Deleting Amazon Config Rules - Amazon Config
ConsiderationsUsing the consoleUsing the Amazon SDKs
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Deleting Amazon Config Rules

You can use the Amazon Config console or the Amazon SDKs to delete your rules.

Considerations

Recommendation: Consider excluding the AWS::Config::ResourceCompliance resource type from recording before deleting rules

Deleting rules creates configuration items (CIs) for AWS::Config::ResourceCompliance that can affect your costs for the configuration recorder. If you are deleting rules which evaluate a large number of resource types, this can lead to a spike in the number of CIs recorded.

To avoid the associated costs, you can opt to disable recording for the AWS::Config::ResourceCompliance resource type before deleting rules, and re-enable recording after the rules have been deleted.

However, since deleting rules is an asynchronous process, it might take an hour or more to complete. During the time when recording is disabled for AWS::Config::ResourceCompliance, rule evaluations will not be recorded in the associated resource’s history.

Deleting Rules (Console)

The Rules page shows your rules and their current compliance results in a table. The result for each rule is Evaluating... until Amazon Config finishes evaluating your resources against the rule. You can update the results with the refresh button. When Amazon Config finishes evaluations, you can see the rules and resource types that are compliant or noncompliant. For more information, see Viewing Compliance Information and Evaluation Results for your Amazon Resources with Amazon Config.

Note

Amazon Config evaluates only the resource types that it is recording. For example, if you add the cloudtrail-enabled rule but don't record the CloudTrail trail resource type, Amazon Config can't evaluate whether the trails in your account are compliant or noncompliant. For more information, see Recording Amazon Resources with Amazon Config.

To delete a rule

  1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at https://console.amazonaws.cn/config/home.

  2. In the Amazon Web Services Management Console menu, verify that the region selector is set to a region that supports Amazon Config rules. For the list of supported regions, see Amazon Config Regions and Endpoints in the Amazon Web Services General Reference.

  3. In the left navigation, choose Rules.

  4. Choose a rule from the table that you want to delete.

  5. From the Actions dropdown list, choose Delete rule.

  6. When prompted, type "Delete" (case-sensitive) and then choose Delete.

Deleting Rules (Amazon SDKs)

The following code examples show how to use DeleteConfigRule.

CLI
Amazon CLI

To delete an Amazon Config rule

The following command deletes an Amazon Config rule named MyConfigRule:

aws configservice delete-config-rule --config-rule-name MyConfigRule
Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository. 

class ConfigWrapper:
    """
    Encapsulates AWS Config functions.
    """

    def __init__(self, config_client):
        """
        :param config_client: A Boto3 AWS Config client.
        """
        self.config_client = config_client


    def delete_config_rule(self, rule_name):
        """
        Delete the specified rule.

        :param rule_name: The name of the rule to delete.
        """
        try:
            self.config_client.delete_config_rule(ConfigRuleName=rule_name)
            logger.info("Deleted rule %s.", rule_name)
        except ClientError:
            logger.exception("Couldn't delete rule %s.", rule_name)
            raise

  • For API details, see DeleteConfigRule in Amazon SDK for Python (Boto3) API Reference.