How can I troubleshoot AWS Config console error messages?

Last updated: 2019-06-11

My AWS Config console returns an error or isn't working as expected. How can I troubleshoot issues with my AWS Config console?  

Short Description

You perform an action in the AWS Config console and receive an error message similar to the following:

  • "An error has occurred with AWS Config. Contact AWS Support."
  • "We are unable to complete the request at this time. Try again later or contact AWS Support."
  • "AWS Config is currently experiencing unusually high traffic. Try your request again or contact AWS support."
  • "An unexpected internal error occurred with AWS Config. Try again or contact AWS support if the error persists"

Resolution

Follow these troubleshooting steps for the specific AWS Config console error message.

An error has occurred with AWS Config. Contact AWS Support

This error can occur if the AWS Identity and Access Management (IAM) entity attempting to perform an action on the AWS Config console doesn't have the necessary IAM permissions. For example, config:PutConfigRule, iam:PassRole, ssm:ListDocuments, and so on. This error also can occur if your AWS Config aggregator contains duplicate accounts or AWS Systems Manager parameters are invalid.

AWS API Error Code CloudTrail Error Message Related AWS Config API Description Resolution

InsufficientDeliveryPolicyException

Insufficient delivery policy to s3 bucket:<Bucket Name>, unable to write to bucket, provided s3 key prefix is 'null'.

PutDeliveryChannel

Amazon Simple Storage Service (Amazon S3) bucket policy lacks permission to write into the target bucket.

  1. Check the Amazon S3 bucket policy and verify it allows the config.amazonaws.com service to write into the target bucket.
  2. Review the IAM entity permission and use the Full access Policy.
  3. Verify that the IAM entity has permissions to write to the s3:GetBucketAcl and s3:PutObject* buckets.

InvalidParameterValueException

Your configuration aggregator contains duplicate accounts. Delete the duplicate accounts and try again.

PutConfigurationAggregator

Your configuration aggregator contains duplicate accounts.

If you added a new aggregator or edited an existing one using the same account ID, delete the duplicate account and try again. For more information, see Setting Up an Aggregator Using the Console.

InvalidParameterValueException

RemediationConfiguration(s) for AWS Config Rule(s) <Config_Rule_Name> are missing required document parameters. Specify all required document parameters and try again.

PutRemediationConfigurations

The required Systems Manager parameter is empty, or one or more of the specified parameters are invalid.

Add the required Systems Manager parameters. For more information, see Systems Manager Automation Document Details Reference.

We are unable to complete the request at this time. Try again later or contact AWS Support

This error can occur if you exceed the AWS Config aggregator limit, or if you are calling the StartConfigRulesEvaluation API more than once per minute.  

AWS API Error Code

CloudTrail Error Message

Related AWS Config API

Description

Resolution
         

LimitExceededException

The configuration aggregator '<aggregator_name>' could not be created because the account already contains '50' configuration aggregators. Consider deleting configuration aggregators or contact AWS Config to increase the limit."

PutConfigurationAggregator

This error indicates that the number of the aggregators exceeds the limit.

The default limit for configuration aggregators is 50. You can delete an aggregator or request a limit increase. For more information, see AWS Config Limits.

 

LimitExceededException

You have exceeded the maximum request rate. Try again at a later time.

StartConfigRulesEvaluation

This error indicates you're calling the StartConfigRulesEvaluation API more than once per minute, or when another evaluation is in progress.

The StartConfigRulesEvaluation API call is limited to once per minute. Wait for the current evaluation to complete, or wait one minute and try again.

AWS Config is currently experiencing unusually high traffic. Try your request again or contact AWS support.

This error can occur if you are using the API call GetResourceConfigHistory or ListDiscoveredResources with a Lambda function.  

AWS API Error Code

CloudTrail Error Message

Related AWS Config API

Description

Resolution

ThrottlingException

Rate exceeded

GetResourceConfigHistory

Using the API call GetResourceConfigHistory with a Lambda Function can cause an issue if the allowed Lambda limit is exceeded.

  1. If your Lambda function retrieves the old state of your resources, use the earlierTime parameter to limit the history period using a time stamp with the GetResourceConfigHistory API.
  2. If your Lambda function determines the current configuration of your resources, consider using the BatchGetResourceConfig API call instead of GetResourceConfigHistory.

ThrottlingException

Rate exceeded

ListDiscoveredResources

Using the API call ListDiscoveredResources with a Lambda Function can cause an issue if there is a high rate within a short interval that exceeds the throttle rate in the account per Region.

Reduce the frequency of API calls by implementing a sleep time. For more information, see Managing AWS Lambda Function Concurrency.

Note: In addition to these best practices, you can also implement exponential backoff and retry your request.

An unexpected internal error occurred with AWS Config. Try again or contact AWS support if the error persists

This error can occur if you switched to a different AWS Region, or attempted to delete a remediation while there is a remediation in progress.

AWS API Error Code

CloudTrail Error Message

Related AWS Config API Description

Resolution

NoSuchConfigRuleException

The ConfigRule '<Config rule name>' provided in the request is invalid. Please check the configRule name.

GetComplianceDetailsByConfigRule

You might receive this error in AWS Config rules if you switched to a different AWS Region, because the rule does not exist in that Region.

Switch back to the AWS Region that contains the AWS Config rule. For more information, see Choosing a Region.

RemediationInProgressException

Remediation action is in progress.

DeleteRemediationConfiguration

You deleted a remediation while there is a remediation in progress.

If you deleted a remediation action when a remediation was in progress, you can either cancel the execution with the stop-automation-execution command, or wait and try again later.