RDKlib is a Python library to enable you to run custom AWS Config Rules at scale. The library can be used to:
- Help you to focus only on the compliance logic, while the library does the heavy lifting
- Ease maintenance by moving the boilerplate code as a AWS Lambda Layer
- Ease deployment by using AWS Serverless Application Repository
RDKLib works in synergy with the AWS Config Rule Development Kit.
pip install rdklib
The runtime of your RDK rule have to be set to python3.11-lib in the RDK to provide you the Rule template.
- For periodic trigger:
rdk create YOUR_RULE_NAME --runtime python3.11-lib --maximum-frequency TwentyFour_Hours
- For configuration change trigger (for example S3 Bucket):
rdk create YOUR_RULE_NAME --runtime python3.11-lib --resource-types AWS::S3::Bucket
Note: you need to install the RDK first.
RDKLib is designed to work as a AWS Lambda Layer. It allows you to use the library without needing to include it in your deployment package.
- Install RDKlib layer (with AWS CLI)
aws serverlessrepo create-cloud-formation-change-set --application-id arn:aws:serverlessrepo:ap-southeast-1:711761543063:applications/rdklib --stack-name RDKlib-Layer
# Copy/paste the full change-set ARN to customize the following command
aws cloudformation execute-change-set --change-set-name NAME_OF_THE_CHANGE_SET
aws cloudformation describe-stack-resources --stack-name serverlessrepo-RDKlib-Layer
# Copy the ARN of the Lambda layer in the "PhysicalResourceId" key (i.e. arn:aws:lambda:YOUR_REGION:YOUR_ACCOUNT:layer:rdklib-layer:1).
Note: You can do the same step manually going to https://console.aws.amazon.com/lambda/home#/create/function?tab=serverlessApps and find "rdklib"
- Deploy the rule
rdk deploy YOUR_RULE_NAME --rdklib-layer-arn YOUR_RDKLIB_LAYER_ARN
This project is licensed under the Apache-2.0 License.
Feel free to email [email protected]
- Benjamin Morris - Maintainer, code, testing
- Mark Beacom - Maintainer, code, testing
- Michael Borchert - Design, code, testing, feedback
- Ricky Chau - Maintainer, code, testing
- Julio Delgado Jr. - Design, testing, feedback
- Chris Gutierrez - Design, feedback
- Joe Lee - Design, feedback
- Jonathan Rault - Maintainer, design, code, testing, feedback
- Carlo DePaolis - Maintainer, code, testing