Creating custom Config rules - errors

Question

I am writing custom Config rule on the console. I have turned on '**proactive evaluation**'. While saving, I get this error:
'One or more of the specified parameters are invalid'

I am not sure whats its complaining about.

I have tried to write this rule which I am unsure about because I believe IAM User config schema does not contain maxAccessKeyAge
```
let maxKeyAge = 365
rule compliancecheck when 
        resourceType == "AWS::IAM::USER" {
            configuration.maxAccessKeyAge == %maxKeyAge
        }
```
The above code fails, so I borrowed following sample rules from web:

```
let volumestatus = 'available'
let volumetype = 'gp3'
let volumeencryptionstatus = true

rule compliancecheck when 
        resourceType == "AWS::EC2::Volume" {
            configuration.state == %volumestatus
            configuration.encrypted == %volumeencryptionstatus
            configuration.volumeType == %volumetype
        }
```
this fails as well.

The only code that has worked is this:

```
let eipresource = relationships.*[ resourceType  == 'AWS::EC2::EIP' ]

rule check_ec2_eip_compliance {
    when %eipresource !empty {
    configuration.state.name == "running"
}
}
```
I would be grateful if you can tell how I can write correct code

Answer

1. Verify the property names against the AWS Config resource schema documentation for AWS::EC2::Volume.
2. Ensure that the properties you are checking are supported by the resourceType.
3. Review the rule's syntax for any errors, paying close attention to the structure and operators used in the condition definitions. ``` let desiredVolumeType = 'gp2' let encryptionStatus = true rule check_ec2_volume_compliance when resourceType == "AWS::EC2::Volume" { configuration.volumeType == %desiredVolumeType && configuration.encrypted == %encryptionStatus } ```

Creating custom Config rules - errors

Contenido relevante