Improving AWS Config security pattern #172
Conversation
| console.log(err, err.stack); | ||
| } else { | ||
| if (data.ConfigurationRecorders?.length === 0) { | ||
| console.log("AWS Config is not enabled in this region."); |
There was a problem hiding this comment.
Can you specify the region as opposed to "this"?
| const awsConfig = new AWS.ConfigService(); | ||
| awsConfig.describeConfigurationRecorders({}, (err, data) => { | ||
| if (err) { | ||
| console.log(err, err.stack); |
There was a problem hiding this comment.
Please use logger from blueprints for error messages and info messages, otherwise there is no control to suppress and elevate these.
const logger = blueprints.utils.logger;applies elsewhere
| }); | ||
| // Check if AWS Config is already enabled in the region | ||
| const awsConfig = new AWS.ConfigService(); | ||
| awsConfig.describeConfigurationRecorders({}, (err, data) => { |
There was a problem hiding this comment.
it is getting a bit hard to maintain if you use this callback style (callback hell). Let's use async/await and this style of SDK invocation:
import { DescribeConfigurationRecordersCommand } from "@aws-sdk/client-config-service";
const command = new DescribeConfigurationRecordersCommand(input);
const response = await client.send(command);
You can use try/catch with this. You will need to move this code away from the constructor as constructor can have async.
It is a minor change, example here but it will improve readability and maintenance.
|
@shapirov103 addressed |
|
|
||
| const logger = blueprints.utils.logger; | ||
|
|
||
| (async () => { |
There was a problem hiding this comment.
@aliaksei-ivanou let's move it to a method like async buildConfigStack and remove => and such.
Issue #, if available:
Description of changes:
a. Check if AWS Config recorder is already enabled in the target account and region.
b. Check if a delivery channel is already configured in the target account and region.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.