Bobcares

An error has occurred with AWS Config – How to fix?

by | Aug 19, 2020

AWS Security Hub provides a comprehensive view of high-priority security alerts and security posture across one’s AWS accounts. At times AWS Config console returns the error message “An error has occurred with AWS Config” after enabling AWS Security Hub.

As a part of our AWS Support Services, we help our Customers to fix AWS related errors regularly.

Let us today discuss the possible causes and fixes for this error.

What causes the message an error has occurred with AWS Config? 

As we discussed earlier, the AWS Config console returns this message after enabling AWS Security Hub. For instance, a typical error message looks like:

An error has occurred with AWS Config. Contact AWS Support

This reasons for this error include:

1.Permission issues
2.Duplicate accounts

Permission issues

AWS Identity and Access Management (IAM) is a web service that helps to securely control access to AWS resources.Thus,  If the IAM entity attempting to perform an action on the AWS Config console does not have the necessary IAM permissions, it can trigger this error.

Duplicate Accounts

An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from ​multiple accounts. This error can occur if the AWS Config aggregator contains duplicate accounts or if AWS Systems Manager parameters are invalid.

How to fix an error has occurred with AWS Config? 

Let us no look at the possible steps to fix this error.

1. Verify that AWS Config is enabled in the same AWS Region as Security Hub

AWS Config must be manually enabled in the same Region as Security Hub. For this,

1. Open the AWS Config console in the same Region that you have Security Hub enabled.

2. If AWS Config is not enabled, then follow the instructions given here for setting up AWS Config with the Console.

2. Verify AWS Config is recording all resources including global in your Region

You can modify the type of resources that AWS Config records.

1. First, Open the AWS Config console, and choose Settings.
2. Then, In Settings, confirm Recording is on.
3. Now, In Resource types to record, select Record all resources supported in this region.
4. Then, In Resource types to record, select Include global resources.
5. Finally, Choose Save.

These settings apply to all of the AWS accounts that are configured with Security Hub, including AWS Organizations member accounts. Also, If you do not want to record all resource types in AWS Config, be sure that the required resource types for CIS, PCI DSS, and AWS Foundational Security Best Practices controls are recording.

Further, You do not need to enable global resources in all Regions. To avoid duplicate configuration settings, you can enable global settings in only the same AWS Region as Security Hub per AWS account. Also, it can take up to 24 hours for the recorder settings to complete.

3. Use Amazon CloudWatch log filter patterns to search AWS CloudTrail log data

We can search and troubleshoot AWS Config error messages with the instructions below:

1. First, Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
2. Then, In the navigation pane, choose Log groups.
3. Now, For Log Groups, choose the name of the log group containing the log stream to search.
4.For Log Streams, choose the name of the log stream to search.
5.Next, In Filter, paste the following example syntax, and then choose enter on your device:

EventSource: config.amazonaws.com

6. Finally, note the error and try to resolve the error.

4. Verify the permissions on the Security Hub service-linked role

AWS Security Hub uses service-linked roles to provide permissions to AWS services. The following AWS Identity and Access Management (IAM) permission allows access to AWS Config with Security Hub:

{
“Effect”: “Allow”,
“Action”: [
“config:PutConfigRule”,
“config:DeleteConfigRule”,
“config:GetComplianceDetailsByConfigRule”,
“config:DescribeConfigRuleEvaluationStatus”
],
“Resource”: “arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*”
}

[Need any further assistance in fixing AWS errors? – We’re available 24*7]

Conclusion

In short, AWS Config console returns the error message “An error has occurred with AWS Config” after enabling AWS Security Hub. Today, we saw how our Support Engineers fix this error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.