AWS Config helps us with a clear view of the resources in our AWS account. Such as how they are configured, related to each other, and how the configurations have changed over a specific time period. In some cases, we do face initial hick-ups while enabling this feature in different regions. One of the most common issues has been with the delivery channels. Meaning this channel is responsible for sending the configuration changes to the target S3 bucket. Later this info is used by various services like Security Hub for different benchmarking results.
Cause: Our current S3 bucket for config is no longer a delivery channel for the recorder service.
How to find out: We can run below AWS-CLI(prerequisite) command to check the output or in this case expected error.
aws configservice describe-delivery-channels --region
If Output: “AWS Config cannot start recording because the delivery channel was not found”, we should follow the below methods to rectify it.
Method-1: Add the delivery channel using the AWS CLI
First, we need to edit and save the below JSON to file- deliveryChannel.json
{{ "name": "default", "s3BucketName": "config-bucket-123456789012", "snsTopicARN": "arn:aws:sns:us-east-2:123456789012:config-topic", "configSnapshotDeliveryProperties": { "deliveryFrequency": "Twelve_Hours" }
Now, we should use:
aws configservice put-delivery-channel --delivery-channel file://deliveryChannel.json
Method-2: If the first method did not help much, we can always scarp the previous AWS config set up completely. Once done, we will have the “Getting Started” screen on Config home and start a brand new set up. The command line for the same is as below:
aws configservice delete-configuration-recorder --configuration-recorder-name default --region
This time while creating the new configuration, we should also create a bucket policy for S3 to which we are expecting the config data inflow. For more details on S3 bucket policy: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html#granting-access-in-another-account
Bonus Points: Install AWS CLIV2 on work station- https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
Credit/Reference Links: