Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

How to run AWS CONFIG advanced queries using Lambda Function

0

My requirement is to generate a report to list all AWS resource by executing AWS Config advanced queries using Lambda function on regular basis . Could you please assist how to achieve it

Temas
Sin servidorCálculoGestión y gobierno
Etiquetas
AWS LambdaAWS Config
Idioma
English
rePost-User-6295019
preguntada hace 2 años1836 visualizaciones
3 Respuestas
1

You can query the AWS Config API for advanced queries with the SelectResourceConfig API call. See the AWS documentation for an (CLI) example.

Soenke Ruempler
respondido hace 2 años
  • rePost-User-6295019
    hace 2 años

    I created lambda function and invoking the SelectResourceConfig API using aws cli using below query and it is failing with "Syntax error in module 'lambda_function': invalid syntax (lambda_function.py, line 23)".

    import subprocess import logging import boto3

    logger = logging.getLogger() logger.setLevel(logging.INFO)

    def run_command(command): command_list = command.split(' ') #print(command_list) try: logger.info("Running shell command: "{}"".format(command)) result = subprocess.run(command_list, stderr=subprocess.STDOUT, stdout=subprocess.PIPE); #print(result) logger.info("Command output:\n---\n{}\n---".format(result.stdout.decode('UTF-8'))) except Exception as e: logger.error("Exception: {}".format(e)) return False

    return result

    def lambda_handler(event, context):

    run_command('/opt/aws configservice select-resource-config --expression "SELECT 
resourceId,

    resourceName, resourceType, configuration.tags.value, configuration.vpcId, configuration.subnetId, configuration.publicDnsName, configuration.privateIpAddress, configuration.imageId, configuration.iamInstanceProfile.arn, configuration.instanceId, configuration.instanceType, configuration.securityGroups, configuration.platform, configuration.architecture, configuration.availabilityZone, configuration.state.name WHERE resourceType = 'AWS::EC2::Instance' order by resourceId, resourceName, resourceType, configuration.state.name"')

1

You could use AWS Eventbridge (what used to be called Cloudwatch Events earlier) to create a Scheduler rule that will trigger at periodic intervals. You can define a lambda function as the target of the Lambda function.

Inside the lambda function you can call the relevant API that will give you what you want. For example, if you want to use the AWS Config API ListDiscoveredResources, then you can call the API from inside your lambda function. There are samples provided in the documentation for supported languages - https://docs.aws.amazon.com/config/latest/APIReference/API_ListDiscoveredResources.html. You could write the output to a file and save it on S3.

profile pictureAWS
EXPERTO
Indranil Banerjee AWS
respondido hace 2 años
0

Please follow our blog article on this: https://aws.amazon.com/blogs/mt/how-to-get-a-daily-report-for-your-resources-configuration-changes/

def create_report(aggregator_name, today):
    client = boto3.client('config')
    response = client.select_aggregate_resource_config(
        Expression=f"SELECT * WHERE configurationItemCaptureTime LIKE '{today}%'",
        ConfigurationAggregatorName=aggregator_name
    )
    changed_resources = response["Results"]
    json_list = [json.loads(line) for line in changed_resources]
AWS
AWS-User-8730972
respondido hace 8 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante