AWS Auto Remediate

The Auto Remediate function is activated through an SQS Queue named auto-remediate-config-compliance.

The SQS Queue receives a compliance payload from AWS Config through a CloudWatch Event named auto-remediate-config-compliance.

The purpose of the CloudWatch Event is to filter out all messages related to non-compliance that AWS Config generates. When the Lambda function is triggered, it will attempt to address the security issue. If the remediation attempt fails, the event payload will be directed to the dead letter queue (DLQ), specifically the SQS Queue named auto-remediate-dlq. Each time a payload is sent to the DLQ, an attribute called try_count is incremented for the SQS message. Once this count surpasses the RETRYCOUNT variable associated with the Lambda Function, the message will no longer be forwarded to the DLQ. If there is no existing remediation for the incoming AWS Config event, the AWS Config payload will be sent to an SNS Topic.