How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we discussed AWS config rule with example.

https://cloudaffaire.com/aws-config-rules-with-examples/

In this blog post, we will discuss how to create a custom AWS config rule using rule development kit (RDK). AWS provides lots of AWS managed config rules that you can use directly with AWS config service. But sometime you may need to create a custom AWS config rule for some specific requirement that is not covered by AWS managed config rule. You can manually create a custom config rule custom rule configuration and a lambda function to evaluate against your config configuration item.

If you don’t want to go through that hassle, there is an alternate way to create custom config rule using Rule Development Kit (RDK) which can be used with the community supported custom config rule to setup and deploy AWS config service with custom config rule in less than five mins.

RDK is basically some program written mainly in python boto3 to create and configure AWS config in your AWS landscape on behalf of you. It uses CloudFormation to deploy the required resources for AWS config setup. You can either use custom config rules provided by RDK or Community. If your requirements is still not covered, then you can use RDK to develop a new custom rule and once you’re are satisfied with new custom rule, you contribute to the community by adding the new custom rule to the ever growing community supported custom config rule list.

How To Create A Custom AWS Config Rule Using RDK:

Prerequisites:

  • Python and PIP
  • AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Step 1: Install RDK in your local system.

Step 2: Initialize Rule Development Kit (RDK)

Warning: There are additional cost associated with AWS Config. Please refer AWS latest pricing doc for details.

If you have already enabled and setup AWS config, RDK will just validate your configuration. If you have not enabled and configured AWS config, the RDK will create the necessary IAM role, S3 bucket, Config recordings for you.

How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

Next, we are going to deploy a AWS community provided custom config rule in our AWS config.

Step 3: Deploy a custom config rule using rdk.

This will setup the required permissions, IAM role, custom config rule and a lambda function for rule evaluation using a CloudFormation stack.

How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

How To Create A Custom AWS Config Rule Using RDK

We have successfully deployed a new custom config rule using rdk. Next, we are going to delete all the resources created in this blog.

Step 4: Clean-up

Warning: This is for demo purpose only, do not execute the above command in live environment. This will delete all the resources deployed by CloudFormation stack and revert the rdk init command changes.

Hope you have enjoyed this article. To know more about AWS Config, please refer below official documentation

https://docs.aws.amazon.com/config/index.html

Community supported custom config rules GitHub repo

https://github.com/awslabs/aws-config-rules/

Rule Development Kit (RDK) GitHub repo

https://github.com/awslabs/aws-config-rdk

Leave a Reply

Close Menu