Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

InvalidParameterValueException - Getting this for various rules #46

Closed
jseiser opened this issue Jun 12, 2024 · 3 comments
Closed

InvalidParameterValueException - Getting this for various rules #46

jseiser opened this issue Jun 12, 2024 · 3 comments
Assignees
@bensonce
Labels
bug Something isn't working

Comments

@jseiser
Copy link

jseiser commented Jun 12, 2024

Deployed this into an AWS Govcloud account.

module "managed-config-rules" {
  source  = "niaid/managed-config-rules/aws"
  version = "2.1.0"

  rule_packs = [
    "Operational-Best-Practices-for-NIST-800-53-rev-4",
  ]

  rules_to_exclude = [
    "rds-in-backup-plan",
    "multi-region-cloudtrail-enabled",
    "root-account-mfa-enabled",
    "ec2-instance-managed-by-systems-manager",
    "root-account-hardware-mfa-enabled",
    "cloudtrail-enabled",
    "ec2-instances-in-vpc",
    "restricted-common-ports",
    "restricted-ssh"
  ]
}

If I uncomment those rules in the rules_to_exclude I get errors relating to them. Example below.

╷
│ Error: reading ConfigService Config Rule (rds-in-backup-plan): couldn't find resource
│ 
│   with module.managed-config-rules.module.account[0].aws_config_config_rule.rule["rds-in-backup-plan"],
│   on .terraform/modules/managed-config-rules/modules/account/main.tf line 1, in resource "aws_config_config_rule" "rule":
│    1: resource "aws_config_config_rule" "rule" {
│ 
╵
╷
│ Error: putting ConfigService Config Rule (multi-region-cloudtrail-enabled): operation error Config Service: PutConfigRule, https response error StatusCode: 400, RequestID: 761425bf-177f-412e-8674-3091e908aff4, InvalidParameterValueException: The sourceIdentifier MULTI_REGION_CLOUDTRAIL_ENABLED is invalid. Please refer to the documentation for a list of valid sourceIdentifiers that can be used when AWS is the Owner.
│ 
│   with module.managed-config-rules.module.account[0].aws_config_config_rule.rule["multi-region-cloudtrail-enabled"],
│   on .terraform/modules/managed-config-rules/modules/account/main.tf line 1, in resource "aws_config_config_rule" "rule":
│    1: resource "aws_config_config_rule" "rule" {
│ 
╵

That output is from Atlantis, so the formatting from it is a bit wonky.
@bensonce
Copy link
Contributor

Hi, @jseiser! Thanks for bringing this to our attention. We're working on a fix in this PR: #48

@bensonce bensonce self-assigned this Jun 13, 2024
@bensonce bensonce added the bug Something isn't working label Jun 13, 2024
@bensonce
Copy link
Contributor

Hello again. The latest 2.1.1 release should fix the errors you're seeing. Please try bumping the module version and let me know if that works.

@jseiser
Copy link
Author

jseiser commented Jun 18, 2024

Sorry for the late reply, the new version worked.

@jseiser jseiser closed this as completed Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bensonce bensonce

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jseiser @bensonce