AWS Config

AWS Config checks

aws-config-rule.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: awsconfig-pass
spec:
  schedule: "@every 5m"
  awsConfig:
    - query: |
        SELECT
        configuration.complianceType,
        COUNT(*)
        WHERE
        resourceType = 'AWS::Config::ResourceCompliance'
        GROUP BY
        configuration.complianceType
      awsConnection:
        accessKeyID:
          valueFrom:
            secretKeyRef:
              name: aws-credentials
              key: AWS_ACCESS_KEY_ID
        secretKey:
          valueFrom:
            secretKeyRef:
              name: aws-credentials
              key: AWS_SECRET_ACCESS_KEY
        region: af-south-1
      display:
        template: "{{ .results }}"

Field	Description	Scheme
`name*`	Name of the check, must be unique within the canary	`string`
`query*`	Specify one or more Config rule names to filter the results by rule	`string`
`aggregatorName`	Specify the name of the configuration aggregator	`string`
`description`	Description for the check	`string`
`display`	Expression to change the formatting of the display	`Expression`
`icon`	Icon for overwriting default icon on the dashboard	Icon
`labels`	Labels for check	map[string]string
`metrics`	Metrics to export from	`[]Metrics`
`test`	Evaluate whether a check is healthy	`Expression`
`transform`	Transform data from a check into multiple individual checks	`Expression`
`accessKey`		EnvVar
`secretKey`		EnvVar
`region`	The AWS region	`string`
`endpoint`	Custom AWS Endpoint to use
`skipTLSVerify`	Skip TLS verify when connecting to AWS	`boolean`