Managing Deleted Resources for Amazon Config Custom Lambda Rules - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managing Deleted Resources for Amazon Config Custom Lambda Rules

Rules reporting on deleted resources should return the evaluation result of NOT_APPLICABLE in order to avoid unnecessary rule evaluations.

When you delete a resource, Amazon Config creates a configurationItem with ResourceDeleted for the configurationItemStatus. You can use this metadata to check if a rule reports on a deleted resource. For more information on configuration items, see Concepts | Configuration Items.

Include the following code snippets to check for deleted resources and set the evaluation result of an Amazon Config custom lambda rule to NOT_APPLICABLE if it reports on a deleted resource:

Custom Lambda Rules (Node.js)
// Check whether the resource has been deleted. If the resource was deleted, then the evaluation returns not applicable.
function isApplicable(configurationItem, event) {
    checkDefined(configurationItem, 'configurationItem');
    checkDefined(event, 'event');
    const status = configurationItem.configurationItemStatus;
    const eventLeftScope = event.eventLeftScope;
    return (status === 'OK' || status === 'ResourceDiscovered') && eventLeftScope === false;
}
Custom Lambda Rules (Python)
# Check whether the resource has been deleted. If the resource was deleted, then the evaluation returns not applicable.
def is_applicable(configurationItem, event):
    try:
        check_defined(configurationItem, 'configurationItem')
        check_defined(event, 'event')
    except:
        return True
    status = configurationItem['configurationItemStatus']
    eventLeftScope = event['eventLeftScope']
    if status == 'ResourceDeleted':
        print("Resource Deleted, setting Compliance Status to NOT_APPLICABLE.")
    return (status == 'OK' or status == 'ResourceDiscovered') and not eventLeftScope
Note

Amazon Config managed rules and Amazon Config custom policy rules handle this behavior by default.

If you create an Amazon Config custom lambd rule with Python using the Amazon Config Development Kit (RDK) and Amazon Config Development Kit Library (RDKlib), the imported Evaluator class will check this behavior. For information on how to write rules with the RDK and RDKlib, see Writing rules with the RDK and RDKlib.