configservice
Sample rules
A few rules that use objects from this package:
non_car_config_aggregator_is_enabled_in_all_regions
from typing import List, Dict
from cloudrail.knowledge.context.aws.aws_environment_context import AwsEnvironmentContext
from cloudrail.knowledge.rules.aws.aws_base_rule import AwsBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType
class EnsureConfigAggregatorEnabledAllRegionsRule(AwsBaseRule):
def get_id(self) -> str:
return 'non_car_config_aggregator_is_enabled_in_all_regions'
def execute(self, env_context: AwsEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
issues: List[Issue] = []
for aggregator in env_context.aws_config_aggregators:
if not aggregator.is_enabled_all_regions:
issues.append(
Issue(
f'The {aggregator.get_type()} `{aggregator.get_friendly_name()}` is not enabled in all regions', aggregator, aggregator))
return issues
def should_run_rule(self, environment_context: AwsEnvironmentContext) -> bool:
return bool(environment_context.aws_config_aggregators)
ConfigAggregator (AwsResource)
Attributes:
| Name | Type | Description |
|---|---|---|
aggregator_name |
str |
The name of the Config Aggregator. |
arn |
str |
The ARN of the Config Aggregator. |
account_aggregation_used |
bool |
An indication if the aggregation data is set for the account. |
organization_aggregation_used |
bool |
An indication if the aggregation data is set for the organization. |
account_aggregation_all_regions_enabled |
Optional[bool] |
An indication if the account to aggregate data is enabled on all regions. |
organization_aggregation_all_regions_enabled |
Optional[bool] |
An indication if the organization to aggregate data is enabled on all regions. |
custom_invalidation(self)
inherited
A list of manual reasons why this resource should be invalidated
exclude_from_invalidation(self)
inherited
A list of attributes that should be excluded from the invalidation process