diff --git a/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip b/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip index 237170a4f..ed1502774 100644 Binary files a/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip and b/reference-artifacts/config-rules/ec2-instance-profile-permissions.zip differ diff --git a/reference-artifacts/config-rules/ec2-instance-profile.zip b/reference-artifacts/config-rules/ec2-instance-profile.zip index 1de00bf06..2ef41b1d5 100644 Binary files a/reference-artifacts/config-rules/ec2-instance-profile.zip and b/reference-artifacts/config-rules/ec2-instance-profile.zip differ diff --git a/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js b/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js index 2d4e26e12..fb9ce83ff 100644 --- a/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js +++ b/reference-artifacts/config-rules/src/ec2-instance-profile-permissions/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::IAM::Role']; @@ -28,20 +26,20 @@ exports.handler = async function (event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config - .putEvaluations({ - ResultToken: event.resultToken, - Evaluations: [ - { - ComplianceResourceId: configurationItem.resourceId, - ComplianceResourceType: configurationItem.resourceType, - ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, - Annotation: evaluation.annotation, - }, - ], - }) - .promise(); + const payload = { + ResultToken: event.resultToken, + Evaluations: [ + { + ComplianceResourceId: configurationItem.resourceId, + ComplianceResourceType: configurationItem.resourceType, + ComplianceType: evaluation.complianceType, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), + Annotation: evaluation.annotation, + }, + ], + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { @@ -84,7 +82,7 @@ async function evaluateCompliance(props) { if (!existingPolicyNames.includes(requiredPolicy.trim())) { return { complianceType: 'NON_COMPLIANT', - annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy, + annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy, }; } } @@ -96,7 +94,7 @@ async function evaluateCompliance(props) { if (!existingPolicyArns.includes(requiredPolicy.trim())) { return { complianceType: 'NON_COMPLIANT', - annotation: 'The IAM Role is not having required polocies attached ' + requiredPolicy, + annotation: 'The IAM Role is not having required policies attached ' + requiredPolicy, }; } } diff --git a/reference-artifacts/config-rules/src/ec2-instance-profile/index.js b/reference-artifacts/config-rules/src/ec2-instance-profile/index.js index 19557740b..2075d4b42 100644 --- a/reference-artifacts/config-rules/src/ec2-instance-profile/index.js +++ b/reference-artifacts/config-rules/src/ec2-instance-profile/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::EC2::Instance']; @@ -23,18 +21,20 @@ exports.handler = async function(event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config.putEvaluations({ + const payload = { ResultToken: event.resultToken, Evaluations: [ { ComplianceResourceId: configurationItem.resourceId, ComplianceResourceType: configurationItem.resourceType, ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), Annotation: evaluation.annotation, }, ], - }).promise(); + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { diff --git a/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js b/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js index 8c21046f6..efb271787 100644 --- a/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js +++ b/reference-artifacts/config-rules/src/ssm-patching-role-tags/index.js @@ -1,7 +1,5 @@ -const AWS = require('aws-sdk'); -AWS.config.logger = console; - -const config = new AWS.ConfigService(); +const { ConfigServiceClient, PutEvaluationsCommand } = require("@aws-sdk/client-config-service"); +const client = new ConfigServiceClient(); const APPLICABLE_RESOURCES = ['AWS::IAM::Role']; @@ -29,20 +27,20 @@ exports.handler = async function (event, context) { console.debug(`Evaluation`); console.debug(JSON.stringify(evaluation, null, 2)); - await config - .putEvaluations({ - ResultToken: event.resultToken, - Evaluations: [ - { - ComplianceResourceId: configurationItem.resourceId, - ComplianceResourceType: configurationItem.resourceType, - ComplianceType: evaluation.complianceType, - OrderingTimestamp: configurationItem.configurationItemCaptureTime, - Annotation: evaluation.annotation, - }, - ], - }) - .promise(); + const payload = { + ResultToken: event.resultToken, + Evaluations: [ + { + ComplianceResourceId: configurationItem.resourceId, + ComplianceResourceType: configurationItem.resourceType, + ComplianceType: evaluation.complianceType, + OrderingTimestamp: new Date(configurationItem.configurationItemCaptureTime), + Annotation: evaluation.annotation, + }, + ], + }; + const putEvaluationsCommand = new PutEvaluationsCommand(payload); + await client.send(putEvaluationsCommand); }; async function evaluateCompliance(props) { diff --git a/reference-artifacts/config-rules/ssm-patching-role-tags.zip b/reference-artifacts/config-rules/ssm-patching-role-tags.zip index 85b4c2dec..c85fe7641 100644 Binary files a/reference-artifacts/config-rules/ssm-patching-role-tags.zip and b/reference-artifacts/config-rules/ssm-patching-role-tags.zip differ