AWS Config Custom Rule - AWS Lambda

index.js

const aws = require('aws-sdk');
const utility = require('./utility');
const config = new aws.ConfigService();

/**
 * In this example, the resource is compliant if it is an instance and its type matches the type specified as the desired type.
 * If the resource is not an instance, then this resource is not applicable.
 */ 
function evaluateChangeNotificationCompliance(configurationItem, ruleParameters) {
    if (configurationItem.resourceType !== 'AWS::EC2::Instance') {
        return 'NOT_APPLICABLE';  // skip
    } else if (ruleParameters.desiredInstanceType === configurationItem.configuration.instanceType) {
        return 'COMPLIANT';  // OK
    }
    return 'NON_COMPLIANT';  // KO
}

/**
 * Receives the event and context from AWS Lambda. 
 */ 
exports.handler = async (event, context, callback) => {
    const invokingEvent = JSON.parse(event.invokingEvent);
    const ruleParameters = JSON.parse(event.ruleParameters);
    const configurationItem = await utility.getConfigurationItem(invokingEvent);

    let compliance = 'NOT_APPLICABLE';
    if (utility.isApplicable(configurationItem, event)) {
        // Invoke the compliance checking function.
        compliance = evaluateChangeNotificationCompliance(configurationItem, ruleParameters);
    }

    // Initializes the request that contains the evaluation results.
    const putEvaluationsRequest = {
        ResultToken: event.resultToken,
        Evaluations: [
            {
                ComplianceResourceType: configurationItem.resourceType,
                ComplianceResourceId: configurationItem.resourceId,
                ComplianceType: compliance,
                OrderingTimestamp: configurationItem.configurationItemCaptureTime,
            },
        ]
    };

    // Sends the evaluation results to AWS Config.
    return await config.putEvaluations(putEvaluationsRequest).promise();
};