Create¶
As of version 0.6, RDK supports Config remediation. Note that in order to use SSM documents for remediation you must supply all of the necessary document parameters. These can be found in the SSM document listing on the AWS console, but RDK will not validate at rule creation that you have all of the necessary parameters supplied.
Rules are stored in their own directory along with their metadata. This command is used to create the Rule and metadata.
usage: rdk create <rulename> --runtime <runtime> [ --resource-types <resource types> | --maximum-frequency <max execution frequency> ] [optional configuration flags] [--rulesets <RuleSet tags>]
Positional Arguments¶
| <rulename> | Rule name to create/modify |
Named Arguments¶
| -R, --runtime | Possible choices: nodejs4.3, java8, python2.7, python3.6, python3.6-lib, python3.7, dotnetcore1.0, dotnetcore2.0 Runtime for lambda function |
| --source-identifier | |
| [optional] Used only for creating Managed Rules. | |
| -r, --resource-types | |
| [optional] Resource types that will trigger event-based Rule evaluation | |
| -m, --maximum-frequency | |
Possible choices: One_Hour, Three_Hours, Six_Hours, Twelve_Hours, TwentyFour_Hours [optional] Maximum execution frequency for scheduled Rules | |
| -i, --input-parameters | |
| [optional] JSON for required Config parameters. | |
| --optional-parameters | |
| [optional] JSON for optional Config parameters. | |
| --tags | [optional] JSON for tags to be applied to all CFN created resources. |
| -s, --rulesets | [optional] comma-delimited list of RuleSet names to add this Rule to. |
| --remediation-action | |
| [optional] SSM document for remediation. | |
| --remediation-action-version | |
| [optional] SSM document version for remediation action. | |
| --auto-remediate | |
[optional] Set the SSM remediation to trigger automatically. Default: False | |
| --auto-remediation-retry-attempts | |
| [optional] Number of times to retry automated remediation. | |
| --auto-remediation-retry-time | |
| [optional] Duration of automated remediation retries. | |
| --remediation-concurrent-execution-percent | |
| [optional] Concurrent execution rate of the SSM document for remediation. | |
| --remediation-error-rate-percent | |
| [optional] Error rate that will mark the batch as “failed” for SSM remediation execution. | |
| --remediation-resource-id-parameter | |
| [optional] Parameter that will be passed to SSM remediation document. | |
| --remediation-parameters | |
| [optional] JSON-formatted string of additional parameters required by the SSM document. | |