AWS Config custom rules

Others 2019-08-18 15:08:21 views: null

This process will guide you through the process of creating a custom rule, the rule can evaluate each of your EC2 instance is t2.micro type. AWS Config for this rule will run based on an assessment of the event, which means that AWS Config detected each time an instance configuration changes will check your instance configuration. Examples will t2.micro AWS Config labeled compliant instance and mark all other examples not compliant instance. Compliance status is displayed in the console AWS Config.

To ensure the best results of the procedure, your AWS account should have one or more EC2 instances. Your example should contain at least one instance t2.micro instance and other types.

To create this rule, first create an AWS Lambda functions by customizing a blueprint AWS Lambda console. Then, you need to create a custom rule in AWS Config, and the function associated with this rule.

AWS Lambda functions to create custom rules Config

  1. Login AWS Management Console and open the following URL AWS Lambda console: https://console.aws.amazon.com/lambda/ .

  2. On the AWS Management Console menu, select the area to verify whether the rules set up to support AWS Config area. For a list of supported regions, please refer to the  Amazon Web Services general reference  in the  AWS Config area and terminal nodes .

  3. In the AWS Lambda console, select  Create a Lambda function (create Lambda function) .

  4. In the  Select blueprint  page, for the  filter , type  config-rule-Change-triggered . Select the blueprint screening results.

  5. In the  Configure triggers  on the page, select  the Next .

  6. In the  Configure function  page, complete the following steps:

    1. For  Name (name) , type  InstanceTypeCheck.

    2. For  Runtime , please keep  Node.js .

    3. For  Code entry of the type , please keep the  Edit code inline . Code editor with Node.js code to your function. In this program, you do not need to change the code.

    4. For  Handler (Handler) , reserved  index.handler.

    5. For  Role , select  the Create new new Role Template from (S) .

    6. For  Role name , please enter a name.

    7. For  Policy templates (policy template) , select the  AWS Config Rules permission (AWS Config rule authority) .

    8. In the  Configure function  page, select  the Next .

    9. In the  Review  page, verify the details of your function, and then select  the Create function . AWS Lambda console displays your function.

  7. To verify that your function is set correctly, make a test by following these steps:

    1. Select  Actions , and then select  the Configure the Test Event .

    2. In the  Input test event  window, for  the Sample Event Template , select the  AWS Config Change Triggered Rule .

    3. Select  Save and test (Save and test) . AWS Lambda will use the example of an event to test your function. If your function as expected, Execution the Result  under an error message similar to the following appears:

        
      {
  "errorMessage": "Result Token provided is invalid",
  "errorType": "InvalidResultTokenException",
. . .

      Here it is expected to be  InvalidResultTokenException, because only when you receive from AWS Config function of the result of the token  , it can be run successfully. Results token may identify AWS Config rule and event caused assessment and evaluation associated with the rule. This exception indicates that your function will send the results to have the required permissions AWS Config. Otherwise, this error message appears: not authorized to perform: config:PutEvaluations. If this error occurs, please update your role assigned to the function to support the  config:PutEvaluations operation, and then test your function once again.

Create a custom rule

  1. From  https://console.aws.amazon.com/config/  open AWS Config console.

  2. In the AWS Management Console menu, select an area in the region to verify whether your custom rules create the same area used when AWS Lambda function.

  3. In  Rules  page, select  the Add rule .

  4. In the  Add rule  page, select  the Add Custom rule .

  5. In the  Configure rule  page, complete the following steps:

    1. For  Name (name) , type  InstanceTypesAreT2micro.

    2. For the description , type  Evaluates whether EC2 instances are the t2.micro type.

    3. For  AWS Lambda function ARN (AWS Lambda function ARN) , please specify the AWS Lambda ARN assigned to your function.

      note

      You specify in this step can not contain ARN  $LATEST qualifier. You can not specify ARN with a version qualifier, can also carry in addition to  $LATEST any qualifiers outside. AWS Lambda supports version control function, and assigned ARN with a qualifier for each version. AWS Lambda latest version  $LATEST qualifier.

    4. For  the Trigger of the type , select  the Configuration Changes .

    5. For the  Scope of Changes , select  Resources .

    6. For  Resources , select  Instance .

    7. In the  Rule parameters (rule parameters)  section, you must specify the rule parameters and desired values Lambda function evaluation of AWS. Function will evaluate this program  desiredInstanceType parameters.

      For  Key (key) , type  desiredInstanceType. For  Value , type  t2.micro.

  6. Select  the Save . Your new rule appears in the  Rules  page.

    Before AWS Config receipt of the evaluation results from the AWS Lambda functions, the Compliance (compliance)  will be displayed  Evaluating ... (is evaluating ...) . If the rules and functions work as expected, a summary of the results will appear in a few minutes. For example, 2 noncompliant Resource (S)  result means that you have two instances are not t2.micro instance, Compliant  results indicate all instances are t2.micro instance. You can use the refresh button to update the results.

    If a rule or function does not, you might as expected  Compliance  see one of the following contents:

    • No results reported (did not report any results)  - AWS Config rules for the assessment of your resources. Rules do not apply to AWS resources within its scope, specified resource has been deleted, or evaluation rule has been deleted. To get assessment results, update the rules, change the range or select Re-the evaluate .

      Verify that the scope included in the  Resources  of  Instance , and then try again.

    • No resources in scope (range without resources)  - AWS Config can not control rules to assess the AWS resources you record, because any of your resources are not within the rules. To get assessment results, edit the rule and change its range, or use the  Settings (Settings)  page add resources AWS Config to be recorded.

      Check to see whether the record AWS Config EC2 instance.

    • Evaluations failed (evaluation failed)  - related information can help you determine the problem, select the rule name to open its details page and see an error message.

If your regular running and AWS Config provides an assessment of results, you can see which conditions affect the compliance status rules. You can learn what resources are non-compliant (if any) and why.

Guess you like

Origin www.cnblogs.com/cloudrivers/p/11372035.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com