As a part of our AWS Support Services, we help our Customers to fix AWS related errors regularly.
Let us today discuss the possible causes and fixes for this error.
What causes the message an error has occurred with AWS Config?
As we discussed earlier, the AWS Config console returns this message after enabling AWS Security Hub. For instance, a typical error message looks like:
An error has occurred with AWS Config. Contact AWS Support
This reasons for this error include:
1.Permission issues
2.Duplicate accounts
Permission issues
AWS Identity and Access Management (IAM) is a web service that helps to securely control access to AWS resources.Thus, If the IAM entity attempting to perform an action on the AWS Config console does not have the necessary IAM permissions, it can trigger this error.
Duplicate Accounts
An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from multiple accounts. This error can occur if the AWS Config aggregator contains duplicate accounts or if AWS Systems Manager parameters are invalid.
How to fix an error has occurred with AWS Config?
Let us no look at the possible steps to fix this error.
1. Verify that AWS Config is enabled in the same AWS Region as Security Hub
AWS Config must be manually enabled in the same Region as Security Hub. For this,
1. Open the AWS Config console in the same Region that you have Security Hub enabled.
2. If AWS Config is not enabled, then follow the instructions given here for setting up AWS Config with the Console.
2. Verify AWS Config is recording all resources including global in your Region
You can modify the type of resources that AWS Config records.
1. First, Open the AWS Config console, and choose Settings.
2. Then, In Settings, confirm Recording is on.
3. Now, In Resource types to record, select Record all resources supported in this region.
4. Then, In Resource types to record, select Include global resources.
5. Finally, Choose Save.
These settings apply to all of the AWS accounts that are configured with Security Hub, including AWS Organizations member accounts. Also, If you do not want to record all resource types in AWS Config, be sure that the required resource types for CIS, PCI DSS, and AWS Foundational Security Best Practices controls are recording.
Further, You do not need to enable global resources in all Regions. To avoid duplicate configuration settings, you can enable global settings in only the same AWS Region as Security Hub per AWS account. Also, it can take up to 24 hours for the recorder settings to complete.
3. Use Amazon CloudWatch log filter patterns to search AWS CloudTrail log data
We can search and troubleshoot AWS Config error messages with the instructions below:
1. First, Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
2. Then, In the navigation pane, choose Log groups.
3. Now, For Log Groups, choose the name of the log group containing the log stream to search.
4.For Log Streams, choose the name of the log stream to search.
5.Next, In Filter, paste the following example syntax, and then choose enter on your device:
EventSource: config.amazonaws.com
6. Finally, note the error and try to resolve the error.
4. Verify the permissions on the Security Hub service-linked role
AWS Security Hub uses service-linked roles to provide permissions to AWS services. The following AWS Identity and Access Management (IAM) permission allows access to AWS Config with Security Hub:
{
“Effect”: “Allow”,
“Action”: [
“config:PutConfigRule”,
“config:DeleteConfigRule”,
“config:GetComplianceDetailsByConfigRule”,
“config:DescribeConfigRuleEvaluationStatus”
],
“Resource”: “arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*”
}
[Need any further assistance in fixing AWS errors? – We’re available 24*7]
Conclusion
In short, AWS Config console returns the error message “An error has occurred with AWS Config” after enabling AWS Security Hub. Today, we saw how our Support Engineers fix this error.
0 Comments