Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add config.CustomPolicy function to AWS Config #21441

Closed
2 tasks done
watany-dev opened this issue Aug 3, 2022 · 2 comments
Closed
2 tasks done

Add config.CustomPolicy function to AWS Config #21441

watany-dev opened this issue Aug 3, 2022 · 2 comments
Labels
@aws-cdk/aws-config Related to AWS Config effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@watany-dev
Copy link
Contributor

Describe the feature

https://aws.amazon.com/jp/about-aws/whats-new/2022/08/build-aws-config-rules-cloudformation-guard/

This update seems to make it simple to write AWS config rules. This is great and I hope it will be supported by L2 constructs. (I will also help in discussing the spec, implementation, etc...)

Use Case

This would be great if it could be expressed as ″new config.CustomRule″, or new config.CustomPolicy″.
*We could combine them into the former, but I think it is preferable to separate them like ManagedRule and CustomRule in AWS::Config::ConfigRule. Because the restrictions on the various properties are different.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

v2.35.0

Environment details (OS name and version, etc.)

any
@watany-dev watany-dev added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 3, 2022
@github-actions github-actions bot added the @aws-cdk/aws-config Related to AWS Config label Aug 3, 2022
watany-dev added a commit to watany-dev/aws-cdk that referenced this issue Aug 28, 2022
@watany-dev
aws#21441 add Custom Policy Rule Constructs
684e23c
watany-dev added a commit to watany-dev/aws-cdk that referenced this issue Aug 28, 2022
@watany-dev
aws#21441 add Custom Policy Rule Constructs
a2a16c7
@watany-dev watany-dev mentioned this issue Aug 28, 2022
Merged
4 tasks
@rix0rrr rix0rrr added effort/medium Medium work item – several days of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Sep 2, 2022
@rix0rrr rix0rrr removed their assignment Sep 2, 2022
watany-dev added a commit to watany-dev/aws-cdk that referenced this issue Sep 10, 2022
@watany-dev
aws#21441 add Custom Policy Rule Constructs
50611ad
watany-dev added a commit to watany-dev/aws-cdk that referenced this issue Sep 12, 2022
@watany-dev
aws#21441 add Custom Policy Rule Constructs
bef9728
watany-dev added a commit to watany-dev/aws-cdk that referenced this issue Sep 12, 2022
@watany-dev
aws#21441 add Custom Policy Rule Constructs
d05b24b
mergify bot pushed a commit that referenced this issue Oct 14, 2022
@watany-dev
feat(config): add custom policy rule constructs (#21794)
09a5cc4 
feat(config) #21441

I have created a `new config.CustomPolicy` so that this functionality is available in L2 Constructs.

The resources that can currently be created with `AWS::Config::ConfigRule` can be created with `config.CustomRule` and `config.ManagedRule` in the CDK. This is because the restrictions on the various properties are different.
CustomPolicy has different constraints compared to CustomRule as follows.

- There is a restriction on the format that can be selected in `SourceDetails`.
    - [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html)
- Properties that refer to Lambda are unnecessary.
- `CustomPolicyDetails` must be specified.
    - [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html)

To avoid this limitation and complexity, `CustomPolicy` can be separated, making it more convenient for users. It also reduces the dependence on each rule type for updates during maintenance.



----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [x] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mrgrain pushed a commit to mrgrain/aws-cdk that referenced this issue Oct 24, 2022
@watany-dev @mrgrain
feat(config): add custom policy rule constructs (aws#21794)
4c65ce6 
feat(config) aws#21441

I have created a `new config.CustomPolicy` so that this functionality is available in L2 Constructs.

The resources that can currently be created with `AWS::Config::ConfigRule` can be created with `config.CustomRule` and `config.ManagedRule` in the CDK. This is because the restrictions on the various properties are different.
CustomPolicy has different constraints compared to CustomRule as follows.

- There is a restriction on the format that can be selected in `SourceDetails`.
    - [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source.html)
- Properties that refer to Lambda are unnecessary.
- `CustomPolicyDetails` must be specified.
    - [docs](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-config-configrule-source-sourcedetails.html)

To avoid this limitation and complexity, `CustomPolicy` can be separated, making it more convenient for users. It also reduces the dependence on each rule type for updates during maintenance.



----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [x] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@watany-dev
Copy link
Contributor Author

merged

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-config Related to AWS Config effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rix0rrr @watany-dev