Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix config rule nuking #762

Merged
merged 2 commits into from
Aug 16, 2024
Merged

Fix config rule nuking #762

merged 2 commits into from
Aug 16, 2024

Conversation

autero1
Copy link
Contributor

@autero1 autero1 commented Aug 15, 2024

Description

Nuking config rules fails if there is no remediation config. Add step to check existence of remediation configs before nuking.

# Found AWS Resources
┌─────────────────────────────────────────────────────────────────────────────────┐
| Resource Type    | Region         | Identifier                        | Nukable |
| ------------------------------------------------------------------------------- |
| config-rules     | ap-southeast-2 | encrypted-volumes                 | -       |
└─────────────────────────────────────────────────────────────────────────────────┘

 WARNING  THE NEXT STEPS ARE DESTRUCTIVE AND COMPLETELY IRREVERSIBLE, PROCEED WITH CAUTION!!!

Are you sure you want to nuke all listed resources? Enter 'nuke' to confirm (or exit with ^C) : nuke
  ERROR   Failed to delete remediation configuration w/ err NoSuchRemediationConfigurationException: No RemediationConfiguration for rule encrypted-volumes exists

TODOs

Read the Gruntwork contribution guidelines.

  • Update the docs.
  • Run the relevant tests successfully, including pre-commit checks.
  • Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
  • Include release notes. If this PR is backward incompatible, include a migration guide.
  • Attention Grunts - if this PR adds support for a new resource, ensure the nuke_sandbox and nuke_phxdevops jobs in .circleci/config.yml have been updated with appropriate exclusions (either directly in the job or via the .circleci/nuke_config.yml file) to prevent nuking IAM roles, groups, resources, etc that are important for the test accounts.

Release Notes (draft)

Added / Removed / Updated [X].

Migration Guide

@autero1 autero1 requested review from arsci and denis256 as code owners August 15, 2024 18:45
@autero1 autero1 requested review from james03160927 and removed request for arsci and denis256 August 15, 2024 18:45
james03160927
james03160927 approved these changes Aug 16, 2024
View reviewed changes
Copy link
Contributor

@james03160927 james03160927 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@james03160927 james03160927 merged commit 45e4ac8 into master Aug 16, 2024
3 checks passed
@james03160927 james03160927 deleted the fix/config-rule-remediation branch August 16, 2024 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@james03160927 james03160927 james03160927 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@autero1 @james03160927