How can I resolve the error "NoSuchRemediationConfigurationException" or "unexpected internal error" when trying to delete a remediation action in AWS Config?

Last updated: 2020-01-14

I followed the instructions to delete a remediation action associated with an AWS config rule using the AWS Command Line Interface (AWS CLI) command delete-remediation-configuration. I received an error similar to the following:

"An error occurred (NoSuchRemediationConfigurationException) when calling the DeleteRemediationConfiguration operation: No RemediationConfiguration for rule exists."

-Or-

Using the AWS Management Console:

"An unexpected internal error occurred with AWS Config. Try again or contact AWS Support if the error persists."  

Short Description

This error message occurs because the PutRemediationConfiguration API call ResourceType parameter was specified in creation but not in deletion. If you use the ResourceType parameter in the PutRemediationConfiguration API, you must also use the ResourceType parameter in the DeleteRemediationConfiguration API.

Note: If no resource type is provided for PutRemediationConfiguration, the default is ResourceType=*.

Resolution

Follow these instructions to delete the resource type associated with your AWS Config rule.

Important: Before you begin, be sure that you have the latest version of the AWS CLI installed and configured.

1.    Run the AWS CLI command describe-remediation-configurations to verify the resource type that is used with PutRemediationConfiguration that is similar to the following:

Note: Replace example-config-rule-name with your AWS Config rule name.

aws configservice describe-remediation-configurations --config-rule-names example-config-rule-name

2.    You receive an output similar to the following:  

{
    "RemediationConfigurations": [
        {
            "TargetType": "SSM_DOCUMENT", 
            "MaximumAutomaticAttempts": 5, 
            "Parameters": {
                "AutomationAssumeRole": {
                    "StaticValue": {
                        "Values": [
                            "arn:aws:iam::example-accoun-Id:role/example-IAM-role"
                        ]
                    }
                }, 
                "BucketName": {
                    "ResourceValue": {
                        "Value": "RESOURCE_ID"
                    }
                }, 
                "SSEAlgorithm": {
                    "StaticValue": {
                        "Values": [
                            "AES256"
                        ]
                    }
                }
            }, 
            "Config-rule-name": "example-Config-rule-name", 
            "ResourceType": "AWS::S3::Bucket",                             
            "TargetId": "AWS-EnableS3BucketEncryption", 
            "RetryAttemptSeconds": 60, 
            "Automatic": true, 
            "Arn": "arn:aws:config:example-region:example-account-ID:remediation-configuration/example-config-rule-name/7467e289-f789-4b99-a848-deeeb3e90a0e"
        }
    ]
}

Note: In this example, the resource type is AWS::S3::Bucket.

3.    Run the AWS CLI command delete-remediation-configuration similar to the following:

Note: Replace example-config-rule-name, example-resource-type, and example-region with your AWS Config rule name, resource type, and AWS Region.

aws configservice delete-remediation-configuration --config-rule-name example-config-rule-name --resource-type example-resource-type --region example-region 

The remediation action associated with your AWS Config rule deletes successfully. You should now be able to delete the AWS Config rule.  


Did this article help you?

Anything we could improve?


Need more help?