Skip to content

Commit

Permalink
exclude specified accounts
Browse files Browse the repository at this point in the history
  • Loading branch information
@bmorrissirromb
bmorrissirromb committed Aug 9, 2023
1 parent 73d9ef4 commit e96e792
Show file tree
Hide file tree
Showing 4 changed files with 313 additions and 129 deletions.
7 changes: 6 additions & 1 deletion rdk/rdk.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3406,6 +3406,11 @@ def __get_rule_parameters(self, rule_name):
def __parse_rule_args(self, is_required):
self.args = get_rule_parser(is_required, self.args.command).parse_args(self.args.command_args, self.args)

max_resource_types = 100
if self.args.resource_types and len(self.args.resource_types.split(",") > max_resource_types):
print(f"Number of specified resource types exceeds Config service maximum of {max_resource_types}.")
sys.exit(1)

if self.args.rulename:
if len(self.args.rulename) > 128:
print("Rule names must be 128 characters or fewer.")
Expand Down Expand Up @@ -3468,7 +3473,7 @@ def __parse_deploy_args(self, ForceArgument=False):
if bool(self.args.lambda_security_groups) != bool(self.args.lambda_subnets):
print("You must specify both lambda-security-groups and lambda-subnets, or neither.")
sys.exit(1)

if self.args.stack_name and not self.args.functions_only:
print("--stack-name can only be specified when using the --functions-only feature.")
sys.exit(1)
Expand Down
77 changes: 65 additions & 12 deletions rdk/template/configManagedRule.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation template to create Managed AWS Config rules. You will be billed for the AWS resources used if you create a stack from this template.",

"Parameters": {
"RuleName": {
"Description": "Name of the Rule",
Expand Down Expand Up @@ -40,45 +39,99 @@
}
},
"Conditions": {
"AllResources": {
"Fn::Or": [
{
"Condition": "EventTriggered"
},
{
"Fn::Equals": [
{
"Fn::Join": [
",",
{
"Ref": "SourceEvents"
}
]
},
"ALL"
]
}
]
},
"EventTriggered": {
"Fn::Not": [
{
"Fn::Equals": [
{ "Fn::Join": [",", { "Ref": "SourceEvents" }] },
{
"Fn::Join": [
",",
{
"Ref": "SourceEvents"
}
]
},
"NONE"
]
}
]
},
"PeriodicTriggered": {
"Fn::Not": [{ "Fn::Equals": [{ "Ref": "SourcePeriodic" }, "NONE"] }]
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "SourcePeriodic"
},
"NONE"
]
}
]
}
},
"Resources": {
"rdkConfigRule": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"ConfigRuleName": { "Ref": "RuleName" },
"Description": { "Ref": "Description" },
"ConfigRuleName": {
"Ref": "RuleName"
},
"Description": {
"Ref": "Description"
},
"Scope": {
"Fn::If": [
"EventTriggered",
{ "ComplianceResourceTypes": { "Ref": "SourceEvents" } },
{ "Ref": "AWS::NoValue" }
"AllResources",
{
"ComplianceResourceTypes": {
"Ref": "SourceEvents"
}
},
{
"Ref": "AWS::NoValue"
}
]
},
"MaximumExecutionFrequency": {
"Fn::If": [
"PeriodicTriggered",
{ "Ref": "SourcePeriodic" },
{ "Ref": "AWS::NoValue" }
{
"Ref": "SourcePeriodic"
},
{
"Ref": "AWS::NoValue"
}
]
},
"Source": {
"Owner": "AWS",
"SourceIdentifier": { "Ref": "SourceIdentifier" }
"SourceIdentifier": {
"Ref": "SourceIdentifier"
}
},
"InputParameters": { "Ref": "SourceInputParameters" }
"InputParameters": {
"Ref": "SourceInputParameters"
}
}
}
}
Expand Down
93 changes: 79 additions & 14 deletions rdk/template/configManagedRuleOrganization.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation template to create Managed AWS Config rules. You will be billed for the AWS resources used if you create a stack from this template.",

"Parameters": {
"RuleName": {
"Description": "Name of the Rule",
Expand Down Expand Up @@ -45,36 +44,102 @@
}
},
"Conditions": {
"AllResources": {
"Fn::Or": [
{
"Condition": "EventTriggered"
},
{
"Fn::Equals": [
{
"Fn::Join": [
",",
{
"Ref": "SourceEvents"
}
]
},
"ALL"
]
}
]
},
"PeriodicTriggered": {
"Fn::Not": [{ "Fn::Equals": [{ "Ref": "SourcePeriodic" }, "NONE"] }]
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "SourcePeriodic"
},
"NONE"
]
}
]
},
"ExcludesAccounts": {
"Fn::Not": [{ "Fn::Equals": [{ "Ref": "ExcludedAccounts" }, "NONE"] }]
"ExludedAccountsPresent": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ExcludedAccounts"
},
"NONE"
]
}
]
}
},
"Resources": {
"rdkConfigRule": {
"Type": "AWS::Config::OrganizationConfigRule",
"Properties": {
"OrganizationConfigRuleName": { "Ref": "RuleName" },
"OrganizationConfigRuleName": {
"Ref": "RuleName"
},
"OrganizationManagedRuleMetadata": {
"Description": { "Ref": "Description" },
"RuleIdentifier": { "Ref": "SourceIdentifier" },
"InputParameters": { "Ref": "SourceInputParameters" },
"ResourceTypesScope": { "Ref": "SourceEvents" },
"Description": {
"Ref": "Description"
},
"RuleIdentifier": {
"Ref": "SourceIdentifier"
},
"InputParameters": {
"Ref": "SourceInputParameters"
},
"ResourceTypesScope": {
"Fn::If": [
"AllResources",
{
"ComplianceResourceTypes": {
"Ref": "SourceEvents"
}
},
{
"Ref": "AWS::NoValue"
}
]
},
"MaximumExecutionFrequency": {
"Fn::If": [
"PeriodicTriggered",
{ "Ref": "SourcePeriodic" },
{ "Ref": "AWS::NoValue" }
{
"Ref": "SourcePeriodic"
},
{
"Ref": "AWS::NoValue"
}
]
}
},
"ExcludedAccounts": {
"Fn::If": [
"ExludesAccounts",
{ "Ref": "ExcludedAccounts" },
{ "Ref": "AWS::NoValue" }
"ExludedAccountsPresent",
{
"Ref": "ExcludedAccounts"
},
{
"Ref": "AWS::NoValue"
}
]
}
}
Expand Down
Loading

0 comments on commit e96e792

Please sign in to comment.