En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Automate EC2 into System Manager

0

Besides setting up DHMC, is there a way to setup either a config rule or event bridge rule, that will check if an ec2 is managed by SM. If not, then either add the correct IAM role, or add device into SM?

Sujets
Gestion et gouvernanceCalculSans serveurIntégration d'applications
Balises
AWS ConfigAmazon EC2Amazon EventBridgeGestionnaire de systèmes AWS
Langue
English
rePost-User-4136916
demandé il y a 3 mois205 vues
1 réponse
1

Hello.

The AWS Config rule "ec2-instance-managed-by-systems-manager" may be helpful.
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html

After creating a Config rule using this rule, I think it is possible to have EventBridge detect "complianceType" of "NON_COMPLIANT".
If you refer to the events in the document below, the event pattern will be as follows.
https://repost.aws/knowledge-center/config-resource-non-compliant

{
  "source": ["aws.config"],
  "detail-type": ["Config Rules Compliance Change"],
  "detail": {
    "messageType": ["ComplianceChangeNotification"],
    "configRuleName": ["ec2-instance-managed-by-systems-manager"],
    "newEvaluationResult": {
      "complianceType": ["NON_COMPLIANT"]
    }
  }
}
profile picture
EXPERT
Riku_Kobayashi
répondu il y a 3 mois
profile picture
EXPERT
Giovanni Lauria
vérifié il y a un mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents