AWS: Enhancing AWS Config Compliance Verification Across All Regions
HRouhani opened this issue · comments
related to: Ensure AWS Config is enabled in all regions
Description:
For ensuring AWS Config's comprehensive functionality across all regions, it's pivotal to verify two critical configurations:
The accurate definition of the S3 bucket
The SNS topic designated for AWS Config.
This verification could be incorporated by enhancing the existing aws_config.go through the introduction of a new function or the expansion of the getRecorders function. This addition aims to reinforce the integrity of AWS Config setups, ensuring that the correct resources are being monitored and logged as intended.
func (a *mqlAwsConfig) getRecorders(conn *connection.AwsConnection) []*jobpool.Job {
Solution:
we can use DescribeDeliveryChannels as follow:
deliveryChannels, err := svc.DescribeDeliveryChannels(ctx, &configservice.DescribeDeliveryChannelsInput{})
var s3BucketName string
if len(deliveryChannels.DeliveryChannels) > 0 {
s3BucketName = *deliveryChannels.DeliveryChannels[0].S3BucketName
}
mqlRecorder, err := CreateResource(a.MqlRuntime, "aws.config.recorder",
map[string]*llx.RawData{
......
"s3BucketName": llx.StringDataPtr(s3BucketName),
})
This can be used as an extra info: