0

I have been trying to come up with a way to track any and all instance type changed that happen in our companies account. (ex: t2.micro to t2.nano)

I settled on creating a custom config rule that would alert us if the instance changed with a uncompliant warning, but I think this might be over complicating it and am suspecting that I should be using CloudWatch alarms or EventBridge.

I have used the following setup (from the CLI):

rdk create ec2_check_instance_type --runtime python3.7 --resource-types AWS::ED2::Instance --input-parameters '{"modify-instance-type":"*"}'

modify-instance-type seemed to be the only thing I could find which related to what I was looking for the lambda function to track and I used the wildcard to signify any changes.

I then added the following to the lambda function:

if configuration_item['resourceType'] != 'AWS::EC2::Instance':
        
return 'NOT_APPLICABLE'
    
if configuration_item['configuration']['instanceType'] == valid_rule_parameters['ModifyInstanceAttribute']:
        
return 'NON_COMPLIANT'

is there a different input-parameter that I should be using for this instead of "modify-instance-type"? so far this has returned nothing. I don't think it is evaluating properly.

or does anyone have a service that might be a better way to track configuration changes like this within aws that I'm just not thinking of?

jordanm
  • 33,009
  • 7
  • 61
  • 76
Orick
  • 1
  • I don't have an answer to your question but in your first command it appears you wrote `ED2` instead of `EC2`. – jordanm Nov 20 '21 at 00:42
  • yeah that is just a typo when transposing it to this. it certain that typo is not there in the actual code, but thank you for pointing it out. I was brain storming over the weekend and I'm going to try to use a Boolean instead of the wildcard since the input parameters are python based. wish me luck. – Orick Nov 22 '21 at 14:14

0 Answers0