How can I troubleshoot failed remediation executions in AWS Config?

Last updated: 2019-10-30

I followed the instructions for Remediating Noncompliant AWS Resources by AWS Config Rules. However, the remediation execution failed, and the AWS Config console displays the Action status error "Action execution failed (details)". I opened the Details page, but it doesn't contain enough information to troubleshoot the issue.

Resolution

For a more detailed error message, state, and timestamps for remediation execution steps, run the AWS Command Line Interface (AWS CLI) command describe-remediation-execution-status similar to the following:

Note: Replace example-rule, example-region, example-resource-type, and example-resource-ID with your AWS Config rule name, Region, resource type, and resource ID.

Important: Before you begin, be sure you have the latest version of the AWS CLI installed and configured.  

 

aws configservice describe-remediation-execution-status \
                  --config-rule-name example-rule \
                  --region example-region \
                  --resource-keys resourceType=example-resource-type,resourceId=example-resource-ID

You can find the action that the remediation execution performed. Verify that the error relates to AWS Identity and Access Management (IAM) permissions, syntax issues, or incorrect parameters configured in the remediation action.