RemediationConfiguration

The RemediationConfiguration resource lets you manage AWS Config RemediationConfigurations for automatically remediating non-compliant resources in your AWS environment.

Minimal Example

Create a basic remediation configuration with required properties and a couple of optional ones.

import AWS from "alchemy/aws/control";

const remediationConfig = await AWS.Config.RemediationConfiguration("basicRemediationConfig", {
  ConfigRuleName: "myConfigRule",
  TargetType: "AWS::EC2::Instance",
  TargetId: "myRemediationTarget",
  Automatic: true,
  MaximumAutomaticAttempts: 3,
});

Advanced Configuration

Configure a remediation with execution controls and parameters for finer control over the remediation process.

const advancedRemediationConfig = await AWS.Config.RemediationConfiguration("advancedRemediationConfig", {
  ConfigRuleName: "myAdvancedConfigRule",
  TargetType: "AWS::S3::Bucket",
  TargetId: "myS3RemediationTarget",
  ExecutionControls: {
    SsmControls: {
      ConcurrentExecutionRatePercentage: 100,
      ErrorPercentage: 0,
    },
  },
  Parameters: {
    BucketName: JSON.stringify("my-remediation-bucket"),
    Region: JSON.stringify("us-west-2"),
  },
  Automatic: true,
});

Custom Retry Logic

Set up a remediation configuration with custom retry logic for handling failures during the remediation process.

const customRetryRemediationConfig = await AWS.Config.RemediationConfiguration("customRetryRemediationConfig", {
  ConfigRuleName: "myRetryConfigRule",
  TargetType: "AWS::IAM::Role",
  TargetId: "myIamRoleRemediationTarget",
  RetryAttemptSeconds: 30,
  MaximumAutomaticAttempts: 5,
  Automatic: true,
});

Manual Remediation Example

Demonstrate a manual remediation configuration that requires human intervention.

const manualRemediationConfig = await AWS.Config.RemediationConfiguration("manualRemediationConfig", {
  ConfigRuleName: "myManualConfigRule",
  TargetType: "AWS::EC2::Instance",
  TargetId: "myManualRemediationTarget",
  Automatic: false,
});