search

niaid / terraform-aws-managed-config-rules

AWS Config Managed Rules Terraform Module
MIT License
13 stars 8 forks source link

InvalidParameterValueException - Getting this for various rules #46

Closed jseiser closed 4 months ago

jseiser commented 5 months ago

Deployed this into an AWS Govcloud account.

module "managed-config-rules" {
  source  = "niaid/managed-config-rules/aws"
  version = "2.1.0"

  rule_packs = [
    "Operational-Best-Practices-for-NIST-800-53-rev-4",
  ]

  rules_to_exclude = [
    "rds-in-backup-plan",
    "multi-region-cloudtrail-enabled",
    "root-account-mfa-enabled",
    "ec2-instance-managed-by-systems-manager",
    "root-account-hardware-mfa-enabled",
    "cloudtrail-enabled",
    "ec2-instances-in-vpc",
    "restricted-common-ports",
    "restricted-ssh"
  ]
}

If I uncomment those rules in the rules_to_exclude I get errors relating to them. Example below.

╷
│ Error: reading ConfigService Config Rule (rds-in-backup-plan): couldn't find resource
│ 
│   with module.managed-config-rules.module.account[0].aws_config_config_rule.rule["rds-in-backup-plan"],
│   on .terraform/modules/managed-config-rules/modules/account/main.tf line 1, in resource "aws_config_config_rule" "rule":
│    1: resource "aws_config_config_rule" "rule" {
│ 
╵
╷
│ Error: putting ConfigService Config Rule (multi-region-cloudtrail-enabled): operation error Config Service: PutConfigRule, https response error StatusCode: 400, RequestID: 761425bf-177f-412e-8674-3091e908aff4, InvalidParameterValueException: The sourceIdentifier MULTI_REGION_CLOUDTRAIL_ENABLED is invalid. Please refer to the documentation for a list of valid sourceIdentifiers that can be used when AWS is the Owner.
│ 
│   with module.managed-config-rules.module.account[0].aws_config_config_rule.rule["multi-region-cloudtrail-enabled"],
│   on .terraform/modules/managed-config-rules/modules/account/main.tf line 1, in resource "aws_config_config_rule" "rule":
│    1: resource "aws_config_config_rule" "rule" {
│ 
╵

That output is from Atlantis, so the formatting from it is a bit wonky.

bensonce commented 5 months ago

Hi, @jseiser! Thanks for bringing this to our attention. We're working on a fix in this PR: https://github.com/niaid/terraform-aws-managed-config-rules/pull/48

bensonce commented 5 months ago

Hello again. The latest 2.1.1 release should fix the errors you're seeing. Please try bumping the module version and let me know if that works.

jseiser commented 4 months ago

Sorry for the late reply, the new version worked.