AWS Config Rule checks ...
Example
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: exec-check
spec:
interval: 30
awsConfigRule:
- description: "AWS Config Rule Checker"
name: AWS Config Rule Checker
rules:
- "s3-bucket-public-read-prohibited"
ignoreRules:
- "s3-bucket-public-write-prohibited"
| Field |
Description |
Scheme |
Required |
name |
Name of the check |
string |
|
description |
Description for the check |
string |
|
icon |
Icon for overwriting default icon on the dashboard |
string |
|
labels |
Labels for check |
map[string]string |
|
test |
Template to test the result against |
Template |
|
display |
Template to display the result in |
Template |
|
transform |
Template for transformation |
Template |
|
ignoreRules |
List of rules which would be omitted from the fetch result. |
[]string |
|
rules |
Specify one or more Config rule names to filter the results by rule. |
[]string |
|
complianceTypes |
Filters the results by compliance. The allowed values are INSUFFICIENT_DATA, NON_COMPLIANT, NOT_APPLICABLE, COMPLIANT |
[]string |
|
awsConnection |
AWS connection details. |
AWSConnection |
true |
| Field |
Description |
Scheme |
Required |
jsonPath |
Specify path to JSON element for use in template |
string |
|
template |
Specify Go template for use |
string |
|
expr |
Specify expression for use in template |
string |
|
javascript |
Specify javascript syntax to run for template |
string |
|
| Field |
Description |
Scheme |
Required |
accessKey |
Specify the access key |
kommons.EnvVar |
|
secretKey |
Specify the secret key |
kommons.EnvVar |
|
region |
Specify the region |
string |
|
endpoint |
Specify the endpoint |
string |
|
skipTLSVerify |
Skip TLS verification when connecting to AWS |
bool |
|
objectPath |
Glob path to restrict matches to a subset |
string |
|
usePathStyle |
Use path style path: http://s3.amazonaws.com/BUCKET/KEY instead of http://BUCKET.s3.amazonaws.com/KEY |
bool |
|
AWS Config Rule