Comments (5)
What's the payload that was passed to the lambda?
from aws-config-rdk.
I have added below - logic in to my code
if configuration_item['resourceType'] != 'AWS::EC2::instance' and vpc_id == 'vpc-080ac8277aa0649df':
return 'NOT_APPLICABLE'
if configuration_item['configuration']['VpcId'] == valid_rule_parameters['desiredVpcId']:
return 'COMPLIANT'
return 'NON_COMPLIANT'
from aws-config-rdk.
I don't think this is an issue with RDK. I think it's an issue with the event that you're using to test your function.
Here's the snippet of code that starts at the Lambda handler (function start point) and ends at the line where you get your error:
def lambda_handler(event, context):
if "liblogging" in sys.modules:
liblogging.logEvent(event)
global AWS_CONFIG_CLIENT
# print(event)
check_defined(event, "event")
invoking_event = json.loads(event["invokingEvent"])
The KeyError
is indicating that invokingEvent
is not part of the event
object that was passed to Lambda. In order to make this work, you will need to supply a sample event that includes an invokingEvent
key. Examples of this type of event are visible here: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_example-events.html
Copied below for reference:
{
"invokingEvent": "{\"configurationItem\":{\"configurationItemCaptureTime\":\"2016-02-17T01:36:34.043Z\",\"awsAccountId\":\"123456789012\",\"configurationItemStatus\":\"OK\",\"resourceId\":\"i-00000000\",\"ARN\":\"arn:aws:ec2:us-east-2:123456789012:instance/i-00000000\",\"awsRegion\":\"us-east-2\",\"availabilityZone\":\"us-east-2a\",\"resourceType\":\"AWS::EC2::Instance\",\"tags\":{\"Foo\":\"Bar\"},\"relationships\":[{\"resourceId\":\"eipalloc-00000000\",\"resourceType\":\"AWS::EC2::EIP\",\"name\":\"Is attached to ElasticIp\"}],\"configuration\":{\"foo\":\"bar\"}},\"messageType\":\"ConfigurationItemChangeNotification\"}",
"ruleParameters": "{\"myParameterKey\":\"myParameterValue\"}",
"resultToken": "myResultToken",
"eventLeftScope": false,
"executionRoleArn": "arn:aws:iam::123456789012:role/config-role",
"configRuleArn": "arn:aws:config:us-east-2:123456789012:config-rule/config-rule-0123456",
"configRuleName": "change-triggered-config-rule",
"configRuleId": "config-rule-0123456",
"accountId": "123456789012",
"version": "1.0"
}
Hope that helps, and good luck!
from aws-config-rdk.
Thanks @bmorrissirromb for your recommendation.
I have used as an above example and modified as per my sample event.
checked logs -
gaurav:/environment $ rdk logs MyRule/environment $
2023-09-27 12:12:35 - START RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a Version: $LATEST
2023-09-27 12:12:35 - END RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a
2023-09-27 12:12:35 - REPORT RequestId: cebd3989-1775-4e8d-937c-b458b3a64a4a Duration: 120.11 ms Billed Duration: 121 ms Memory Size: 256 MB Max Memory Used: 67 MB
gaurav:
Below are the result getting in Lambda event logs-
[
{
"ComplianceResourceType": "AWS::EC2::Instance",
"ComplianceResourceId": "i-06eab5f9cc74e301b",
"ComplianceType": "NOT_APPLICABLE",
"OrderingTimestamp": "2023-09-27T11:05:24.353Z"
}
]
but still My rule is not evluating in AWS config.
it is not showing empty
from aws-config-rdk.
The issue here is that the sample event that I provided was not for an EC2 Instance. You will need to modify your sample event so that it aligns to what you're trying to test (both the resource type and its configuration). The function itself seems to be working normally, at least so far.
from aws-config-rdk.
Related Issues (20)
- Add 19 more resources HOT 1
- Consider whether --control-tower flag of rdk init should assume that the config bucket exists already HOT 1
- RDK 0.18.0 Plan
- Move RDKLIB_LAYER_VERSIONs to their own file for better visibility HOT 1
- Create Rules Issue HOT 1
- Add 3.11 runtime folder
- Consider whether to add poetry lock step to Publish GitHub action
- Improve Documentation on how to use RDK/Config in a cross-account/multi-account/Org solution
- Config-RDK and eliminating old lambda versions HOT 1
- Bump rdklib versions to use 0.3.4 or later -- versions without the internal.py issue HOT 1
- sample-ci command fails for AWS::ECS::TaskDefinition HOT 1
- AWS::EC2::CapacityReservation appears to be missing from sample-ci HOT 2
- GenAI integration for rule creation? HOT 1
- Python 3.12 support
- Support for ARM/Graviton lambda runtime HOT 1
- Update lambda permission to include the SourceAccount HOT 2
- Provide typing (type annotations) for generated python rule files HOT 1
- `rdk deploy` fails with ` --rdklib-layer-arn` HOT 2
- `rdk deploy` ignore`[-g | --generated-lambda-layer]` flag
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-config-rdk.