Amazon Config Custom Rules
Amazon Config Custom Rules are rules that you create from scratch. There are two ways to create
Amazon Config custom rules: with Lambda functions (Amazon Lambda Developer Guide) and with Guard (Guard GitHub
Repository
Amazon Config custom rules created with Lambda are called Amazon Config Custom Lambda Rules and Amazon Config custom rules created with Guard are called Amazon Config Custom Policy Rules.
Before using custom rules, see Considerations.
Amazon Config Custom Policy Rules
Rules written using Guard can be created from the Amazon Config console or by using
the Amazon Config rule APIs. Amazon Config Custom Policy rules allow you to create Amazon Config Custom rules
without needing to use Java or Python to develop Lambda functions to manage your custom
rules. Amazon Config Custom Policy rules are initiated by configuration changes. For more
information about Guard, see the Guard GitHub
Repository
Amazon Config Custom Lambda Rules
Custom Lambda rules provide you with the option to use Java or Python to create a Lambda function for a Amazon Config Custom rule. A Lambda function is custom code that you upload to Amazon Lambda, and it is invoked by events that are published to it by an event source. If the Lambda function is associated with an Amazon Config rule, Amazon Config invokes it when the rule is initiated. The Lambda function then evaluates the configuration information that is sent by Amazon Config, and it returns the evaluation results. For more information about Lambda functions, see Function and Event Sources in the Amazon Lambda Developer Guide.
Format differences for Amazon Config Custom Rules
The following table displays the format differences in the fields for the ConfigurationItem data type and for Amazon Config Custom Rules.
| ConfigurationItem | Amazon Config Custom Rule |
|---|---|
version |
configurationItemVersion |
accountId |
awsAccountId |
arn |
ARN |
configurationItemMD5Hash |
configurationStateMd5Hash |