Skip to content

Commit

Permalink
Fix cannot find module 'aws-sdk' on custom config rule lambdas (#1207)
Browse files Browse the repository at this point in the history
Co-authored-by: Victor Yan <[email protected]>
  • Loading branch information
vic614 and Victor Yan authored Jan 25, 2024
1 parent a6722f6 commit 1660d5c
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 45 deletions.
Binary file not shown.
Binary file modified reference-artifacts/config-rules/ec2-instance-profile.zip
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
const AWS = require('aws-sdk');
AWS.config.logger = console;

const config = new AWS.ConfigService();
const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service");
const client = new ConfigServiceClient();

const APPLICABLE_RESOURCES = ['AWS::IAM::Role'];

Expand All @@ -28,20 +26,20 @@ exports.handler = async function (event, context) {
console.debug(`Evaluation`);
console.debug(JSON.stringify(evaluation, null, 2));

await config
.putEvaluations({
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceId: configurationItem.resourceId,
ComplianceResourceType: configurationItem.resourceType,
ComplianceType: evaluation.complianceType,
OrderingTimestamp: configurationItem.configurationItemCaptureTime,
Annotation: evaluation.annotation,
},
],
})
.promise();
const payload = {
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceId: configurationItem.resourceId,
ComplianceResourceType: configurationItem.resourceType,
ComplianceType: evaluation.complianceType,
OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime),
Annotation: evaluation.annotation,
},
],
};
const putEvaluationsCommand = new PutEvaluationsCommand(payload);
await client.send(putEvaluationsCommand);
};

async function evaluateCompliance(props) {
Expand Down Expand Up @@ -84,7 +82,7 @@ async function evaluateCompliance(props) {
if (!existingPolicyNames.includes(requiredPolicy.trim())) {
return {
complianceType: 'NON_COMPLIANT',
annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy,
annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy,
};
}
}
Expand All @@ -96,7 +94,7 @@ async function evaluateCompliance(props) {
if (!existingPolicyArns.includes(requiredPolicy.trim())) {
return {
complianceType: 'NON_COMPLIANT',
annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy,
annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy,
};
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
const AWS = require('aws-sdk');
AWS.config.logger = console;

const config = new AWS.ConfigService();
const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service");
const client = new ConfigServiceClient();

const APPLICABLE_RESOURCES = ['AWS::EC2::Instance'];

Expand All @@ -23,18 +21,20 @@ exports.handler = async function(event, context) {
console.debug(`Evaluation`);
console.debug(JSON.stringify(evaluation, null, 2));

await config.putEvaluations({
const payload = {
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceId: configurationItem.resourceId,
ComplianceResourceType: configurationItem.resourceType,
ComplianceType: evaluation.complianceType,
OrderingTimestamp: configurationItem.configurationItemCaptureTime,
OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime),
Annotation: evaluation.annotation,
},
],
}).promise();
};
const putEvaluationsCommand = new PutEvaluationsCommand(payload);
await client.send(putEvaluationsCommand);
};

async function evaluateCompliance(props) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
const AWS = require('aws-sdk');
AWS.config.logger = console;

const config = new AWS.ConfigService();
const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service");
const client = new ConfigServiceClient();

const APPLICABLE_RESOURCES = ['AWS::IAM::Role'];

Expand Down Expand Up @@ -29,20 +27,20 @@ exports.handler = async function (event, context) {
console.debug(`Evaluation`);
console.debug(JSON.stringify(evaluation, null, 2));

await config
.putEvaluations({
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceId: configurationItem.resourceId,
ComplianceResourceType: configurationItem.resourceType,
ComplianceType: evaluation.complianceType,
OrderingTimestamp: configurationItem.configurationItemCaptureTime,
Annotation: evaluation.annotation,
},
],
})
.promise();
const payload = {
ResultToken: event.resultToken,
Evaluations: [
{
ComplianceResourceId: configurationItem.resourceId,
ComplianceResourceType: configurationItem.resourceType,
ComplianceType: evaluation.complianceType,
OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime),
Annotation: evaluation.annotation,
},
],
};
const putEvaluationsCommand = new PutEvaluationsCommand(payload);
await client.send(putEvaluationsCommand);
};

async function evaluateCompliance(props) {
Expand Down
Binary file modified reference-artifacts/config-rules/ssm-patching-role-tags.zip
Binary file not shown.

0 comments on commit 1660d5c

Please sign in to comment.