How can I resolve the error "NoSuchRemediationConfigurationException" or "unexpected internal error" when trying to delete a remediation action in AWS Config?

2 minute read
0

When I delete a remediation action associated with an AWS config, I receive an error similar to one of the following: Using the AWS Command Line Interface (AWS CLI) command delete-remediation-configuration:

"An error occurred (NoSuchRemediationConfigurationException) when calling the DeleteRemediationConfiguration operation: No RemediationConfiguration for rule exists."

-or-

Using the AWS Management Console:

"An unexpected internal error occurred with AWS Config. Try again or contact AWS Support if the error persists."

How do I resolve this error?

Short description

This error message occurs because the PutRemediationConfiguration API call ResourceType parameter was specified in creation but not in deletion. If you use the ResourceType parameter in the PutRemediationConfiguration API, you must also use the ResourceType parameter in the DeleteRemediationConfiguration API.

Note: If no resource type is provided for PutRemediationConfiguration, the default is ResourceType=*.

Resolution

Follow these instructions to delete the resource type associated with your AWS Config rule.

Important: Before you begin, be sure that you have the latest version of the AWS CLI installed and configured.

1.    Run the AWS CLI command describe-remediation-configurations to identify the resource type that is used with PutRemediationConfiguration:

Note: Replace example-config-rule-name with your AWS Config rule name.

aws configservice describe-remediation-configurations --config-rule-names example-config-rule-name

2.    You receive an output similar to the following:

{
    "RemediationConfigurations": [
        {
            "TargetType": "SSM_DOCUMENT", 
            "MaximumAutomaticAttempts": 5, 
            "Parameters": {
                "AutomationAssumeRole": {
                    "StaticValue": {
                        "Values": [
                            "arn:aws:iam::example-accoun-Id:role/example-IAM-role"
                        ]
                    }
                }, 
                "BucketName": {
                    "ResourceValue": {
                        "Value": "RESOURCE_ID"
                    }
                }, 
                "SSEAlgorithm": {
                    "StaticValue": {
                        "Values": [
                            "AES256"
                        ]
                    }
                }
            }, 
            "Config-rule-name": "example-Config-rule-name", 
            "ResourceType": "AWS::S3::Bucket",                             
            "TargetId": "AWS-EnableS3BucketEncryption", 
            "RetryAttemptSeconds": 60, 
            "Automatic": true, 
            "Arn": "arn:aws:config:example-region:example-account-ID:remediation-configuration/example-config-rule-name/7467e289-f789-4b99-a848-deeeb3e90a0e"
        }
    ]
}

Note: In this example, the resource type is AWS::S3::Bucket.

3.    Run the AWS CLI command delete-remediation-configuration:

Note: Replace example-config-rule-name, example-resource-type, and example-region with your AWS Config rule name, resource type, and AWS Region.

aws configservice delete-remediation-configuration --config-rule-name example-config-rule-name --resource-type example-resource-type --region example-region

The remediation action associated with your AWS Config rule deletes successfully. You can now delete the AWS Config rule.


Related information

How can I troubleshoot failed remediation executions in AWS Config?

delete-config-rule

Delete remediation action (console)

AWS OFFICIAL
AWS OFFICIALUpdated 3 years ago