So I have problems with ebs-in-backup-plan because it flags some systems that are outside of my backup plan because my backup plan covers what is marked with an Environment=production tag. And I see other rules support specifying tags (maybe!?). And the description of parameters contains the following:
Rule parameters define attributes that your resources must adhere to for compliance with the rule. Example attributes include a required tag or a specified S3 bucket.
So the authors of AWS Config are aware that EVERY other AWS service supports tags and they are aware of them. BUT when you consult the docs there are NO PARAMTERS for ebs-in-backup-plan to allow you to specify a universal consistent property across ALL AWS Services: tags!!!
At a bare minimum every rule should just have tags available to filter it by, and probably NOT as parameters but given it's own property of the rule so it's consistent. But AWS Config is such a ridiculously bad amazon service it doesn't support it consistently across all rules. AND AWS Config isn't a new service it's ~10 years old, and hasn't figured out how bad the UX experience and feature set is?! I would be embarrassed if I was the author or team member of this service. And I'm only using this garbage service because AWS Backup's framework feature requires me to. So now the awful UX of AWS Config is blowing back on AWS Backup UX with an overall poor UX for setting up that service simply because they decided to use it. It seems like AWS Backup framework feature is trying to replace AWS Config in a limited scope, but because you have to record config changes they feel like they have to use it.
But this is the peril of dependencies between services in AWS which happens too much because I'm forced to use sometimes 4 services just to use one simple feature. And inevitably when something goes wrong in these 4 dependencies, that I never wanted to use in the first place, I get trapped debugging and troubleshooting the dependencies that I really don't care that much about. So now I'm forced to learn about these dependent services are so generic they are often difficult to learn because I just want to set this up. But, AWS seems to care so little about these type of problems with their systems.