The AWS Config Rules Development Kit helps developers set up, author and test custom Config rules. It contains scripts to enable AWS Config, create a Config rule and test it with sample ConfigurationItems.
Home Page: https://aws-config-rdk.readthedocs.io
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Using the metadata of the rule, create the parameter in the CFN. We will need a mandatory vs. optional flag in the parameters.json.
rdk create --runtime python3.6 --maximum-frequency One_Hour
I have used the above command to create a periodic rule. it creates a periodic rule but it does not the set the evaluation frequency to one hour.
change partition to arn:aws-us-gov: if region == us-gov-west-1
Because I changed the json manually, one of my parameters.json was invalid due to a missing ",".
The thrown error is not processed: it just displays JSONDecode failure.
Please add indication of the file name, for easier debugging.
if the rule created by the rdk deploy deleted then subsequent rdk deploy does not recognize whether the rule exists or not. Even if the rule does not exists rdk deploy becomes successful.
The input validation regected my tries on puting a list or [].
No documentation found
Currently the RDK needs to be called from the python repo. Please package it as an exe to make it available in any directory.
Useful for doing automated testing
While programming, we need now 3 requests to see the results on the code in the CLI.
Can we create a command "test-remote" (or something), which deploy, start a manual eval, and do logs -f?
I am on Windows. Latest Python 3.6
From init: S3 bucket created: config-rule-code-bucket-XXXXXXXXX6564eu-west-1 (account id hidden) [note: why not putting an hyphen between the account id and region?]
I used the rdk deploy. The file uploaded directly in the bucket is named:
"emr-cmk-encrypted\emr-cmk-encrypted.zip"
I guess it supposes to have a directory, but not it is not created.
The CFn then failed with a "Error occurred while GetObject. S3 Error Code: NoSuchKey. S3 Error Message: The specified key does not exist."
Complete CFn logs:
| 07:53:35 UTC+0800 | ROLLBACK_COMPLETE | AWS::CloudFormation::Stack | emr-cmk-encrypted | |
|---|---|---|---|---|
| 07:53:34 UTC+0800 | DELETE_COMPLETE | AWS::IAM::Role | rdkLambdaRole | |
| 07:53:33 UTC+0800 | DELETE_IN_PROGRESS | AWS::IAM::Role | rdkLambdaRole | |
| 07:53:32 UTC+0800 | DELETE_COMPLETE | AWS::Lambda::Function | rdkRuleCodeLambda | |
| 07:53:10 UTC+0800 | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | emr-cmk-encrypted | |
| 07:53:10 UTC+0800 | CREATE_FAILED | AWS::Lambda::Function | rdkRuleCodeLambda | |
| 07:53:01 UTC+0800 | CREATE_IN_PROGRESS | AWS::Lambda::Function | rdkRuleCodeLambda | |
| 07:52:59 UTC+0800 | CREATE_COMPLETE | AWS::IAM::Role | rdkLambdaRole | |
| 07:52:42 UTC+0800 | CREATE_IN_PROGRESS | AWS::IAM::Role | rdkLambdaRole | |
| 07:52:42 UTC+0800 | CREATE_IN_PROGRESS | AWS::IAM::Role | rdkLambdaRole | |
| 07:52:38 UTC+0800 | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | emr-cmk-encrypted |
C:\Users\jrault\AppData\Local\Programs\Python\Python36\Scripts>python rdk modify iam-mfa-enabled --input-parameters '{"WhitelistedUserList":"ARIAWERTYUFDSSS"}'
Running modify!
Error parsing input parameter JSON. Make sure your JSON keys and values are enclosed in double quotes and your input-parameters string is enclosed in single quotes.
Traceback (most recent call last):
File "rdk", line 32, in
return_val = my_rdk.process_command()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 56, in process_command
exit_code = method_to_call()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 288, in modify
self.__write_params_file()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 774, in __write_params_file
raise e
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 771, in _write_params_file
my_input_params = json.loads(self.args.input_parameters, strict=False)
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\json_init.py", line 367, in loads
return cls(**kw).decode(s)
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\json\decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\json\decoder.py", line 357, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Now it is hardcoded in RDK for the format of bucket name: config-bucket-<ACCOUNT_ID>. It is better if users can specified in config files or CLI parameters.
Add a flag to allow init to ignore missing Config bucket, for the use case where a central bucket in a separate account is being used to track Configuration history.
Currently, when we request wrong sample CI it throws the exception. An error message with valid Resource Type format would be more helpful.
