Undeploy¶
The inverse of deploy, this command is used to remove a Config Rule and its Lambda Function from the targeted account.
This is intended to be used primarily for clean-up for testing deployment automation (perhaps from a CI/CD pipeline) to ensure that it works from an empty account, or to clean up a test account during development. See also the clean command if you want to more thoroughly scrub Config from your account.
usage: rdk undeploy [-h] [--all] [-s RULESETS] [-f]
[--lambda-role-arn LAMBDA_ROLE_ARN]
[--stack-name STACK_NAME]
[--execution-role-name EXECUTION_ROLE_NAME]
[--rdklib-layer-arn RDKLIB_LAYER_ARN]
[--lambda-layers LAMBDA_LAYERS] [--force]
[<rulename> [<rulename> ...]]
Positional Arguments¶
| <rulename> | Rule name(s) to deploy. Rule(s) will be pushed to AWS. |
Named Arguments¶
| --all, -a | All rules in the working directory will be deployed. Default: False |
| -s, --rulesets | comma-delimited list of RuleSet names |
| -f, --functions-only | |
[optional] Only deploy Lambda functions. Useful for cross-account deployments. Default: False | |
| --lambda-role-arn | |
| [optional] Assign existing iam role to lambda functions. If omitted, “rdkLambdaRole” will be created. | |
| --stack-name | [optional] CloudFormation Stack name for use with –functions-only option. If omitted, “RDK-Config-Rule-Functions” will be used. |
| --execution-role-name | |
| [optional] IAM Role that the Lambda function(s) will assume in each target account. | |
| --rdklib-layer-arn | |
| [optional] Lambda Layer ARN that contains the desired rdklib. Note that Lambda Layers are region-specific. | |
| --lambda-layers | |
| [optional] Comma-separated list of Lambda Layer ARNs to deploy with your Lambda function(s). | |
| --force | [optional] Remove selected Rules from account without prompting for confirmation. Default: False |