search

awslabs / aws-config-engine-for-compliance-as-code

Manage AWS Config Rules at scale in AWS multi-account and/or multi-region environment; with fully configurable deployment (RuleSets) and analytics.
Apache License 2.0
276 stars 96 forks source link

Missing environment variable for deploy_rule_templates.py #35

Closed gorivishal11 closed 5 years ago

gorivishal11 commented 5 years ago

Another environment variable for AWS default region needs to be added to compliance-account-initial-setup.yaml since - python ./deploy_rule_templates.py $AWS_DEFAULT_REGION $OUTPUT_BUCKET_NO_REGION $ENGINE_RULE_NAME $OTHER_ACTIVE_REGIONS in buildspec_deploytemplates.yaml takes 4 arguments.

  CodeBuildRuleDeployProject:
    Condition: IsMainRegion
    Type: AWS::CodeBuild::Project
    Properties:
      ServiceRole: !Join [ ":", ["arn:aws:iam:", !Ref 'AWS::AccountId', "role/ComplianceEngine-CodeBuildRole"]]
      Artifacts:
        Type: CODEPIPELINE
      Name: Compliance-Rule-Template-Deploy
      Description: Deploy the Config Rules CloudFormation to be deployed
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/python:3.6.5
        EnvironmentVariables:
         - Name: AWS_DEFAULT_REGION
           Value: !Ref 'AWS::Region'
         - Name: OUTPUT_BUCKET_NO_REGION
           Value: !Join [ "-", [ !Ref CodebuildDestinationS3BucketConfig, !Ref 'AWS::AccountId']]
         - Name: OTHER_ACTIVE_REGIONS
           Value: !If [ OtherActiveRegions, !Ref OtherActiveRegions, 'none']
         - Name: ENGINE_RULE_NAME
           Value: !Ref EngineComplianceRule
jongogogo commented 5 years ago

The AWS_DEFAULT_REGION is part of the default set of variable, available in CodeBuild: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html

Hence, no need to pass it from the CloudFormation as a customer-defined environment variables.

Are you experiencing any issues?

gorivishal11 commented 5 years ago

No issue. Thanks for clarifying.