aws_config_config_rule input_parameters for AWS Managed Config Rules #773
Comments
|
Utilizing the input_parameters property for config rule 'Properties' works for AWS Managed rules as long as the json is 'string' based. Example: |
radeksimko
added
the
service/configservice
|
Yeah, if the error you get is something like "AWSConfig rule: InvalidParameterValueException: Blank spaces are not acceptable for input parameter", that should go away if you make sure your parameter values are strings (I had some that were integers and some that were booleans, quoting them fixed the problem). |
|
So to clarify this issue, this works but is a bit ugly: resource "aws_config_config_rule" "managed-rule-01" {
name = "REQUIRED_TAGS"
input_parameters = "{\"tag1Key\": \"Name\",\"tag2Key\": \"Description\",\"tag3Key\": \"BudgetCode\",\"tag4Key\": \"Owner\"}"
source {
owner = "AWS"
source_identifier = "REQUIRED_TAGS"
}
}The "here-string" equivalent also works and is arguably more readable and maintainable: resource "aws_config_config_rule" "managed-rule-01" {
name = "REQUIRED_TAGS"
input_parameters =<<EOF
{
"tag1Key": "Name",
"tag2Key": "Description",
"tag3Key": "BudgetCode",
"tag4Key": "Owner"
}
EOF
source {
owner = "AWS"
source_identifier = "REQUIRED_TAGS"
}
}The example from the original poster doesn't work because the value name ="common-port-restriction-enabled"
source ="./aws-managed-config-rules"
owner = "AWS"
source_identifier ="RESTRICTED_INCOMING_TRAFFIC"
input_parameters = <<EOF
{
"smtp": 23
}
EOFWhich implies that this WOULD work: name ="common-port-restriction-enabled"
source ="./aws-managed-config-rules"
owner = "AWS"
source_identifier ="RESTRICTED_INCOMING_TRAFFIC"
input_parameters = <<EOF
{
"smtp": "23"
}
EOF |
|
#773 (comment) only works for tagXkeys. How does one create tag values? TF craps out this if I use "tag1value". |
|
@ydnitin Did you manage to find any solution for this? I'm also struggling with the format... I'm going to try "tag1Value" instead of "tag1value" which you've written. Will inform if works. I just tried "tag1Value" and it works. Here is an example snippet: |
|
Just pointing out we have the same problem with |
|
This worked for me too... Is there a way to have regex for tag1Value ? I would like config rule to be valid if there are any matches to regex starting with abc and string size 3... Like I would like rule to be compliant if I have values abc123 or abc456 or abc789 |
|
I am trying to resolve this issue, as well. I am trying to create and aws_config_config_rule like so I've been able to get the apply to work by just specifying There is something wrong with the way that I am passing and both of these failed. Any help with this would be greatly appreciated. |
In both cases you need to quote the number input_parameters = jsonencode(
{
metricName = "CloudTrailConfigChanges"
threshold = "1"
}
) |
|
Pertaining to input_parameters, how does one omit the value as it is optional through the AWS Config GUI. When submitting this, ERROR occurs. |
|
I am also getting the same above error while submitting resourceTags(optional parameter) for managed config rule. |
I've tried almost every conceivable way of formatting this, and I can't get it to work either. Edit: Fixed by using the following instead |
This issue was originally opened by @eric-nord as hashicorp/terraform#14518. It was migrated here as part of the provider split. The original body of the issue is below.
Terraform Version
0.9.5
Affected Resource(s)
Terraform Configuration Files
It is noted that input_parameter is only valid if source.owner is CUSTOM_LAMBDA.
As several AWS Managed Config Rules need params to function, it would be nice to be abled to add input_parameters to AWS MANAGED Config Rules like this:
Expected Behavior
add input_parameters for AWS Managed Config Rules. For instance
http://docs.aws.amazon.com/config/latest/developerguide/required-tags.html
Actual Behavior
input_parameters is only valid if source.owner is CUSTOM_LAMBDA.
The text was updated successfully, but these errors were encountered: