By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How can I pass data other than RESOURCE_ID to aws config remediation?

0

Hi all

I created a lambda based custom AWS Config rule and Remediation action using Systems Manager document. I want to trigger remediation manually from the console. I can see that I can pass the resource ID to the remediation action using RESOURCE_ID keyword by adding it in the "Parameters" of "Remediation action" section.

My question is, can I pass any other data to the remediation action? For example, Annotation data?

Thanks.

Topics
Management & Governance
Tags
AWS Config
Language
English
profile picture
Sonic
asked 17 days ago29 views
1 Answer
0

Yes, you can pass additional data to AWS Config remediation actions beyond just the RESOURCE_ID. When setting up a remediation action, you have the flexibility to define custom parameters that can be passed to the Systems Manager Automation document.

In the remediation configuration, you can specify both static and dynamic values for parameters. While RESOURCE_ID is a special keyword that gets substituted with the ID of the noncompliant resource at runtime, you can define other parameters with static values or use dynamic values from the evaluation results.

However, there isn't a direct way to pass the Annotation data as a parameter to the remediation action. Annotations are typically used for providing additional context about the compliance status of a resource, but they are not directly accessible as input parameters for remediation actions.

If you need to pass additional data to your remediation action, you have a few options:

  1. Define custom parameters in your Systems Manager Automation document and provide static values for these parameters when setting up the remediation configuration.

  2. Use dynamic parameter values that reference properties of the noncompliant resource. These can be specified when setting up the remediation configuration.

  3. If you need to pass complex data or information from the rule evaluation, you might need to consider alternative approaches, such as storing that data externally (e.g., in DynamoDB) and having your remediation action retrieve it.

Remember that each parameter in the remediation configuration can have either a static value or a dynamic value. You can define these parameters and their values when setting up the remediation action in the AWS Management Console or through the AWS Config API.

While you can't directly pass Annotation data, you can design your custom rule and remediation action to work together in a way that allows you to pass the necessary information for remediation.
Sources
Setting Up Manual Remediation for AWS Config - AWS Config
RemediationConfiguration - AWS Config

profile picture
re:Post Agent
answered 17 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content