Me

Can you create a cloudformation template that will create a custom config rule in aws?

Copilot

Sure, here’s a basic AWS CloudFormation template that creates a custom AWS Config rule:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: MyCustomRule
      Description: A custom rule created by CloudFormation
      Scope:
        ComplianceResourceTypes:
          - 'AWS::EC2::Instance'
      Source:
        Owner: CUSTOM_LAMBDA
        SourceIdentifier: arn:aws:lambda:us-east-1:123456789012:function:myCustomRuleFunction
        SourceDetails:
          - EventSource: aws.config
            MessageType: ConfigurationItemChangeNotification
          - EventSource: aws.config
            MessageType: OversizedConfigurationItemChangeNotification
      InputParameters: {}
      MaximumExecutionFrequency: TwentyFour_Hours

This template creates a custom AWS Config rule that triggers on changes to EC2 instances. The rule logic is defined in a Lambda function, which you would need to create separately. The ARN of the Lambda function is specified in the SourceIdentifier property.

Please replace ‘arn:aws:lambda:us-east-1:123456789012:function:myCustomRuleFunction’ with the ARN of your Lambda function.

Remember to set up the necessary permissions for AWS Config to invoke your Lambda function. You can do this by creating a permissions policy that allows the config.amazonaws.com service principal to perform the lambda:InvokeFunction action, and attaching that policy to your Lambda function’s execution role.

Please note that this is a basic example and you might need to adjust it according to your requirements. Let me know if you need help with anything else! 😊