AWS::Amplify::Branch');
  /** Amazon AppIntegrations EventIntegration */
  public static readonly APP_INTEGRATIONS_EVENT_INTEGRATION = new ResourceType('AWS::AppIntegrations::EventIntegration');
  /** AWS AppMesh Route */
  public static readonly APP_MESH_ROUTE = new ResourceType('AWS::AppMesh::Route');
  /** Amazon Athena PreparedStatement */
  public static readonly ATHENA_PREPARED_STATEMENT = new ResourceType('AWS::Athena::PreparedStatement');
  /** EC2 IPAMScope */
  public static readonly EC2_IPAM_SCOPE = new ResourceType('AWS::EC2::IPAMScope');
  /** Amazon CloudWatch Evidently Launch */
  public static readonly EVIDENTLY_LAUNCH = new ResourceType('AWS::Evidently::Launch');
  /** Amazon Forecast DatasetGroup */
  public static readonly FORECAST_DATASET_GROUP = new ResourceType('AWS::Forecast::DatasetGroup');
  /** AWS IoT Greengrass Version2 ComponentVersion */
  public static readonly GREENGRASSV2_COMPONENT_VERSION = new ResourceType('AWS::GreengrassV2::ComponentVersion');
  /** AWS GroundStation MissionProfile */
  public static readonly GROUNDSTATION_MISSION_PROFILE = new ResourceType('AWS::GroundStation::MissionProfile');
  /** AWS Elemental MediaConnect FlowEntitlement */
  public static readonly MEDIACONNECT_FLOW_ENTITLEMENT = new ResourceType('AWS::MediaConnect::FlowEntitlement');
  /** AWS Elemental MediaConnect FlowVpcInterface */
  public static readonly MEDIACONNECT_FLOW_VPC_INTERFACE = new ResourceType('AWS::MediaConnect::FlowVpcInterface');
  /** AWS Elemental MediaTailor PlaybackConfiguration */
  public static readonly MEDIATAILOR_PLAYBACK_CONFIGURATION = new ResourceType('AWS::MediaTailor::PlaybackConfiguration');
  /** Amazon MSK Configuration */
  public static readonly MSK_CONFIGURATION = new ResourceType('AWS::MSK::Configuration');
  /** Amazon Personalize Dataset */
  public static readonly PERSONALIZE_DATASET = new ResourceType('AWS::Personalize::Dataset');
  /** Amazon Personalize Schema */
  public static readonly PERSONALIZE_SCHEMA = new ResourceType('AWS::Personalize::Schema');
  /** Amazon Personalize Solution */
  public static readonly PERSONALIZE_SOLUTION = new ResourceType('AWS::Personalize::Solution');
  /** Amazon Pinpoint EmailTemplate */
  public static readonly PINPOINT_EMAIL_TEMPLATE = new ResourceType('AWS::Pinpoint::EmailTemplate');
  /** Amazon Pinpoint EventStream */
  public static readonly PINPOINT_EVENT_STREAM = new ResourceType('AWS::Pinpoint::EventStream');
  /** AWS ResilienceHub App */
  public static readonly RESILIENCEHUB_APP = new ResourceType('AWS::ResilienceHub::App');
  /** Amazon CodeGuruP rofiler ProfilingGroup */
  public static readonly CODE_GURU_PROFILER_PROFILING_GROUP = new ResourceType('AWS::CodeGuruProfiler::ProfilingGroup');
  /** AWS Elemental MediaConnect FlowSource */
  public static readonly MEDIA_CONNECT_FLOW_SOURCE = new ResourceType('AWS::MediaConnect::FlowSource');
  /** AWS Transfer Family Certificate */
  public static readonly TRANSFER_CERTIFICATE = new ResourceType('AWS::Transfer::Certificate');
  /** Amazon Managed Service for Prometheus RuleGroupsNamespace */
  public static readonly APS_RULE_GROUPS_NAMESPACE = new ResourceType('AWS::APS::RuleGroupsNamespace');
  /** AWS Batch SchedulingPolicy */
  public static readonly BATCH_SCHEDULING_POLICY = new ResourceType('AWS::Batch::SchedulingPolicy');
  /** AWS Cloud Map Instance */
  public static readonly SERVICE_DISCOVERY_INSTANCE = new ResourceType('AWS::ServiceDiscovery::Instance');
  /** Amazon Route53 Resolver ResolverQueryLoggingConfig */
  public static readonly ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG = new ResourceType('AWS::Route53Resolver::ResolverQueryLoggingConfig');
  /** Amazon Route53 Resolver ResolverQueryLoggingConfigAssociation */
  public static readonly ROUTE53_RESOLVER_QUERY_LOGGING_CONFIG_ASSOCIATION = new ResourceType('AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation');
  /** AWS IoT JobTemplate */
  public static readonly IOT_JOB_TEMPLATE = new ResourceType('AWS::IoT::JobTemplate');
  /** AWS IoT TwinMaker ComponentType */
  public static readonly IOT_TWIN_MAKER_COMPONENT_TYPE = new ResourceType('AWS::IoTTwinMaker::ComponentType');
  /** AWS IoT Wireless MulticastGroup */
  public static readonly IOT_WIRELESS_MULTICAST_GROUP = new ResourceType('AWS::IoTWireless::MulticastGroup');
  /** Amazon Personalize DatasetGroup */
  public static readonly PERSONALIZE_DATASET_GROUP = new ResourceType('AWS::Personalize::DatasetGroup');
  /** AWS IoT ProvisioningTemplate */
  public static readonly IOT_PROVISIONING_TEMPLATE = new ResourceType('AWS::IoT::ProvisioningTemplate');
  /** AWS IoT Wireless FuotaTask */
  public static readonly IOT_WIRELESS_FUOTA_TASK = new ResourceType('AWS::IoTWireless::FuotaTask');
  /** Amazon MSK BatchScramSecret */
  public static readonly MSK_BATCH_SCRAM_SECRET = new ResourceType('AWS::MSK::BatchScramSecret');
  /** Amazon SageMaker FeatureGroup */
  public static readonly SAGEMAKER_FEATURE_GROUP = new ResourceType('AWS::SageMaker::FeatureGroup');
  /** AWS CodeBuild ReportGroup */
  public static readonly CODE_BUILD_REPORT_GROUP = new ResourceType('AWS::CodeBuild::ReportGroup');
  /** Amazon AppStream Stack */
  public static readonly APP_STREAM_STACK = new ResourceType('AWS::AppStream::Stack');
  /** Amazon Inspector Filter */
  public static readonly INSPECTORV2_FILTER = new ResourceType('AWS::InspectorV2::Filter');
  /** Amazon AppStream Fleet */
  public static readonly APP_STREAM_FLEET = new ResourceType('AWS::AppStream::Fleet');
  /** Amazon Managed Grafana Workspace */
  public static readonly GRAFANA_WORKSPACE = new ResourceType('AWS::Grafana::Workspace');
  /** AWS KMS Alias */
  public static readonly KMS_ALIAS = new ResourceType('AWS::KMS::Alias');
  /** Amazon RDS OptionGroup */
  public static readonly RDS_OPTION_GROUP = new ResourceType('AWS::RDS::OptionGroup');
  /** AWS Route53 Resolver FirewallRuleGroup */
  public static readonly ROUTE53_RESOLVER_FIREWALL_RULE_GROUP = new ResourceType('AWS::Route53Resolver::FirewallRuleGroup');
  /** AWS IAM InstanceProfile */
  public static readonly IAM_INSTANCE_PROFILE = new ResourceType('AWS::IAM::InstanceProfile');
  /** AWS NetworkManager ConnectPeer */
  public static readonly NETWORK_MANAGER_CONNECT_PEER = new ResourceType('AWS::NetworkManager::ConnectPeer');
  /** AWS Private Certificate Authority CertificateAuthorityActivation */
  public static readonly ACMPCA_CERTIFICATE_AUTHORITY_ACTIVATION = new ResourceType('AWS::ACMPCA::CertificateAuthorityActivation');
  /** AWS AppMesh GatewayRoute */
  public static readonly APP_MESH_GATEWAY_ROUTE = new ResourceType('AWS::AppMesh::GatewayRoute');
  /** AWS AppMesh Mesh */
  public static readonly APP_MESH_MESH = new ResourceType('AWS::AppMesh::Mesh');
  /** Amazon Connect QuickConnect */
  public static readonly CONNECT_QUICK_CONNECT = new ResourceType('AWS::Connect::QuickConnect');
  /** EC2 CarrierGateway */
  public static readonly EC2_CARRIER_GATEWAY = new ResourceType('AWS::EC2::CarrierGateway');
  /** EC2 TransitGatewayConnect */
  public static readonly EC2_TRANSIT_GATEWAY_CONNECT = new ResourceType('AWS::EC2::TransitGatewayConnect');
  /** Amazon ECS CapacityProvider */
  public static readonly ECS_CAPACITY_PROVIDER = new ResourceType('AWS::ECS::CapacityProvider');
  /** AWS IoT CACertificate */
  public static readonly IOT_CA_CERTIFICATE = new ResourceType('AWS::IoT::CACertificate');
  /** AWS IoT TwinMaker SyncJob */
  public static readonly IOT_TWIN_MAKER_SYNC_JOB = new ResourceType('AWS::IoTTwinMaker::SyncJob');
  /** Amazon Managed Streaming for Apache Kafka Connect Connector */
  public static readonly KAFKA_CONNECT_CONNECTOR = new ResourceType('AWS::KafkaConnect::Connector');
  /** AWS Lambda CodeSigningConfig */
  public static readonly LAMBDA_CODE_SIGNING_CONFIG = new ResourceType('AWS::Lambda::CodeSigningConfig');
  /** AWS Resource Explorer Index */
  public static readonly RESOURCE_EXPLORER2_INDEX = new ResourceType('AWS::ResourceExplorer2::Index');
  /** Amazon Connect Instance */
  public static readonly CONNECT_INSTANCE = new ResourceType('AWS::Connect::Instance');
  /** EC2 IPAMPool */
  public static readonly EC2_IPAM_POOL = new ResourceType('AWS::EC2::IPAMPool');
  /** EC2 TransitGatewayMulticastDomain */
  public static readonly EC2_TRANSIT_GATEWAY_MULTICAST_DOMAIN = new ResourceType('AWS::EC2::TransitGatewayMulticastDomain');

  /** A custom resource type to support future cases. */
  public static of(type: string): ResourceType {
    return new ResourceType(type);
  }

  /**
   * Valid value of resource type.
   */
  public readonly complianceResourceType: string;

  private constructor(type: string) {
    this.complianceResourceType = type;
  }
}

function renderScope(ruleScope?: RuleScope): CfnConfigRule.ScopeProperty | undefined {
  return ruleScope ? {
    complianceResourceId: ruleScope.resourceId,
    complianceResourceTypes: ruleScope.resourceTypes?.map(resource => resource.complianceResourceType),
    tagKey: ruleScope.key,
    tagValue: ruleScope.value,
  } : undefined;
}