Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(config): cannot scope a custom rule without configurationChanges on #8738

Merged
merged 4 commits into from
Jul 6, 2020
Merged

fix(config): cannot scope a custom rule without configurationChanges on #8738

merged 4 commits into from
Jul 6, 2020

Conversation

RomainMuller
Copy link
Contributor

While CloudFormation allows to specify the scope for a custom ConfigRule
without necessarily specifying configurationChanges: true, this was
not allowed by the corresponding construct.

This removed the offending guard, and replaced the test that verified
the throwing behavior with a regression test that validates this
configuration is allowed.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@RomainMuller
fix(config): cannot scope a custom rule without configurationChanges on
47d5ac5 
While CloudFormation allows to specify the scope for a custom ConfigRule
without necessarily specifying `configurationChanges: true`, this was
not allowed by the corresponding construct.

This removed the offending guard, and replaced the test that verified
the throwing behavior with a regression test that validates this
configuration is allowed.
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jun 25, 2020
@RomainMuller RomainMuller requested a review from a team June 25, 2020 15:39
@RomainMuller RomainMuller self-assigned this Jun 25, 2020
@RomainMuller RomainMuller added the bug This issue is a bug. label Jun 25, 2020
@RomainMuller
Copy link
Contributor Author

@jogold - you had introduced this guard... Let me know if you know of invalid situations that we should still guard against. I could not find anything by browsing the documentations for the Config service.

@jogold
Copy link
Contributor

jogold commented Jun 25, 2020
edited

@jogold - you had introduced this guard... Let me know if you know of invalid situations that we should still guard against. I could not find anything by browsing the documentations for the Config service.

@RomainMuller the console experience doesn't allow to scope a rule to resources if configuration change is not checked. You first select the trigger type and then the scoping option appears:
image

This is also the case for the new console experience:
image

@RomainMuller
Copy link
Contributor Author

@jogold interesting... I have heard from a customer who claims they can deploy via CloudFormation that setup you cannot make in the console. I'll write an integration test to confirm that then...

@RomainMuller
Copy link
Contributor Author

Yeah I confirmed CloudFormation lets you do that. Interestingly, the scope is meaningless for custom rules on a periodic-only schedule, but customers have been found using the recorded scope as a configuration point for their periodic custom rules (which is creative, but sounds reasonable to me).

@mergify
Copy link
Contributor

mergify bot commented Jul 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 55ee19b
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Jul 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 841060d into master Jul 6, 2020
@mergify mergify bot deleted the rmuller/confi-scope branch July 6, 2020 17:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nija-at nija-at nija-at approved these changes

Assignees

@RomainMuller RomainMuller

Labels
bug This issue is a bug. contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@RomainMuller @jogold @aws-cdk-automation @nija-at