{
  "Resources": {
    "AWSConfigRule": {
      "Type": "AWS::Config::ConfigRule",
      "Properties": {
        "ConfigRuleName": {
          "Ref": "ConfigRuleName"
        },
        "Description": "Checks whether security groups that are in use disallow unrestricted incoming SSH traffic.",
        "InputParameters": {},
        "Scope": {
          "ComplianceResourceTypes": [
            "AWS::EC2::SecurityGroup"
          ]
        },
        "Source": {
          "Owner": "AWS",
          "SourceIdentifier": "INCOMING_SSH_DISABLED"
        },
        "MaximumExecutionFrequency": {
          "Ref": "MaximumExecutionFrequency"
        }
      }
    }
  },
  "Parameters": {
    "ConfigRuleName": {
      "Type": "String",
      "Default": "restricted-ssh",
      "Description": "The name that you assign to the AWS Config rule.",
      "MinLength": "1",
      "ConstraintDescription": "This parameter is required."
    },
    "MaximumExecutionFrequency": {
      "Type": "String",
      "Default": "TwentyFour_Hours",
      "Description": "The frequency that you want AWS Config to run evaluations for the rule.",
      "MinLength": "1",
      "ConstraintDescription": "This parameter is required.",
      "AllowedValues": [
        "One_Hour",
        "Three_Hours",
        "Six_Hours",
        "Twelve_Hours",
        "TwentyFour_Hours"
      ]
    }
  },
  "Metadata": {
    "AWS::CloudFormation::Interface": {
      "ParameterGroups": [
        {
          "Label": {
            "default": "Required"
          },
          "Parameters": []
        },
        {
          "Label": {
            "default": "Optional"
          },
          "Parameters": []
        }
      ]
    }
  },
  "Conditions": {}
}