diff --git a/aws/resources/config_service.go b/aws/resources/config_service.go index b5c167bd..24999078 100644 --- a/aws/resources/config_service.go +++ b/aws/resources/config_service.go @@ -48,20 +48,36 @@ func (csr *ConfigServiceRule) nukeAll(configRuleNames []string) error { for _, configRuleName := range configRuleNames { logging.Debug(fmt.Sprintf("Start deleting config service rule: %s", configRuleName)) - _, err := csr.Client.DeleteRemediationConfigurationWithContext(csr.Context, &configservice.DeleteRemediationConfigurationInput{ - ConfigRuleName: aws.String(configRuleName), + + res, err := csr.Client.DescribeRemediationConfigurationsWithContext(csr.Context, &configservice.DescribeRemediationConfigurationsInput{ + ConfigRuleNames: []*string{aws.String(configRuleName)}, }) if err != nil { - pterm.Error.Println(fmt.Sprintf("Failed to delete remediation configuration w/ err %s", err)) + pterm.Error.Println(fmt.Sprintf("Failed to describe remediation configurations w/ err %s", err)) report.Record(report.Entry{ Identifier: configRuleName, ResourceType: "Config service rule", Error: err, }) - continue } + if len(res.RemediationConfigurations) > 0 { + _, err := csr.Client.DeleteRemediationConfigurationWithContext(csr.Context, &configservice.DeleteRemediationConfigurationInput{ + ConfigRuleName: aws.String(configRuleName), + }) + if err != nil { + pterm.Error.Println(fmt.Sprintf("Failed to delete remediation configuration w/ err %s", err)) + report.Record(report.Entry{ + Identifier: configRuleName, + ResourceType: "Config service rule", + Error: err, + }) + + continue + } + } + params := &configservice.DeleteConfigRuleInput{ ConfigRuleName: aws.String(configRuleName), } diff --git a/aws/resources/config_service_test.go b/aws/resources/config_service_test.go index 45962eef..4ebbbd1a 100644 --- a/aws/resources/config_service_test.go +++ b/aws/resources/config_service_test.go @@ -16,9 +16,10 @@ import ( type mockedConfigServiceRule struct { configserviceiface.ConfigServiceAPI - DescribeConfigRulesOutput configservice.DescribeConfigRulesOutput - DeleteConfigRuleOutput configservice.DeleteConfigRuleOutput - DeleteRemediationConfigurationOutput configservice.DeleteRemediationConfigurationOutput + DescribeConfigRulesOutput configservice.DescribeConfigRulesOutput + DeleteConfigRuleOutput configservice.DeleteConfigRuleOutput + DeleteRemediationConfigurationOutput configservice.DeleteRemediationConfigurationOutput + DescribeRemediationConfigurationsOutput configservice.DescribeRemediationConfigurationsOutput } func (m mockedConfigServiceRule) DescribeConfigRulesPagesWithContext(_ awsgo.Context, _ *configservice.DescribeConfigRulesInput, fn func(*configservice.DescribeConfigRulesOutput, bool) bool, _ ...request.Option) error { @@ -34,6 +35,10 @@ func (m mockedConfigServiceRule) DeleteRemediationConfigurationWithContext(_ aws return &m.DeleteRemediationConfigurationOutput, nil } +func (m mockedConfigServiceRule) DescribeRemediationConfigurationsWithContext(_ awsgo.Context, _ *configservice.DescribeRemediationConfigurationsInput, _ ...request.Option) (*configservice.DescribeRemediationConfigurationsOutput, error) { + return &m.DescribeRemediationConfigurationsOutput, nil +} + func TestConfigServiceRule_GetAll(t *testing.T) { t.Parallel() @@ -87,8 +92,9 @@ func TestConfigServiceRule_NukeAll(t *testing.T) { csr := ConfigServiceRule{ Client: mockedConfigServiceRule{ - DeleteConfigRuleOutput: configservice.DeleteConfigRuleOutput{}, - DeleteRemediationConfigurationOutput: configservice.DeleteRemediationConfigurationOutput{}, + DeleteConfigRuleOutput: configservice.DeleteConfigRuleOutput{}, + DeleteRemediationConfigurationOutput: configservice.DeleteRemediationConfigurationOutput{}, + DescribeRemediationConfigurationsOutput: configservice.DescribeRemediationConfigurationsOutput{}, }, }