We need to deploy managed rules as well. Ideally, the RDK could help to do so.
The message that comes is as under
Traceback (most recent call last):
File "/usr/local/bin/rdk", line 12, in
from rdk import rdk
File "/Library/Python/2.7/site-packages/rdk/rdk.py", line 31, in
import mock
ImportError: No module named mock
RDK init is great for dev, but not for a consistent deployment in a Account Vending Machine context.
The Function-only is searching to use the s3 bucket: config-rule-code-bucket-XXXXXXXXXXXXXXXXXXXXX
Without RDK init, it fails (see below). Can we either create the "rdk init" bucket in function-only or specify a particular bucket to create/use : rdk deploy -f --all --s3-bucket-name blabla
Container] 2018/07/18 06:54:04 Running command rdk deploy -f --all
Running deploy!
Generating CloudFormation template for Lambda Functions!
Traceback (most recent call last):
File "/usr/local/bin/rdk", line 32, in <module>
return_val = my_rdk.process_command()
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 58, in process_command
exit_code = method_to_call()
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 373, in deploy
Key=self.args.stack_name + ".json"
File "/usr/local/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.NoSuchBucket: An error occurred (NoSuchBucket) when calling the PutObject operation: The specified bucket does not exist
The base for Config (recorder, IAM role, bucket), might defer. It needs an option to only generate the Rule CFN.
Suggestion
As most API calls from Rules on live resources are described. Best to have it in the lambda function by default.
rdk test-local cloudtrail-lfi-enabled
Running local test!
Testing cloudtrail-lfi-enabled
cloudtrail-lfi-enabled_test.py
Traceback (most recent call last):
File "rdk", line 32, in
return_val = my_rdk.process_command()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 56, in process_command
exit_code = method_to_call()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 463, in test_local
results = unittest.TextTestRunner(buffer=True, verbosity=2).run(self.__create_test_suite(test_dir))
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 608, in __create_test_suite
suites = [unittest.defaultTestLoader.loadTestsFromName(test) for test in tests]
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 608, in
suites = [unittest.defaultTestLoader.loadTestsFromName(test) for test in tests]
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\unittest\loader.py", line 153, in loadTestsFromName
module = import(module_name)
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\Scripts\cloudtrail-lfi-enabled\cloudtrail-lfi-enabled_test.py", line 22
import cloudtrail-lfi-enabled as rule
^
SyntaxError: invalid syntax
RDK was deploying even when I gave a wrong rule name
So I gave MFARule instead of MFArule it successfully deployed it but later evaluation did not work.
But if it gets deployed you will never know if you provided wrong rule name or not
Need to improve arg parsing to display usage instructions if command is called without rule name(s), --rulesets flag, or --all flag.
Current error:
(rdk-test) [mborch] rdk-test $ rdk deploy
Running deploy!
Traceback (most recent call last):
File "/Users/mborch/Code/rdk-test/bin/rdk", line 6, in
exec(compile(open(file).read(), file, 'exec'))
File "/Users/mborch/Code/aws-config-rdk/bin/rdk", line 32, in
return_val = my_rdk.process_command()
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 58, in process_command
exit_code = method_to_call()
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 448, in deploy
rule_names = self.__get_rule_list_for_command()
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 1116, in __get_rule_list_for_command
cleaned_rule_name = self.__clean_rule_name(self.args.rulename[0])
IndexError: list index out of range
My rdk deploy -f --all cmd failed, with the entire pipeline due to one parameters.json.
The error is cryptic. Ideally I would add a explicit warning about the rule not being deploy (rule name, file, line/collum, error message).
Current error FYI
[Container] 2018/08/28 00:03:47 Running command rdk deploy -f --all > ../result.txt
Traceback (most recent call last):
File "/usr/local/bin/rdk", line 33, in <module>
return_val = my_rdk.process_command()
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 68, in process_command
exit_code = method_to_call()
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 538, in deploy
function_template = self.__create_function_cloudformation_template()
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 1825, in __create_function_cloudformation_template
params = self.__get_rule_parameters(rule_name)
File "/usr/local/lib/python3.6/site-packages/rdk/rdk.py", line 1414, in __get_rule_parameters
my_json = json.load(parameters_file)
File "/usr/local/lib/python3.6/json/__init__.py", line 299, in load
parse_constant=parse_constant, object_pairs_hook=object_pairs_hook, **kw)
File "/usr/local/lib/python3.6/json/__init__.py", line 354, in loads
return _default_decoder.decode(s)
File "/usr/local/lib/python3.6/json/decoder.py", line 339, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/local/lib/python3.6/json/decoder.py", line 355, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 10 column 5 (char 326)
If i put the same string that InputParameters in the OptionalParameters, the parameters are not deployed with the rules.
{
"Version": "1.0",
"Parameters": {
"RuleName": "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS",
"SourceRuntime": "python3.6",
"CodeKey": "VPC_SG_OPEN_ONLY_TO_AUTHORIZED_PORTS.zip",
"InputParameters": "{\"authorizedTCPPorts\": \"443\", \"authorizedUDPPorts\": \"80-443\", \"exceptionList\": \"sg-101,sg-102,sg-103\"}",
"OptionalParameters": "{}",
"SourceEvents": "AWS::EC2::SecurityGroup"
}
}
On windows, got the following error.
C:\Users\myname\AppData\Local\Programs\Python\Python36\Scripts>python rdk logs myrule
'stty' is not recognized as an internal or external command,
operable program or batch file.
Traceback (most recent call last):
File "rdk", line 32, in
return_val = my_rdk.process_command()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 50, in process_command
exit_code = method_to_call()
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 564, in logs
self.__print_log_event(event)
File "C:\Users\jrault\AppData\Local\Programs\Python\Python36\lib\site-packages\rdk\rdk.py", line 629, in __print_log_event
rows, columns = os.popen('stty size', 'r').read().split()
ValueError: not enough values to unpack (expected 2, got 0)
Need to loop
the sample-ci generated by rdk for S3 resources is not the actual ci event
actual ci has preserved nested json strings for some fields such as
"supplementaryConfiguration": { "AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"d609ca1050da1465c902203c3f5b8129ab754942ab2415b1cdf6de6e82c7d219\",\"displayName\":null},\"permission\":\"FullControl\"}],\"owner\":{\"displayName\":null,\"id\":\"d609ca1050da1465c902203c3f5b8129ab754942ab2415b1cdf6de6e82c7d219\"},\"isRequesterCharged\":false}", "BucketAccelerateConfiguration": { "status": null }, "BucketLoggingConfiguration": { "destinationBucketName": null, "logFilePrefix": null }, "BucketNotificationConfiguration": { "configurations": {} }, "BucketPolicy": { "policyText": "{\"Version\":\"2012-10-17\",\"Id\":\"Policy1478390053757\",\"Statement\":[{\"Sid\":\"Stmt1478389920384\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::testbucket2\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}},{\"Sid\":\"Stmt1478389920384\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:Get*\",\"Resource\":\"arn:aws:s3:::testbucket2\",\"Condition\":{\"StringEquals\":{\"aws:sourceVpce\":\"vpce-mock123\"}}}]}" }
but the sample-ci generates a full transformed dictionary as
{ "configurationItemCaptureTime": "2016-11-06T06:21:42.759Z", "resourceCreationTime": "2016-11-05T23:59:32.000Z", "availabilityZone": "Regional", "awsRegion": "ap-southeast-2", "tags": {}, "resourceType": "AWS::S3::Bucket", "resourceId": "testbucket2", "configurationStateId": "1478413302759", "relatedEvents": [ "e4a8244d-c94f-47f1-b441-424d31b0833a" ], "relationships": [], "arn": "arn:aws:s3:::testbucket2", "version": "1.2", "configurationItemMD5Hash": "2da1efbd2e4eee634d8be076f3e2eda7", "supplementaryConfiguration": { "BucketReplicationConfiguration": { "rules": { "testbucket2": { "status": "Enabled", "prefix": "", "destinationConfig": { "bucketARN": "arn:aws:s3:::testbucket2-us-west-2", "storageClass": null } } }, "roleARN": "arn:aws:iam::264683526309:role/testbucket2-testbucket2-us-west-2-s3-repl-role" }, "BucketAccelerateConfiguration": { "status": null }, "AccessControlList": { "owner": { "displayName": "aarkho", "id": "28f61982c7ea8ba301f8d90b4fe979a567383f85e9706603da913d27f5522c59" }, "grantSet": null, "isRequesterCharged": false, "grantList": [ { "grantee": { "displayName": "aarkho", "id": "28f61982c7ea8ba301f8d90b4fe979a567383f85e9706603da913d27f5522c59" }, "permission": "FullControl" } ] }, "BucketLoggingConfiguration": { "destinationBucketName": null, "logFilePrefix": null }, "IsRequesterPaysEnabled": "false", "BucketNotificationConfiguration": { "configurations": {} }, "BucketVersioningConfiguration": { "status": "Enabled", "isMfaDeleteEnabled": null }, "BucketPolicy": { "policyText": { "Version": "2012-10-17", "Id": "Policy1478390053757", "Statement": [ { "Resource": "arn:aws:s3:::testbucket2", "Effect": "Deny", "Sid": "Stmt1478389920384", "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Principal": "*" }, { "Resource": "arn:aws:s3:::testbucket2", "Effect": "Allow", "Sid": "Stmt1478389920384", "Action": "s3:*", "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-unknown" } }, "Principal": "*" } ] } } }, "resourceName": "testbucket2", "configuration": { "owner": { "displayName": "aarkho", "id": "28f61982c7ea8ba301f8d90b4fe979a567383f85e9706603da913d27f5522c59" }, "creationDate": "2016-11-05T23:59:32.000Z", "name": "testbucket2" }, "configurationItemStatus": "OK", "accountId": "264683526309" }
Currently, all the rules are displayed in-line seperated by space. Please add a carriage return between rule to improve readability.
> rdk rulesets list rulecriticity:medium
Rules in rulecriticity:medium : IAM_USER_USED_LAST_90_DAYS KMS_KEY_ROTATION_ENABLED S3_BUCKET_PUBLIC_WRITE_PROHIBITED VPC_DEFAULT_SECURITY_GROUP_BLOCKED
rdk undeploy throws below exception when using python2.7
$ rdk undeploy undeploy-test
Delete specified Rules and Lamdba Functions from your AWS Account? (y/N): y
Traceback (most recent call last):
File "/usr/local/bin/rdk", line 32, in
return_val = my_rdk.process_command()
File "/Library/Python/2.7/site-packages/rdk/rdk.py", line 67, in process_command
exit_code = method_to_call()
File "/Library/Python/2.7/site-packages/rdk/rdk.py", line 468, in undeploy
my_input = input("Delete specified Rules and Lamdba Functions from your AWS Account? (y/N): ")
File "", line 1, in
NameError: name 'y' is not defined
Currently throws a stack trace when trying to clean up the missing role:
(rdk-test) [mborch] rdk-test $ rdk clean
Delete all Rules and remove Config setup?! (y/N): y
Running clean!
Traceback (most recent call last):
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 279, in clean
response = iam_client.get_role(RoleName=config_role_name)
File "/Users/mborch/Code/rdk-test/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/mborch/Code/rdk-test/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.NoSuchEntityException: An error occurred (NoSuchEntity) when calling the GetRole operation: The user with name config-role cannot be found.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/mborch/Code/rdk-test/bin/rdk", line 6, in
exec(compile(open(file).read(), file, 'exec'))
File "/Users/mborch/Code/aws-config-rdk/bin/rdk", line 33, in
return_val = my_rdk.process_command()
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 68, in process_command
exit_code = method_to_call()
File "/Users/mborch/Code/aws-config-rdk/rdk/rdk.py", line 302, in clean
print("Error encountered finding Config Role to remove: " + str(e))
UnboundLocalError: local variable 'e' referenced before assignment
Could not find it in the doc
When the Global variable ASSUME_ROLE_MODE = True, the config role is being assumed by lambda in the scenario of a cross account to put-evaluation, describe, etc.
The role config-rdk has the correct configuration (trust policy and permission policy)
test-local does have an option --verbose but there is no log output if tests are ok. how can i get an output with tests being ok
The users are requesting an explicit description on the rules, since some (managed) rule do not have annotations.
By default there is a description field in the rules, can we had it into the parameters.json and include it into the create-rule-template function?
Because Config Rules does not allow to sort by other things than the name, the prefix can become useful for criticity for example.
Code Snippet:
if mfa_device_details['MFADevices'] == []:
print('User: '+userName+' is NOT-COMPLIANT!')
eval["ComplianceType"] = "NON_COMPLIANT"
eval["Annotation"] = "No MFA Device detected for user"
evaluation.append(eval)
return evaluation
ERROR:
Parameter validation failed:
Invalid type for parameter Evaluations[0].ComplianceType, value: [{'ComplianceType': 'COMPLIANT', 'Annotation': ' MFA detected'}], type: <class 'list'>, valid types: <class 'str'>: ParamValidationError
We narrowed down the cause of this error to these lines in rule_util.py:
configurationItem = get_configuration_item(invokingEvent)
if configurationItem is None:
compliance = lambda_handler(event, context)
if isinstance(compliance, list):
for evaluation in compliance:
missing_fields = False
The value returned from lambda_handler is compared to be a list only if configurationItem is None.
