Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Automate EC2 into System Manager

0

Besides setting up DHMC, is there a way to setup either a config rule or event bridge rule, that will check if an ec2 is managed by SM. If not, then either add the correct IAM role, or add device into SM?

Temas
Gestión y gobiernoCálculoSin servidorIntegración de aplicaciones
Etiquetas
AWS ConfigAmazon EC2Amazon EventBridgeAWS Systems Manager
Idioma
English
rePost-User-4136916
preguntada hace 3 meses205 visualizaciones
1 Respuesta
1

Hello.

The AWS Config rule "ec2-instance-managed-by-systems-manager" may be helpful.
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html

After creating a Config rule using this rule, I think it is possible to have EventBridge detect "complianceType" of "NON_COMPLIANT".
If you refer to the events in the document below, the event pattern will be as follows.
https://repost.aws/knowledge-center/config-resource-non-compliant

{
  "source": ["aws.config"],
  "detail-type": ["Config Rules Compliance Change"],
  "detail": {
    "messageType": ["ComplianceChangeNotification"],
    "configRuleName": ["ec2-instance-managed-by-systems-manager"],
    "newEvaluationResult": {
      "complianceType": ["NON_COMPLIANT"]
    }
  }
}
profile picture
EXPERTO
Riku_Kobayashi
respondido hace 3 meses
profile picture
EXPERTO
Giovanni Lauria
revisado hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante