To delete AWS Config Rule, we need to go to the Rules page on the AWS Management Console
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today, let us see how we can delete AWS Config Rule and troubleshoot a related error.
Delete AWS Config Rule
On the Rules page, we can view the rules for the region in the account. In addition, we can see the evaluation status for each rule.
To view the rules:
- Initially, we sign in to the AWS Management Console and open the AWS Config console.
- Then we verify that the region selector is set to a region that supports AWS Config rules.
- Eventually, we select Rules.
It shows all the current rules in the AWS account. Also, it lists the name, associated remediation action, and compliance status.
To delete a rule:
- First, we select a rule from the table to delete.
- Then from the Actions dropdown list, we select the Delete rule.
- When we see a prompt, we type “Delete” (case-sensitive) and then select Delete.
How to troubleshoot a Common Error?
While we delete a config rule, it is quite possible for us to come across the following error:
“An error has occurred with AWS Config.”
Moving ahead, our Support Techs recommend few steps to troubleshoot this error from occurring.
The AWS IAM entity has permissions for the DeleteConfigRule API action
- We open the IAM console, and then in the navigation pane select, Users or Roles.
- Then we select the user or role we used to delete the AWS Config rule, and expand Permissions policies.
- Here, we select JSON.
- After that, we confirm that the IAM policy allows permissions for the DeleteConfigRule API action.
The IAM entity permission boundary allows the DeleteConfigRule API action
In case the IAM entity has a permission boundary we need to make sure it allows the DeleteConfigRule API action.
- To do so, we select the IAM console, and then in the navigation pane > Users or Roles.
- We select the user or role that we used to delete the AWS Config rule.
- Then we expand the Permissions boundary to select JSON.
- Later, we confirm that the IAM policy allows permissions for the DeleteConfigRule API action.
The service control policy (SCP) allows the DeleteConfigRule API action
- Open the AWS Organizations console using the management account.
- In Account name, we select the AWS account.
- In Policies, we expand Service control policies and note the SCP policies that are attached.
- Then from the top of the page, we select Policies.
- We select the policy and then select View details.
- Then we confirm that the policy allows the DeleteConfigRule API action.
The rule isn’t a service-linked rule
When we enable a security standard, AWS Security Hub creates AWS Config service-linked rules.
We can’t delete these service-linked rules using AWS Config.
No remediation actions are in progress
It is not possible for us to delete rules that have remediation actions in progress.
In such a case, we follow the instructions to delete the remediation action that associates with that rule.
Then, we try to delete the Config rule again.
[Need help with the process? We’d be happy to assist you]
To conclude, here we saw how our Support Techs go about deleting Config Rule in AWS.