Unable to delete AWS Config Org Config Rule

0

I wanted to create a config rule for my entire org to require specific tags and key values. I was able to deploy this rule from my management account using Cloudshell with this command:

aws configservice put-organization-config-rule \
--organization-config-rule-name "required-tags" \
--organization-managed-rule-metadata '{
"Description": "Checks whether your resources have the tags that you specify.",
"RuleIdentifier": "REQUIRED_TAGS",
"InputParameters": "{\"tag1Key\":\"cost-center\",\"tag1Value\":\"corporate,operations,manufacturing\",\"tag2Key\":\"owner\",\"tag2Value\":\"it,finance,accounting,security\"}"
 }'

From here, I can modify the rule by changing one of of the keys or values, and re-running, and this rule is deployed both to my management account and all member accounts, so that is good. I can also run this command:

aws configservice get-organization-config-rule-detailed-status --organization-config-rule-name required-tags

Which shows the config rule is deployed and successful in all of the accounts, and I can switch to those member accounts, and navigate to AWS Config and view the rule as well as any compliance issues. So all seems to be working as expected at this point.

I am now trying to delete this rule, and this is where I am having an issue. When I run this command:

aws configservice delete-config-rule --config-rule-name required-tags

In Cloudshell in my Management account (where I originally created it), using the same account permissions (Admin), I get this error message:

An error occurred (NoSuchConfigRuleException) when calling the DeleteConfigRule operation: The ConfigRule 'required-tags' provided in the request is invalid. Please check the configRule name.

The actual name of the Config Rule when it is created is OrgConfigRule-required-tags-hbujvwln, so I have tried re-running the command with that name, with and without double quotes, all upper case (as I found one output example that used all caps as the name), and so forth. All of them say there is no such config rule by that name. Any ideas how to delete this rule?

1 Answer
2
Accepted Answer

You'll need to use the delete-organization-config-rule command instead of delete-config-rule: https://awscli.amazonaws.com/v2/documentation/api/2.1.30/reference/configservice/delete-organization-config-rule.html

EXPERT
Leo K
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • That was it. Not sure how I veered off from the documentation into the wrong command...thanks for the help!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions