AWS config provides a detailed view of the resources associated with your AWS account, including how they are configured, how they are related to one another, and how the configurations and their relationships have changed over time.
Questions tagged [aws-config]
124 questions
0
votes
1 answer
Is it possible to auto enable AWS Config on addition of a new account to organisation?
AWS has auto-join/auto-enable recording of new resources and accounts in Security Hub, which I am happily using.
I wanted to enable the same kind of setting for AWS Config, which currently require manual setup for all new accounts of my…

Ido Van Orell
- 133
- 1
- 4
0
votes
0 answers
SIMPLE: AWS Config Query Group By issue
This is my first foray into AWS CONFIG and I'm use the advanced query editor to first generate a full list of resources used by the account and I wanted to group by a certain field
SELECT
accountId,
resouceId,
resouceType,
arn,
…

snicksnackpaddywhack91
- 163
- 2
- 9
0
votes
2 answers
How to find terminated instances based on IP address in AWS CloudTrail
I am trying to find a terminated EC2 instance in CloudTrail based on a Primary Private IP, but no luck.
I also tried looking at AWS Config resource timeline. Not savvy with AWS Config Advance queries either. Even in that case I would need to look…

Ex-machina
- 1
- 3
0
votes
0 answers
Suppress or delete findings & violations (security hub/config) for default created resources by control tower?
I deployed control tower in the ca-central-1 region and enabled security hub and aws config through a dedicated admin account (audit account provided by default via control tower).
I then enabled the following security standards:
PCI DSS v3.2.1
CIS…

kryogenic1
- 166
- 1
- 2
- 15
0
votes
2 answers
How to Check if AWS Named Configure profile exists
How do I check if a named profile exists before I attempt to use it ?
aws cli will throw an ugly error if I attempt to use a non-existent profile, so I'd like to do something like this :
$(awsConfigurationExists "${profile_name}") && aws iam…

AndrewD
- 4,924
- 3
- 30
- 32
0
votes
2 answers
How could I setup a AWS Config rule for any changes made to my Instance?
I have EC2 Instances launching automatically from my AMI setup to a LB and ASG. I want to now configure a security service like AWS Config to monitor my EC2 Instance for any Configuration changes.
The issue I am having is knowing which rule in AWS…

Ronte
- 27
- 5
0
votes
1 answer
AWS s3 lifecycle policy
we are checking if lifecycle policies are applied (compliant) to all prefixes individually ( not inherited from parent bucket) . we are capturing the event from AWS config and if the lifecycle policy is changed. Is there a way to trace which…

user184008
- 37
- 1
- 1
- 9
0
votes
1 answer
Unable to disable AWS Config recorder despite having Admin
"You do not have sufficient permissions to perform this action."
That's the error message I get when trying to disable recording in AWS Config in the AWS Management console, but I have AdministratorAccess as my policy.
The docs talk about granting…

Yann Stoneman
- 953
- 11
- 35
0
votes
1 answer
CredentialsError: Missing credentials in config, if using AWS_CONFIG_FILE, set AWS_SDK_LOAD_CONFIG=1
I posted a question yesterday and today I have got a problem with the same project different error:
my credentials and config files look like this:
[ask-cli-Falkowsky]
aws_access_key_id =XXXXXXXXXXXX
aws_secret_access_key…

Falko
- 33
- 8
0
votes
2 answers
Terraform - Dynamic variables arguments
I feel like I've tried this a bunch of different ways but I may be a little off in terms of how I am calling these variables. I have the following code:
config_rule_params = {
"access_keys_rotated" = {
"input_parameters" =…

J. Patwary
- 427
- 1
- 7
- 22
0
votes
2 answers
Failed to create AWSConfig rule: InvalidParameterValueException: Blank spaces are not acceptable for input parameter: threshold
I am trying to create an aws config rule for checking that cloudtrail alarms are enabled. I get the following error Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Blank spaces are not…

Evan Gertis
- 1,796
- 2
- 25
- 59
0
votes
1 answer
Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException
I'm trying to add a an aws_config_config_rule resource with a set of input_parameters, but I keep getting
Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Unknown parameters provided in the…

Evan Gertis
- 1,796
- 2
- 25
- 59
0
votes
2 answers
Unable to perform config:PutEvaluations due to the lack of permissions on the role
Hello I am trying to add AWS Config in Terraform. I've set up the following policy attachment like so:
resource aws_iam_policy policy {
name = "test-policy"
policy = <

Evan Gertis
- 1,796
- 2
- 25
- 59
0
votes
1 answer
AWS Config query to track changes
I am implementing AWS Config and trying to figure out how to run a query which will tell us if there are any changes to the security groups or firewalls. I've setup a SNS topic and played with some existing rules such as…

NetSystemAdmin
- 505
- 1
- 6
- 16
0
votes
1 answer
Understanding AWS-Config Rules and Confuguration Changes
I am currently using the aws-cdk and my task is to create config rules for 15 or so rules that we want to watch and receive notifications on. Here is my code for reference:
const vpcFlowLoggingBucket = new s3.Bucket(this,'vpcFlowLoggingBucket', {
…

aroe
- 147
- 2
- 13