AWS CloudFormation Hooks now allows AWS Cloud Control API resource configurations evaluation
AWS CloudFormation Hooks now allow you to evaluate resource configurations from AWS Cloud Control API (CCAPI) create and update operations. Hooks allow you to invoke custom logic to enforce security, compliance, and governance policies on your resource configurations. CCAPI is a set of common application programming interfaces (APIs) that is designed to make it easy for developers to manage their cloud infrastructure in a consistent manner and leverage the latest AWS capabilities faster. By extending Hooks to CCAPI, customers can now inspect resource configurations prior to CCAPI create and update operations, and block or warn the operations if there is a non-compliant resource found.
Before this launch, customers would publish Hooks that would only be invoked during CloudFormation operations. Now, customers can extend their resource Hook evaluations beyond CloudFormation to CCAPI based operations. Customers with existing resource Hooks, or who are using the recently launched pre-built Lambda and Guard hooks, simply need to specify “Cloud_Control” as a target in the hooks’ configuration.
Hooks is available in all AWS Commercial Regions. The CCAPI support is available for customers who use CCAPI directly or third-party IaC tools that have CCAPI providers support.
To get started, refer to Hooks user guide and CCAPI user guide for more information. Learn the detail of this feature from this AWS DevOps Blog.