English / 日本語
AWSCloudFormationTemplates/security-config-rules deletes AWS resources without required tags. This template covers the following resources.
- Amazon S3 - Bucket
- Amazon DynamoDB - Table
- Amazon API Gateway - API
- AWS Lambda - Function
.
├── README.md <-- Instructions file (Japanese)
├── README_EN.md <-- This instructions file
└── sam-app
├── checkRequiredTags <-- Source code for a lambda function(AWS Config Custom Rules)
│ ├── lambda_function.py <-- Lambda function code
│ └── requirements.txt <-- List of items to be installed using pip install
├── deleteUnapplicableResources <-- Source code for a lambda function
│ ├── lambda_function.py <-- Lambda function code
│ └── requirements.txt <-- List of items to be installed using pip install
└── template.yaml <-- SAM Template- Before running this Cloudformation template, run
Securitytemplate in this project.
- Click one of the two buttons below.
The following sections describe the individual components of the architecture.
Execute the command to deploy.
sam build
sam package --output-template-file packaged.yaml --s3-bucket S3_BUCKET_NAME
aws cloudformation deploy --template-file packaged.yaml --stack-name DefaultSecuritySettings-ConfigRules --s3-bucket S3_BUCKET_NAM --capabilities CAPABILITY_NAMED_IAMYou can provide optional parameters as follows.
| Name | Type | Default | Requied | Details |
|---|---|---|---|---|
| AutoRemediation | ENABLED / DISABLED | DISABLED | ○ | If it is ENABLED, AutoRemediation by SSM Automation and Lambda are enabled. |
| RequiredTagKey | String | createdby | ○ | AWS Config removes AWSnresouces without this tag. |
| RequiredTagValue | String | aws-cloudformation-templates | ○ | AWS Config removes AWSnresouces without this tag. |