Creating custom Config rules - errors


I am writing custom Config rule on the console. I have turned on 'proactive evaluation'. While saving, I get this error: 'One or more of the specified parameters are invalid'

I am not sure whats its complaining about.

I have tried to write this rule which I am unsure about because I believe IAM User config schema does not contain maxAccessKeyAge

let maxKeyAge = 365
rule compliancecheck when 
        resourceType == "AWS::IAM::USER" {
            configuration.maxAccessKeyAge == %maxKeyAge

The above code fails, so I borrowed following sample rules from web:

let volumestatus = 'available'
let volumetype = 'gp3'
let volumeencryptionstatus = true

    rule compliancecheck when 
        resourceType == "AWS::EC2::Volume" {
            configuration.state == %volumestatus
            configuration.encrypted == %volumeencryptionstatus
            configuration.volumeType == %volumetype

this fails as well.

The only code that has worked is this:

let eipresource = relationships.*[ resourceType  == 'AWS::EC2::EIP' ]

rule check_ec2_eip_compliance {
    when %eipresource !empty { == "running"

I would be grateful if you can tell how I can write correct code

1 Answer
  1. Verify the property names against the AWS Config resource schema documentation for AWS::EC2::Volume.<br>
  2. Ensure that the properties you are checking are supported by the resourceType.<br>
  3. Review the rule's syntax for any errors, paying close attention to the structure and operators used in the condition definitions.
let desiredVolumeType = 'gp2'
let encryptionStatus = true

rule check_ec2_volume_compliance when 
    resourceType == "AWS::EC2::Volume" {
        configuration.volumeType == %desiredVolumeType &&
        configuration.encrypted == %encryptionStatus

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions