Exclude resources from AWS Config Managed rules?
I've been searching for a way to exclude resources from AWS Config managed rules for backup plans but so far to no avail. I'm governing multiple accounts and to see if they have backup plan on resources i have attached the "resources protected by backup plan" rules that do exist (e.g., https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-protected-by-backup-plan.html).
The rules will be in NON-COMPLIANT state if they have no backup plan attached, but some resources we do not want to backup. The rule is good to have if we add resources but accidently forget to attach a backup plan- but I would also like the account owners to have the possibility to actively "allow-list" a resource so the rule can be COMPLIANT.
There is two parameters for these rules: "resourceTags" and "resourceId", but with these it's only possible to include resources for the rule. What I would like is the opposite, something like "excludeResourceTags" and "excludeResourceId". That would make it possible to give the account owners the possibility to keep the rule in COMPLIANT state, but we wouldn't miss backups for resources where we need it.
Any suggestions are welcomed!
We are really sorry but excluding resources is currently not possible. I suggest that you reach out to your AWS contact person and raise this demand so that it gets properly tracked.
Depending on your development appetite you may want to have a look at the AWS Rules Development Kit for creating a custom config rule based on the examples in the awslabs github repository: https://github.com/awslabs/aws-config-rules
As you can pass own parameters to your custom config rule you could specify a specific tag name. You can protect this tag via Service Control Policies in AWS Organizations to make sure that not everyone can put their resources on the exclude list.
AWS backups conformance reports are emptyasked 4 months ago
AWS Config Rule 'iam-user-unused-credentials-check' Not Evaluatingasked 3 months ago
How to exclude the specific rules in AWS Managed Rule group with CloudFormationAccepted Answerasked 3 months ago
AWS Backup - AWS OrganizationsAccepted Answerasked 3 months ago
Exclude resources from AWS Config Managed rules?asked 5 months ago
AWS Config : Accessing AWS Config NonComplaint rules and resourcesAccepted Answerasked 3 months ago
*-in-backup-plan vs *-resources-protected-by-backup plan managed config rulesasked 4 months ago
Are the AWS Config Managed Rules open source?Accepted Answerasked 5 months ago
Alarm for resource created without tagasked a month ago
How to turn off AWS Config and reduce cost?Accepted Answerasked 4 months ago