Merge pull request #177 from ekristen/fix-configservice-configrules

fix(configservice-configrules): filter out rules created by config-conforms
ekristen · May 20, 2024 · c9e8d90 · c9e8d90
2 parents 91ab562 + 3e4f4ca
commit c9e8d90
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/resources/configservice-configrules.go b/resources/configservice-configrules.go
@@ -2,14 +2,14 @@ package resources
 
 import (
 	"context"
-
 	"fmt"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/configservice"
 
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
 
 	"github.com/ekristen/aws-nuke/pkg/nuke"
 )
@@ -69,6 +69,10 @@ func (f *ConfigServiceConfigRule) Filter() error {
 		return fmt.Errorf("cannot remove rule owned by securityhub.amazonaws.com")
 	}
 
+	if aws.StringValue(f.createdBy) == "config-conforms.amazonaws.com" {
+		return fmt.Errorf("cannot remove rule owned by config-conforms.amazonaws.com")
+	}
+
 	return nil
 }
 
@@ -83,3 +87,9 @@ func (f *ConfigServiceConfigRule) Remove(_ context.Context) error {
 func (f *ConfigServiceConfigRule) String() string {
 	return *f.configRuleName
 }
+
+func (f *ConfigServiceConfigRule) Properties() types.Properties {
+	props := types.NewProperties()
+	props.Set("CreatedBy", f.createdBy)
+	return props
+}