Stack Overflow
Stack Overflow

Questions tagged [aws-config]

AWS config provides a detailed view of the resources associated with your AWS account, including how they are configured, how they are related to one another, and how the configurations and their relationships have changed over time.

AWS Config documentation

124 questions
1
vote
0 answers

AWS boto3 describe_config_rules() does not return rule description

I want to use the boto3 to view my config rules. > import boto3 > client = boto3.client('config') > client.describe_config_rules() The previous snippet returns the rule information, but does not include the filed 'Description' for rules with a…
anenriquez
  • 33
  • 4
1
vote
1 answer

How to query EventBridge rules with config/advanced queries?

I'm trying to query EventBridge rules that target a specific lambda across multiple accounts. However, there seem to be no results returned when I run any similar queries: SELECT [...] WHERE resourceType = 'AWS::Events::Rule' the resources are…
circo
  • 166
  • 1
  • 9
1
vote
2 answers

getting Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1 despite having credentials in config file

I have a typescript/node-based application where the following line of code is throwing an error: const res = await s3.getObject(obj).promise(); The error I'm getting in terminal output is: ❌ Missing credentials in config, if using AWS_CONFIG_FILE,…
Sabo Boz
  • 1,683
  • 4
  • 13
  • 29
1
vote
0 answers

How to mark specific resources as exception in AWS config

We have started using AWS config for compliance reasons, but some resources are exceptions and we would like AWS config to ignore those specific resources as they are managed by a third-party CI/CD pipeline. For example, if we have 10 EC2 instances,…
Bhaumik Patel
  • 15,176
  • 5
  • 30
  • 33
1
vote
2 answers

How to fix s3-bucket-policy-grantee-check non-compliance?

I deployed a NIST CSF conformance pack on my AWS account, via AWS Config, to improve my security posture. One of my resources was non-compliant due to the s3-bucket-policy-grantee-check not passing. Firstly, I do not understand what it means in…
kryogenic1
  • 166
  • 1
  • 2
  • 15
1
vote
1 answer

Getting error to create Config remediation rule through Cloudformation (yaml)

I am getting error in the last parameter where I have to mention the value of TrailName and KMSKeyId. Both of these are getting incorrect while creating CFT from yaml file. The exact error is : (Service: AmazonConfig; Status Code: 400; Error Code:…
Sanyam Grover
  • 100
  • 1
  • 8
1
vote
0 answers

Terraform support for AWS Config Conformance Pack with remediation

Terraform aws provider recently added support for AWS Config Conformance Pack (here), with resource name aws_config_conformance_pack. It works fine when adding conformance pack yaml template using either of its parameters template_body or…
Waqas Kayani
  • 133
  • 2
  • 9
1
vote
0 answers

Reevaluate AWS Config rule using CloudFormation

Our entire stack is automated using CloudFormation. I have created a custom rule in AWS Config that uses configuration change based trigger. Sometimes I have to update the lambda of config rule after testing. This is again done via Cloud Formation.…
Jibin
  • 3,054
  • 7
  • 36
  • 51
1
vote
1 answer

Terraform - don't create resource if data source does not exist

I'm using the following set up to iterate through my locals. Certain parameters should only be filled in if terraform can grab the data resource. If the data resource DOES NOT EXIST, then it is noted in the parameter and then the resource creation…
J. Patwary
  • 427
  • 1
  • 7
  • 22
1
vote
0 answers

Adding SourceAccountID to AWS Config Aggregator Using the AWS-CDK

I am currently trying to create an aggregator for all of the config rules I created in order for a client to have a centralized place to view all regions config metrics. Here is my code to create the configAggregator: //adding role for…
aroe
  • 499
  • 1
  • 6
  • 15
1
vote
1 answer

Execute managed AWS Config rule on demand via SDK

Is it possible to run a managed AWS Config rule (for example https://docs.aws.amazon.com/config/latest/developerguide/root-account-mfa-enabled.html) on demand via the SDK? Scenario: As a consultant I want to easily assess a customer's environment…
David O'Brien
  • 813
  • 1
  • 9
  • 18
1
vote
1 answer

Missing argument in aws_config_remediation_configuration resource in terraform

I'm using terraform aws provider version 3.9.0 and working on implementing a remediation for aws config rule. I'm not able to find an argument within "aws_config_remediation_configuration" resource which is related to Automatic trigger of the…
TGS
  • 57
  • 6
1
vote
1 answer

How to configure AWS config to send compliance change notification to SNS topic?

AWS doc given here mentions that we can configure this notification to be sent to SNS topic but I am not able to find steps or tutorial to configure aws config to send this notification. What I have already tried: Cloudwatch alarm to SNS - does not…
jbot
  • 133
  • 1
  • 2
  • 8
1
vote
1 answer

Can AWS config send email to resource tag owner email for non-compliant alerts?

If I enable ssh-restricted rule in AWSConfig with remediation. Can I close the ports with auto remediation and also send a email to the owner of the resource based on the tag information?
Dixon Joseph Dalmeida
  • 302
  • 3
  • 23
1
vote
0 answers

ecs-cli doesn't work with MFA - AssumeRoleTokenProviderNotSetError

I got this error : Error executing 'up': AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set. when trying to execute this command : ecs-cli up --force --capability-iam --size 2…
Habib C
  • 11
  • 2
1 2
3
8 9