/aws-services-configrules

Primary LanguageJavaScript

Interfaces to Manage AWSConfig Rules

API Gateway and Lambda Function to Manage the AWSConfig Rules Service

aws-services

How to Send Requests

The 'Credentials' header doesn't need to be set if the target account is same with the account where this Lambda Function is deployed.

To check the current status of the services

const Credentials = {
  "AccessKeyId": "",
  "SecretAccessKey": "",
  "SessionToken": ""
}
path: /configrules?region=<<region>>
method : GET
headers: {
  "Credentials": JSON.stringify(Credentials),
}

To enable the services

Credentials = {
  "AccessKeyId": "",
  "SecretAccessKey": "",
  "SessionToken": ""
}
path: /configrules
method : POST
headers: {
  "Credentials": JSON.stringify(Credentials),
}
data:
{
  "region": "<<region>>"
}

To disable the services

Credentials = {
  "AccessKeyId": "",
  "SecretAccessKey": "",
  "SessionToken": ""
}
path: /configrules
method : DELETE
headers: {
  "Credentials": JSON.stringify(Credentials),
}
data:
{
  "region": "<<region>>"
}

How To Setup a CodePipeline

Launch Stack

Input Parameter Values

  • CloudformationLambdaExecutionRoleArn:

    Enter ARN of IAM Role for Cloudformation to create changesets and target stack. If you already created one or more CodePipeline that uses Cloudformation, this role should have been created already, so you can use the same role, 'cloudformation-lambda-execution-role'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here.

  • CodePipelineServiceRoleArn:

    Enter ARN of IAM Role for CodePipeline to be executed. If you already created one or more CodePipeline, this role should have been created already, so you can use the same role, 'AWS-CodePipeline-Service'. If not, please create a role with the same name with Trust Relationships and Policy Document defined here.

  • CustomAuthorizerIAMRoleName:

  • CustomAuthorizerLambdaName:

  • EncryptionLambdaName:

  • GitHubPersonalAccessToken:

    Access Token for CodeBuild to access to the this Github repository. (See here to find how to generate the access token).

  • GitHubSourceRepositoryBranch: master

  • GitHubSourceRepositoryName: aws-services-configrules

  • GitHubSourceRepositoryOwner: SungardAS

  • ParameterOverrides: { "AWSConfigTopicArn": "<awsconfig_topic_arn>", "AWSConfigRulesLogGroupName": "/SungardAS/Alerts/AWSConfigRules", "SubscriptionFilterDestinationArn": "arn:aws:logs:<region>:<account>:destination:<destination_name>" }

  • ProjectImage: aws/codebuild/nodejs:8.11.0

How To Test Lambda Functions

  • $ cd tests
  • Export necessary environment variables and fill the necessary input values
  • $ node test_xxx.js

Sungard Availability Services | Labs

This project is maintained by the Labs group at Sungard Availability Services

GitHub: https://sungardas.github.io

Blog: http://blog.sungardas.com/CTOLabs/