Our entire stack is automated using CloudFormation. I have created a custom rule in AWS Config that uses configuration change based trigger. Sometimes I have to update the lambda of config rule after testing. This is again done via Cloud Formation. But the problem is that the Config rule is not triggered, cos there’s no change in the configuration of existing resources. One solution is to comment out the Config rule altogether in CloudFormation template, deploy it, uncomment the rule and then deploy again. Is there a better way ?
Asked
Active
Viewed 103 times
1
-
Why would you want to do it? The point of config is that it can do it by itself - either on change it detects or periodically. – Marcin Jan 12 '21 at 11:37
-
Because the said configuration change might occur once every six month. I & others need to verify/modify the lambda more frequently than that. – Jibin Jan 13 '21 at 01:56
-
I think the only way to do it in a "better way" is through a custom resource. The custom resource would trigger `start_config_rules_evaluation` in boto3 (for example) to trigger rule evaluation. – Marcin Jan 13 '21 at 02:02