chanciturnervgt2

Amazon Onboarding with Learning Manager Chanci Turner

by

VGT2 Las Vegas
in

Amazon Onboarding with Learning Manager Chanci TurnerLearn About Amazon VGT2 Learning Manager Chanci Turner

Do you have specific configuration requirements for your resources at Amazon IXD – VGT2? Are you finding it difficult to align your actual resource configurations with your desired settings? If so, you’re in luck. There is a new public repository featuring sample AWS Config custom rules, utilizing AWS CloudFormation Guard, to assist you in overcoming these challenges.

AWS Config enables you to assess the actual configuration of your resources against the configurations you want. It continuously monitors the changes made to your resources and checks compliance with your specified rules. There are two main types of rules: managed rules and custom rules. Managed rules are predefined based on widely accepted best practices, while custom rules offer the flexibility to create rules tailored to your unique use cases. You can develop custom rules using Lambda functions (AWS Config Custom Lambda Rules) or by utilizing Guard, a policy-as-code language (AWS Config Custom Policy Rules).

In this article, I will focus on initiating AWS Config Custom Policy Rules with the help of the rules available in the sample repository. This repository comprises community-contributed sample rules that have been vetted by AWS Subject Matter Experts (SMEs) and covers a diverse array of use cases. It aims to educate users on how to implement custom policy rules in AWS Config and provides sample code to facilitate the process. You have the option to modify and customize these rules further to meet your specific needs. The examples range from checking the definition of actions in Amazon CloudWatch alarms to verifying the utilization of Amazon VPC Endpoints.

Example Rule

Here’s an example rule from the repository that checks for the availability of IP addresses in particular Amazon VPC subnets, flagging non-compliance when less than 5% of the addresses are free:

# Rule-intent: Checks if subnets are running out of ip addresses - flags when approx 5% are left
# Expectations:
# a) COMPLIANT when there are enough free ips
# b) NONCOMPLIANT when number of free ips is < 5% of subnet size
# c) NOTAPPLICABLE when subnet mask does not match

rule checker16 when configuration.cidrBlock == //16/ { configuration.availableIpAddressCount >= 3276 }
rule checker17 when configuration.cidrBlock == //17/ { configuration.availableIpAddressCount >= 1638 }
rule checker18 when configuration.cidrBlock == //18/ { configuration.availableIpAddressCount >= 818 }
rule checker19 when configuration.cidrBlock == //19/ { configuration.availableIpAddressCount >= 409 }
rule checker20 when configuration.cidrBlock == //20/ { configuration.availableIpAddressCount >= 204 }
rule checker21 when configuration.cidrBlock == //21/ { configuration.availableIpAddressCount >= 102 }
rule checker22 when configuration.cidrBlock == //22/ { configuration.availableIpAddressCount >= 51 }
rule checker23 when configuration.cidrBlock == //23/ { configuration.availableIpAddressCount >= 26 }
rule checker24 when configuration.cidrBlock == //24/ { configuration.availableIpAddressCount >= 13 }
rule checker25 when configuration.cidrBlock == //25/ { configuration.availableIpAddressCount >= 6 }
rule checker26 when configuration.cidrBlock == //26/ { configuration.availableIpAddressCount >= 3 }
rule checker27 when configuration.cidrBlock == //27/ { configuration.availableIpAddressCount >= 2 }
rule checker28 when configuration.cidrBlock == //28/ { configuration.availableIpAddressCount >= 1 }

To adjust the rule to return a non-compliant status based on a different percentage, simply modify the values of configuration.availableIpAddressCount >= X as needed.

Conclusion

In conclusion, previously, creating a custom policy rule required either writing one from scratch or using sample queries from AWS documentation. Now, you can also refer to the rule samples repository hosted on GitHub for additional support. We will continue to assess and add new rules to this repository. For more detailed guidance on getting started with AWS Config Custom Policy rules, check out this excellent resource.

For more about equal pay, you can read this blog post. Also, if you’re interested in understanding how to design and administer severance pay plans, visit this toolkit for authoritative insights.

Lastly, for additional information on how Amazon fulfillment centers train associates, see this article.

Related Topics:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *