AWS Config

AWS Config checks

aws-config-rule.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
  name: awsconfig-pass
spec:
  schedule: "@every 5m"
  awsConfig:
    - name: aws config pass
      query: |
        SELECT
        configuration.complianceType,
        COUNT(*)
        WHERE
        resourceType = 'AWS::Config::ResourceCompliance'
        GROUP BY
        configuration.complianceType
      accessKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_ACCESS_KEY_ID
      secretKey:
        valueFrom:
          secretKeyRef:
            name: aws-credentials
            key: AWS_SECRET_ACCESS_KEY
      region: af-south-1
      display:
        template: "{{ .results }}"

Field	Description	Scheme
`name*`	Name of the check, must be unique within the canary	string
`query*`	Specify one or more Config rule names to filter the results by rule	string
`aggregatorName`	Specify the name of the configuration aggregator	string
`description`	Description for the check	string
`display`	Expression to change the formatting of the display	`Expression`
`icon`	Icon for overwriting default icon on the dashboard	Icon
`labels`	Labels for check	map[string]string
`metrics`	Metrics to export from	`[]Metrics`
`test`	Evaluate whether a check is healthy	`Expression`
`transform`	Transform data from a check into multiple individual checks	`Expression`
`connection`	The connection url to use, mutually exclusive with `accessKey` and `secretKey`	Connection
`accessKey`		EnvVar
`secretKey`		EnvVar
`region`	The AWS region	string
`endpoint`	Custom AWS Endpoint to use	string
`skipTLSVerify`	Skip TLS verify when connecting to AWS	bool