Version-runtime : rdk-0.3.7-py3.6
Line 1119 in 14f207e
This create a lot of noise in the logs, since many rules are either periodic or config change, but not coded for both.
rdk deploy VPC_OPEN_SECURITY_GROUP_ONLY_TO_AUTHORIZED_PORTS
Running deploy!
Zipping VPC_OPEN_SECURITY_GROUP_ONLY_TO_AUTHORIZED_PORTS
Uploading VPC_OPEN_SECURITY_GROUP_ONLY_TO_AUTHORIZED_PORTS
Upload complete.
Creating CloudFormation Stack for VPC_OPEN_SECURITY_GROUP_ONLY_TO_AUTHORIZED_PORTS
Waiting for CloudFormation stack operation to complete...
CloudFormation stack operation Rolled Back for VPCOPENSECURITYGROUPONLYTOAUTHORIZEDPORTS.
Config deploy complete.
logs:
| 1 validation error detected: Value 'RDK-Rule-Function-VPC_OPEN_SECURITY_GROUP_ONLY_TO_AUTHORIZED_PORTS' at 'functionName' failed to satisfy constraint: Member must have length less than or equal to 64 (Service: AWSLambda; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: b786245f-b615-11e8-839d-8db7ce88a00e)
-- | --
Currently, if you specify invalid resource type in --resource-type parameter, rdk accepts the accepts the resource type.
Error from this directory code, it keeps asking for the mock. The pypi works.
From RCS Flex.
currently rdk does not have an option display it's version, parameter -v or --verison to display version would be more convenient instead of checking version using pip freeze
if the lambda function created by the first rdk deploy does not exits then subsequent rdk deploy throws below exception
(ven-rdk-adding-ci) 186590d07c09:ven-rdk-adding-ci rafih$ rdk deploy lambda-delete/
Removing trailing '/'
Running deploy!
Zipping lambda-delete
Uploading lambda-delete
Upload complete.
Updating CloudFormation Stack for lambda-delete
No changes to Config Rule.
Publishing Lambda code...
Creating CloudFormation Stack for lambda-delete
Traceback (most recent call last):
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/bin/rdk", line 7, in
exec(compile(f.read(), file, 'exec'))
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/aws-config-rdk/bin/rdk", line 32, in
return_val = my_rdk.process_command()
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/aws-config-rdk/rdk/rdk.py", line 67, in process_command
exit_code = method_to_call()
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/aws-config-rdk/rdk/rdk.py", line 556, in deploy
'CAPABILITY_IAM',
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/lib/python2.7/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/rafih/git-stuff/ven-rdk-adding-ci/lib/python2.7/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.AlreadyExistsException: An error occurred (AlreadyExistsException) when calling the CreateStack operation: Stack [lambdadelete] already exists
Steps to reproduce.
++ Create rule
++ Deploy the rule
++ delete the lambda function created by the rdk deploy
++ run rdk deploy
The goal is to be able to enable a multi-region multi-account environment.
Probably via StackSet?
It seems now we have to create more RDK working folders to avoid conflicts when (>1) new rules.
Even if the "config-bucket-ACCOUNTID" rdk prints bucket exists and continues with the initialization, it never actually checks if bucket exists.
can be tested by deleting the bucket and running rdk init
After building a ConfigurationChange-triggered rule, the wrapper crashes when the resource is deleted (no error in the log). It doesn't even get to the handler code (printing "event()").
Attached a code of a rule which crashes on IAM User.
iam-mfa-enabled.txt
I may be missing something but
In the config rule console, I can create a rule that is triggered AND periodic (ie. the options are not mutually exclusive). However, when I deploy a rule using the rdk, it doesn't seem to set both options even though my parameters file contains both periodic and source events.
{
"Parameters": {
"CodeKey": "access-key-rotation.zip",
"SourceRuntime": "python2.7",
"SourcePeriodic": "TwentyFour_Hours",
"RuleName": "access-key-rotation",
"SourceEvents": "AWS::IAM::User",
"InputParameters": "{\"maxKeyDays\": \"90\"}"
}
}
I was hoping this would give me a rule triggered on users AND every 24 hours periodic. Right now, I have to deploy using the rdk and then go into the UI and check off periodic to get both.
Am I missing something though?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.