Skip to content

Instantly share code, notes, and snippets.

@alexcasalboni alexcasalboni/index.js
Last active Feb 25, 2019

Embed
What would you like to do?
AWS Config Custom Rule - AWS Lambda
const aws = require('aws-sdk');
const utility = require('./utility');
const config = new aws.ConfigService();
/**
* In this example, the resource is compliant if it is an instance and its type matches the type specified as the desired type.
* If the resource is not an instance, then this resource is not applicable.
*/
function evaluateChangeNotificationCompliance(configurationItem, ruleParameters) {
if (configurationItem.resourceType !== 'AWS::EC2::Instance') {
return 'NOT_APPLICABLE'; // skip
} else if (ruleParameters.desiredInstanceType === configurationItem.configuration.instanceType) {
return 'COMPLIANT'; // OK
}
return 'NON_COMPLIANT'; // KO
}
/**
* Receives the event and context from AWS Lambda.
*/
exports.handler = async (event, context, callback) => {
const invokingEvent = JSON.parse(event.invokingEvent);
const ruleParameters = JSON.parse(event.ruleParameters);
const configurationItem = await utility.getConfigurationItem(invokingEvent);
let compliance = 'NOT_APPLICABLE';
if (utility.isApplicable(configurationItem, event)) {
// Invoke the compliance checking function.
compliance = evaluateChangeNotificationCompliance(configurationItem, ruleParameters);
}
// Initializes the request that contains the evaluation results.
const putEvaluationsRequest = {
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceType: configurationItem.resourceType,
ComplianceResourceId: configurationItem.resourceId,
ComplianceType: compliance,
OrderingTimestamp: configurationItem.configurationItemCaptureTime,
},
]
};
// Sends the evaluation results to AWS Config.
return await config.putEvaluations(putEvaluationsRequest).promise();
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.