Skip to main content

AWS Config

AWS Config checks

aws-config-rule.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: awsconfig-pass
spec:
schedule: "@every 5m"
awsConfig:
- query: |
SELECT
configuration.complianceType,
COUNT(*)
WHERE
resourceType = 'AWS::Config::ResourceCompliance'
GROUP BY
configuration.complianceType
awsConnection:
accessKeyID:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_ACCESS_KEY_ID
secretKey:
valueFrom:
secretKeyRef:
name: aws-credentials
key: AWS_SECRET_ACCESS_KEY
region: af-south-1
display:
template: "{{ .results }}"
FieldDescriptionScheme
name*

Name of the check, must be unique within the canary

string

query*

Specify one or more Config rule names to filter the results by rule

string

aggregatorName

Specify the name of the configuration aggregator

string

description

Description for the check

string

display

Expression to change the formatting of the display

Expression

icon

Icon for overwriting default icon on the dashboard

Icon

labels

Labels for check

map[string]string

metrics

Metrics to export from

[]Metrics

test

Evaluate whether a check is healthy

Expression

transform

Transform data from a check into multiple individual checks

Expression

accessKey

EnvVar

secretKey

EnvVar

region

The AWS region

string

endpoint

Custom AWS Endpoint to use

skipTLSVerify

Skip TLS verify when connecting to AWS

boolean