GuardHook ​
The GuardHook resource allows you to manage AWS CloudFormation GuardHooks, which enable you to define custom rules that can be applied during CloudFormation stack operations.
Minimal Example ​
Create a basic GuardHook with required properties and some common optional settings.
ts
import AWS from "alchemy/aws/control";
const basicGuardHook = await AWS.CloudFormation.GuardHook("BasicGuardHook", {
Alias: "MyGuardHook",
RuleLocation: {
Bucket: "my-guardhook-bucket",
Key: "rules.yaml"
},
HookStatus: "ACTIVE",
TargetOperations: ["CREATE", "UPDATE"],
ExecutionRole: "arn:aws:iam::123456789012:role/MyGuardHookRole",
FailureMode: "FAIL",
Options: {
TimeoutInMinutes: 10
}
});Advanced Configuration ​
Configure a GuardHook with additional properties for more complex scenarios, including stack filters and logging.
ts
const advancedGuardHook = await AWS.CloudFormation.GuardHook("AdvancedGuardHook", {
Alias: "AdvancedGuardHookAlias",
RuleLocation: {
Bucket: "my-advanced-guardhook-bucket",
Key: "advanced-rules.yaml"
},
HookStatus: "ACTIVE",
TargetOperations: ["CREATE", "UPDATE", "DELETE"],
ExecutionRole: "arn:aws:iam::123456789012:role/MyAdvancedGuardHookRole",
FailureMode: "CONTINUE",
LogBucket: "my-guardhook-log-bucket",
StackFilters: {
Include: ["MyStack"],
Exclude: ["TestStack"]
},
TargetFilters: {
ResourceTypes: ["AWS::S3::Bucket", "AWS::Lambda::Function"]
}
});Adoption of Existing Resources ​
If you want to adopt existing resources instead of failing when a resource already exists, set the adopt property to true.
ts
const adoptExistingGuardHook = await AWS.CloudFormation.GuardHook("AdoptExistingGuardHook", {
Alias: "AdoptGuardHook",
RuleLocation: {
Bucket: "my-adopt-guardhook-bucket",
Key: "adopt-rules.yaml"
},
HookStatus: "ACTIVE",
TargetOperations: ["CREATE", "UPDATE"],
ExecutionRole: "arn:aws:iam::123456789012:role/MyAdoptGuardHookRole",
FailureMode: "FAIL",
adopt: true
});