Cfn
view release on metacpan or search on metacpan
t/cfn_json/Config.json view on Meta::CPAN
"Statement": [{
"Effect": "Allow",
"Principal": {"Service": "config.amazonaws.com"},
"Action": "SNS:Publish",
"Resource": "*"
}]
},
"Topics": [{"Ref": "ConfigTopic"}]
}
},
"ConfigRuleForVolumeTags": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"InputParameters": {"tag1Key": "CostCenter"},
"Scope": {
"ComplianceResourceTypes": ["AWS::EC2::Volume"]
},
"Source": {
"Owner": "AWS",
"SourceIdentifier": "REQUIRED_TAGS"
}
},
"DependsOn": "ConfigRecorder"
},
"ConfigRuleForVolumeAutoEnableIO": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"ConfigRuleName": "ConfigRuleForVolumeAutoEnableIO",
"Scope": {
"ComplianceResourceId": {"Ref": "Ec2Volume"},
"ComplianceResourceTypes": ["AWS::EC2::Volume"]
},
"Source": {
"Owner": "CUSTOM_LAMBDA",
"SourceDetails": [{
"EventSource": "aws.config",
"MessageType": "ConfigurationItemChangeNotification"
}],
"SourceIdentifier": {"Fn::GetAtt": ["VolumeAutoEnableIOComplianceCheck", "Arn"]}
}
},
"DependsOn": ["ConfigPermissionToCallLambda", "ConfigRecorder"]
},
"ConfigPermissionToCallLambda": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": {"Fn::GetAtt": ["VolumeAutoEnableIOComplianceCheck", "Arn"]},
"Action": "lambda:InvokeFunction",
"Principal": "config.amazonaws.com"
}
},
"VolumeAutoEnableIOComplianceCheck": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": {"Fn::Join": ["\n", [
"var aws = require('aws-sdk');",
"var config = new aws.ConfigService();",
"var ec2 = new aws.EC2();",
"exports.handler = function(event, context) {",
" compliance = evaluateCompliance(event, function(compliance, event) {",
" var configurationItem = JSON.parse(event.invokingEvent).configurationItem;",
" var putEvaluationsRequest = {",
" Evaluations: [{",
" ComplianceResourceType: configurationItem.resourceType,",
" ComplianceResourceId: configurationItem.resourceId,",
" ComplianceType: compliance,",
" OrderingTimestamp: configurationItem.configurationItemCaptureTime",
" }],",
" ResultToken: event.resultToken",
" };",
" config.putEvaluations(putEvaluationsRequest, function(err, data) {",
" if (err) context.fail(err);",
" else context.succeed(data);",
" });",
" });",
"};",
"function evaluateCompliance(event, doReturn) {",
" var configurationItem = JSON.parse(event.invokingEvent).configurationItem;",
" var status = configurationItem.configurationItemStatus;",
" if (configurationItem.resourceType !== 'AWS::EC2::Volume' || event.eventLeftScope || (status !== 'OK' && status !== 'ResourceDiscovered'))",
" doReturn('NOT_APPLICABLE', event);",
" else ec2.describeVolumeAttribute({VolumeId: configurationItem.resourceId, Attribute: 'autoEnableIO'}, function(err, data) {",
" if (err) context.fail(err);",
" else if (data.AutoEnableIO.Value) doReturn('COMPLIANT', event);",
" else doReturn('NON_COMPLIANT', event);",
" });",
"}"
]]}
},
"Handler": "index.handler",
"Runtime": "nodejs",
"Timeout": "30",
"Role": {"Fn::GetAtt": ["LambdaExecutionRole", "Arn"]}
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"Service": ["lambda.amazonaws.com" ]},
"Action": ["sts:AssumeRole"]
}]
},
"Policies": [{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
( run in 2.195 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )