Why is my AWS Config rule with required-tags status stuck on "Evaluating"?

Last updated: 2020-12-16

I created an AWS Config managed rule using required-tags to check for specific resources. However, my AWS Config rule with required-tags status is still "Evaluating" resources, or reporting unexpected results.


Use the following best practices when creating and editing AWS Config rules using required-tags.

  • The AWS Config configuration recorder must be turned on and configured in the same AWS Region as the AWS Config rule. To turn the configuration recorder on or off, see managing the configuration recorder.
  • AWS Config rules using required-tags typically return results in 20 minutes or less. Results can vary depending on the service or resource type due to downstream dependencies.
  • If the AWS Config rules Scope of changes is set to Resources, then verify that the resource type (for example, EC2::Instance) is specified for the trigger.
  • If the AWS Config rules Scope of changes is set to Tags with or without a tag value, then a supported resource must be tagged with a tag key.
  • Verify that the AWS Identity and Access Management (IAM) role assigned to AWS Config has the AWS_ConfigRole managed policy attached. For more information, see IAM role policy for getting configuration details.
  • For configuring AWS Config to record to Amazon Simple Storage Service (Amazon S3) buckets, verify that the permissions allow recording changes. For more information, see Troubleshooting for recording S3 buckets.