4.1 - PaulDuvall/aws-compliance-workshop GitHub Wiki

4.1 Describe Custom Config Rules

You can develop custom rules and add them to AWS Config. You associate each custom rule with an AWS Lambda function that contains the logic that evaluates whether your AWS resources comply with the rule.

You associate this function with your rule, and the rule invokes the function either in response to configuration changes or periodically. The function then evaluates whether your resources comply with your rule and sends its evaluation results to AWS Config.

Custom Config Rule Workflow

About Custom Config Rules

Launch a Custom Config Rule

  1. Launch the AWS Config Console.
  2. Click Rules.
  3. Click Add rule.
  4. Click Add custom rule.
  5. Give the Config Rule name: ccoa-custom-configrule.
  6. Click on Create AWS Lambda function.
  7. Choose the config-rule-change-triggered blueprint.
  8. Enter a function name: ccoa-config-rule-function.
  9. Click Create function.
  10. Copy the Lambda ARN and paste into AWS Lambda function ARN* in the Custom Config Rule.
  11. Choose the Periodic trigger.
  12. Click Save.
  13. Go to the AWS Config Dashboard and refresh the results to see the ccoa-custom-configrule rule.

Resources

Getting Started with Custom Rules for AWS Config