- Newest
- Most votes
- Most comments
-
Turn off Recording for that region using the console
-
Delete the Rule by going to actions, delete rule
-
Use the AWS CLI and delete the default recording by
aws configservice delete-configuration-recorder --configuration-recorder-name default --region <region-name>
- Delete the service linked role created for AWS Config
Refresh the Config home page to make it appear fresh.
If necessary delete the config bucket and its objects.
Edited by: ecooper on Sep 18, 2021 10:28 AM
AWS CLI:
aws configservice describe-config-rules | grep ConfigRuleName | cut -d":" -f2 | cut -d"," -f1 | xargs -L1 aws configservice delete-config-rule --config-rule-name
I had to use CLI to remove all the rules. Just executed - will see how it affects billing tonight.
P.S. instead of grep/awk feel free to use --query parameter of aws command
https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-output.html
aws configservice describe-config-rules | grep ConfigRuleName | gawk 'match($0, /:.+"(.+)"/, a) {print a[1]}' | while read rule_name;
do
echo $rule_name;
aws configservice delete-config-rule --config-rule-name $rule_name
done
In your billing console, you can view what charges are still being applied. It is possible that the Config recording is still turned on. This is the capability that records the resource configuration changes and provides the trigger for change triggerd/ hybrid rules to evaluate when there are resource specific changes.
You can find steps to manage the Config recorder https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html .
One last thing that was needed in my case was to disable trusted access with AWS Config, from Organization. https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html#integrate-disable-ta-config Basically:
aws organizations disable-aws-service-access --service-principal config.amazonaws.com
And apparently CloudTrail needs to be disabled as well: https://stackoverflow.com/questions/67494322/how-do-i-unsubscribe-my-aws-organization-from-cloudtrail
In Console,
- Go to the setting page of config and disable recorder.
- Delete all the config rules you will be fine now
Relevant content
- asked a year ago
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
It worked very well. Thank you, iothreat1.