Help! How do you turn off AWS config!

0

Hi,
I wanted to learn about AWS config so I started it with some rules. Then I got the bill so I decided to stop the service but I can't seem to. I stopped recording and I have no rules running but I still get billed for $4.00 per month.

It seems like config is easy to turn on but not so easy to off.

asked 5 years ago12266 views
6 Answers
3
  1. Turn off Recording for that region using the console

  2. Delete the Rule by going to actions, delete rule

  3. Use the AWS CLI and delete the default recording by

aws configservice delete-configuration-recorder --configuration-recorder-name default --region <region-name>

  1. Delete the service linked role created for AWS Config

Refresh the Config home page to make it appear fresh.

If necessary delete the config bucket and its objects.

Edited by: ecooper on Sep 18, 2021 10:28 AM

ecooper
answered 3 years ago
1

AWS CLI:
aws configservice describe-config-rules | grep ConfigRuleName | cut -d":" -f2 | cut -d"," -f1 | xargs -L1 aws configservice delete-config-rule --config-rule-name

answered 3 years ago
  • It worked very well. Thank you, iothreat1.

0

I had to use CLI to remove all the rules. Just executed - will see how it affects billing tonight.

P.S. instead of grep/awk feel free to use --query parameter of aws command
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output.html

aws configservice describe-config-rules | grep ConfigRuleName | gawk &#39;match($0, /:.+"(.+)"/, a) {print a[1]}&#39; | while read rule_name; 
do 
	echo $rule_name; 
	aws configservice delete-config-rule --config-rule-name $rule_name
done
eugenj
answered 4 years ago
0

In your billing console, you can view what charges are still being applied. It is possible that the Config recording is still turned on. This is the capability that records the resource configuration changes and provides the trigger for change triggerd/ hybrid rules to evaluate when there are resource specific changes.

You can find steps to manage the Config recorder https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html .

answered 4 years ago
0

One last thing that was needed in my case was to disable trusted access with AWS Config, from Organization. https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-disable-ta-config Basically:

aws organizations disable-aws-service-access --service-principal config.amazonaws.com

And apparently CloudTrail needs to be disabled as well: https://stackoverflow.com/questions/67494322/how-do-i-unsubscribe-my-aws-organization-from-cloudtrail

Fawad
answered 9 months ago
-1

In Console,

  1. Go to the setting page of config and disable recorder.
  2. Delete all the config rules you will be fine now
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions