I am facing below error in the automated Lambda created about aws-config-rdk HOT 5 CLOSED

What's the payload that was passed to the lambda?

from aws-config-rdk.

I have added below - logic in to my code

if configuration_item['resourceType'] != 'AWS::EC2::instance' and vpc_id == 'vpc-080ac8277aa0649df':
return 'NOT_APPLICABLE'

if configuration_item['configuration']['VpcId'] == valid_rule_parameters['desiredVpcId']:
    return 'COMPLIANT'

return 'NON_COMPLIANT'

from aws-config-rdk.

I don't think this is an issue with RDK. I think it's an issue with the event that you're using to test your function.

Here's the snippet of code that starts at the Lambda handler (function start point) and ends at the line where you get your error:

def lambda_handler(event, context):
    if "liblogging" in sys.modules:
        liblogging.logEvent(event)

    global AWS_CONFIG_CLIENT

    # print(event)
    check_defined(event, "event")
    invoking_event = json.loads(event["invokingEvent"])

The KeyError is indicating that invokingEvent is not part of the event object that was passed to Lambda. In order to make this work, you will need to supply a sample event that includes an invokingEvent key. Examples of this type of event are visible here: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_example-events.html

Copied below for reference:

{ 
    "invokingEvent": "{\"configurationItem\":{\"configurationItemCaptureTime\":\"2016-02-17T01:36:34.043Z\",\"awsAccountId\":\"123456789012\",\"configurationItemStatus\":\"OK\",\"resourceId\":\"i-00000000\",\"ARN\":\"arn:aws:ec2:us-east-2:123456789012:instance/i-00000000\",\"awsRegion\":\"us-east-2\",\"availabilityZone\":\"us-east-2a\",\"resourceType\":\"AWS::EC2::Instance\",\"tags\":{\"Foo\":\"Bar\"},\"relationships\":[{\"resourceId\":\"eipalloc-00000000\",\"resourceType\":\"AWS::EC2::EIP\",\"name\":\"Is attached to ElasticIp\"}],\"configuration\":{\"foo\":\"bar\"}},\"messageType\":\"ConfigurationItemChangeNotification\"}",
    "ruleParameters": "{\"myParameterKey\":\"myParameterValue\"}",
    "resultToken": "myResultToken",
    "eventLeftScope": false,
    "executionRoleArn": "arn:aws:iam::123456789012:role/config-role",
    "configRuleArn": "arn:aws:config:us-east-2:123456789012:config-rule/config-rule-0123456",
    "configRuleName": "change-triggered-config-rule",
    "configRuleId": "config-rule-0123456",
    "accountId": "123456789012",
    "version": "1.0"
}

Hope that helps, and good luck!

from aws-config-rdk.

Thanks @bmorrissirromb for your recommendation.
I have used as an above example and modified as per my sample event.
checked logs -

gaurav:/environment $ rdk logs MyRule
2023-09-27 12:12:35 - START RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a Version: $LATEST
2023-09-27 12:12:35 - END RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a
2023-09-27 12:12:35 - REPORT RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a Duration: 120.11 ms Billed Duration: 121 ms Memory Size: 256 MB Max Memory Used: 67 MB
gaurav:/environment $

Below are the result getting in Lambda event logs-

[
{
"ComplianceResourceType": "AWS::EC2::Instance",
"ComplianceResourceId": "i-06eab5f9cc74e301b",
"ComplianceType": "NOT_APPLICABLE",
"OrderingTimestamp": "2023-09-27T11:05:24.353Z"
}
]

but still My rule is not evluating in AWS config.
it is not showing empty

from aws-config-rdk.

The issue here is that the sample event that I provided was not for an EC2 Instance. You will need to modify your sample event so that it aligns to what you're trying to test (both the resource type and its configuration). The function itself seems to be working normally, at least so far.

from aws-config-rdk.