aws_config_remediation_configuration: No support for "automatic" remediation

[dexterlakin]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I'd like to be able to configure a aws_config_remediation_configuration resource of type "automatic", see: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html

New or Affected Resource(s)

• aws_config_remediation_configuration

Potential Terraform Configuration

resource "aws_config_remediation_configuration" "this" {
  type = automatic
  config_rule_name = aws_config_config_rule.this.name
  resource_type    = "AWS::S3::Bucket"
  target_type      = "SSM_DOCUMENT"
  target_id        = "AWS-EnableS3BucketEncryption"
  target_version   = "1"

  parameter {
    name         = "AutomationAssumeRole"
    static_value = "arn:aws:iam::875924563244:role/security_config"
  }
  parameter {
    name           = "BucketName"
    resource_value = "RESOURCE_ID"
  }
  parameter {
    name         = "SSEAlgorithm"
    static_value = "AES256"
  }
}```

### References

* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html

[anGie44]

Hi @dexterlakin, thank you for creating this issue! Just dropping a note here that in an effort to follow the AWS API, this new argument could be configured as a boolean value instead as the configservice.RemediationConfiguration{} struct specifies the Automatic field as a *bool.

[j-pedrosa]

How is this going so far?
I need this "auto remediation" to have a very helpful aws-config setup. =)

[IronCore864]

+1
I'm so frustrated.

[japrakash-contino]

Is there any update on this ticket? I am also looking for this feature and without it there is no use of it.

[alekov87]

Any ETA for the fix?

[halfinhalfout]

FWIW, you can manually toggle a Remediation between Manual and Automatic via the AWS Console (and probably the AWS CLI or API) after aws_config_remediation_configuration creates the Remediation. The AWS TF provider doesn't recognize it as a change. Clearly, that's not ideal, as we want whether the Remediation is Automatic or Manual configured in TF code. However, this is a work-around for enabling Automatic Remediation in the mean-time.

This is what I've seen while using versions 3.10.0 & 3.25.0 of the AWS Provider.

[ctrawick]

Any ETA for the fix?

There are multiple pull requests fixing this issue. Please get your friends to 👍 this issue so it can be prioritized for release. Once prioritized, I've seen stuff like this get mainlined within a week or two.

[unknowncoder05]

I'll have to manually implement this but I left my 👍 in hopes one day I can cleanly automate this haha

[sercue]

Any ETA on this?

[chris2fer]

Really really need this 👍

[Mond18S]

👍

[yenerunver]

+1, we need this as well

[mparmar19]

We need this.

[lukasz-kuras]

Eager to see that implemented.

[lalits77]

Eagerly waiting for it

[janario]

Any updates here?

This would be super helpful for our usage :-)

[User-nehag]

Waiting for this from so long.

[tocy1]

Waiting for this

[MLiu-FCC]

Waiting for this
This would be super helpful for our usage :-)

[aakrem]

We need this.. and it's already one year..

[breathingdust]

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

[github-actions]

This functionality has been released in v3.67.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.