Remediation scripts in Cloud Configuration Assessment

After you’ve used Cloud Configuration Assessment’s filtering capabilities to prioritize what AWS resources you need to remediate first, you’re ready to take action with InsightVM-generated remediation scripts.

How these scripts work

Cloud Configuration Assessment provides scripts that you can run to fix the configuration conditions that caused a resource to fail a rule check. These remediation scripts are written in the Python language using commands provided by the Boto3 Software Development Kit (SDK). The Boto3 SDK empowers these scripts to access and make configuration changes to your AWS resources directly from your own workstation.

Most remediation scripts offered by Cloud Configuration Assessment are execution-ready as is; the script body automatically targets the failing resource and updates its configuration to pass the rule check that it originally failed. However, some scripts require that you substitute values manually before execution. Cloud Configuration Assessment provides substitution instructions for each script in these cases. The interface denotes substitution areas by wrapping placeholder values with the < and > characters in the script body.

Requirements

Your workstation must satisfy the following requirements to use InsightVM-generated remediation scripts:

Find and run a remediation script

After satisfying all the requirements, you’re ready to start using remediation scripts. You can view applicable remediation scripts in the detail views of individual findings in Cloud Configuration Assessment:

  1. In InsightVM, click Cloud Configuration in your left menu.
  2. On the Findings tab, filter your assessment results as needed until you locate the rule failure that you want to remediate.
  3. Click the Failed link in the Status column. The Finding Details page displays the proof of the rule check result along with one or more remediation scripts that you can run.
  4. Copy the script body that you want to execute and paste it in a text editor. Make sure to carefully examine your script body for substitution requirements and apply them as necessary.
  5. Save your script as a new file.
  6. Open a terminal or command prompt and navigate to the directory where your new script file is located.
  7. Use the following command format to run your script, substituting {script-name} with the name of your script file:
1
python3 {script-name}

Your script file will now execute and make the required configuration changes to your AWS resource.

Remediation complete!

Return to your Cloud Configuration Assessment results after the next data collection period (or even faster if you have a CloudTrail connection) to see the fruits of your remediation efforts!