2 Answers
- Newest
- Most votes
- Most comments
0
Hi there!
For this you need to use AWS Systems Manager Automation documents. The following article describe the process in detail. Essentially you would do:
Manual Remediation (via the console)
- Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/.
- Choose Rules on the left and then on the Rules page, choose Add Rule to add new rules to the rule list
- For existing rules, select the noncompliant rule from the rule list and choose the Actions dropdown list.
- From the Actions dropdown list, choose Manage remediation. Select "Manual remediation" and then choose the appropriate remediation action from the recommended list. (Note: You can only manage remediations for non-service linked AWS Config rules. For more information, see Service-Linked AWS Rules.)
- Depending on the selected remediation action, you see specific parameters or no parameters.
- (Optional): If you want to pass the resource ID of noncompliant resources to the remediation action, choose Resource ID parameter. If selected, at runtime that parameter is substituted with the ID of the resource to be remediated. Each parameter has either a static value or a dynamic value. If you do not choose a specific resource ID parameter from the dropdown list, you can enter values for each key. If you choose a resource ID parameter from the dropdown list, you can enter values for all the other keys except the selected resource ID parameter.
- Choose Save. The Rules page is displayed.
Automatic Remediation (via the console)
- Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/.
- Choose Rules on the left and then on the Rules page, choose Add Rule to add new rules to the rule list. For existing rules, select the noncompliant rule from the rule list and choose the Actions dropdown list.
- From the Actions dropdown list, choose Manage remediation. Select "Automatic remediation" and then choose the appropriate remediation action from the recommended list.
- Choose Auto remediation to automatically remediate noncompliant resources. If a resource is still non-compliant after auto remediation, you can set the rule to try auto remediation again. Enter the desired retries and seconds.
- (Optional): If you want to pass the resource ID of noncompliant resources to the remediation action, choose Resource ID parameter. If selected, at runtime that parameter is substituted with the ID of the resource to be remediated. Each parameter has either a static value or a dynamic value. If you do not choose a specific resource ID parameter from the dropdown list, you can enter values for each key. If you choose a resource ID parameter from the dropdown list, you can enter values for all the other keys except the selected resource ID parameter.
- Choose Save. The Rules page is displayed.
I hope this helps (if so, please accept the answer).
0
The management (root) account does not have ownership to the member(child) account resources, although it can enable controls on the OU and members account. You have to logon the the members account to perform the remediation.
answered a year ago
Relevant content
- asked 23 days ago
- AWS OFFICIALUpdated 21 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated 3 years ago