feat(config): proactive evaluation mode (#30174)

### Issue # (if applicable)

Closes #30172.

### Reason for this change

AWS Config supports for proactive evaluation mode but L2 construct cannot configure it. 

### Description of changes

- Define `EvaluationMode` class
- Add `evaluationModes` prop to `RuleProps` 

```ts
new config.ManagedRule(stack, 'ManagedRule', {
  identifier: config.ManagedRuleIdentifiers.API_GW_XRAY_ENABLED,
  evaluationModes: config.EvaluationMode.DETECTIVE_AND_PROACTIVE, // add
});
```

### Description of how you validated changes

Add both unit and integ tests.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: badmintoncryer

packages/@aws-cdk-testing/framework-integ/test/aws-config/test/integ.rule-evaluation-mode.js.snapshot/ConfigRuleEvaluationMode.assets.json

@@ -0,0 +1,201 @@
+{
+ "Resources": {
+  "CustomFunctionServiceRoleD3F73B79": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+       ]
+      ]
+     },
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSConfigRulesExecutionRole"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "CustomFunctionBADD59E7": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Code": {
+     "ZipFile": "exports.handler = (event) => console.log(event);"
+    },
+    "Handler": "index.handler",
+    "Role": {
+     "Fn::GetAtt": [
+      "CustomFunctionServiceRoleD3F73B79",
+      "Arn"
+     ]
+    },
+    "Runtime": "nodejs18.x"
+   },
+   "DependsOn": [
+    "CustomFunctionServiceRoleD3F73B79"
+   ]
+  },
+  "CustomFunctionCustomRulePermissionbM1jVaicvRO9SDCiAbsQcYrOlESEtMwrrF9ZQQRvd5QED54A3F8": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "CustomFunctionBADD59E7",
+      "Arn"
+     ]
+    },
+    "Principal": "config.amazonaws.com",
+    "SourceAccount": {
+     "Ref": "AWS::AccountId"
+    }
+   }
+  },
+  "CustomRuleB1CBBADE": {
+   "Type": "AWS::Config::ConfigRule",
+   "Properties": {
+    "EvaluationModes": [
+     {
+      "Mode": "PROACTIVE"
+     }
+    ],
+    "Scope": {
+     "ComplianceResourceTypes": [
+      "AWS::EC2::Instance"
+     ]
+    },
+    "Source": {
+     "Owner": "CUSTOM_LAMBDA",
+     "SourceDetails": [
+      {
+       "EventSource": "aws.config",
+       "MessageType": "ScheduledNotification"
+      }
+     ],
+     "SourceIdentifier": {
+      "Fn::GetAtt": [
+       "CustomFunctionBADD59E7",
+       "Arn"
+      ]
+     }
+    }
+   },
+   "DependsOn": [
+    "CustomFunctionCustomRulePermissionbM1jVaicvRO9SDCiAbsQcYrOlESEtMwrrF9ZQQRvd5QED54A3F8",
+    "CustomFunctionBADD59E7",
+    "CustomFunctionServiceRoleD3F73B79"
+   ]
+  },
+  "ManagedRule7126A2A0": {
+   "Type": "AWS::Config::ConfigRule",
+   "Properties": {
+    "EvaluationModes": [
+     {
+      "Mode": "DETECTIVE"
+     },
+     {
+      "Mode": "PROACTIVE"
+     }
+    ],
+    "Source": {
+     "Owner": "AWS",
+     "SourceIdentifier": "API_GW_XRAY_ENABLED"
+    }
+   }
+  },
+  "CustomPolicy6CB3FDA5": {
+   "Type": "AWS::Config::ConfigRule",
+   "Properties": {
+    "EvaluationModes": [
+     {
+      "Mode": "DETECTIVE"
+     }
+    ],
+    "Scope": {
+     "ComplianceResourceTypes": [
+      "AWS::DynamoDB::Table"
+     ]
+    },
+    "Source": {
+     "CustomPolicyDetails": {
+      "EnableDebugLogDelivery": true,
+      "PolicyRuntime": "guard-2.x.x",
+      "PolicyText": "\n# This rule checks if point in time recovery (PITR) is enabled on active Amazon DynamoDB tables\nlet status = ['ACTIVE']\n\nrule tableisactive when\n    resourceType == \"AWS::DynamoDB::Table\" {\n    configuration.tableStatus == %status\n}\n\nrule checkcompliance when\n    resourceType == \"AWS::DynamoDB::Table\"\n    tableisactive {\n        let pitr = supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus\n        %pitr == \"ENABLED\"\n}\n"
+     },
+     "Owner": "CUSTOM_POLICY",
+     "SourceDetails": [
+      {
+       "EventSource": "aws.config",
+       "MessageType": "ConfigurationItemChangeNotification"
+      },
+      {
+       "EventSource": "aws.config",
+       "MessageType": "OversizedConfigurationItemChangeNotification"
+      }
+     ]
+    }
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}