The AWS Config Rules Development Kit (RDK) is a command-line tool designed to streamline the creation, testing, and deployment of custom AWS Config rules. It targets developers and DevOps engineers who need to enforce compliance policies as code within their AWS environments, simplifying the development lifecycle for custom compliance checks.

How It Works

The RDK abstracts the complexities of AWS Config rule creation, which typically involves Lambda functions, IAM roles, and CloudFormation stacks. It provides a structured workflow: init to set up the AWS environment (S3 buckets, IAM roles), create to scaffold new rule directories with boilerplate code, test-local for unit testing Lambda logic, modify to update rule configurations, and deploy to package, upload, and deploy the rule via CloudFormation. The tool leverages Python and boto3 for AWS interactions, supporting custom Lambda runtimes and the rdklib for simplified rule management.

Quick Start & Requirements

• Install via pip: pip install rdk rdklib
• Requires Python 3.9+ and an AWS account with permissions for Config, S3, IAM, and Lambda.
• AWS credentials must be configured (e.g., via ~/.aws/credentials, environment variables, or CLI parameters).
• Official documentation: https://docs.aws.amazon.com/config/latest/developerguide/rdk.html

Highlighted Details

• Supports "Compliance-as-Code" workflows.
• Enables deployment of custom rules to AWS Organizations.
• Facilitates cross-account deployment patterns for centralized compliance management.
• Supports proactive rule evaluation modes for CloudFormation deployments.
• Can deploy AWS Managed Rules by specifying their SourceIdentifier.

Maintenance & Community

The project is maintained by AWS Solution Architects and Consultants. Feedback and bug reports are encouraged via GitHub Issues or email (rdk-maintainers@amazon.com). Key contributors are listed in the README.

Licensing & Compatibility

• Licensed under the Apache 2.0 License.
• Permissive license suitable for commercial use and integration with closed-source applications.

Limitations & Caveats

Proactive rules are not supported for Organization Rules. Proactive rules require separate CloudFormation Hooks configuration to block misconfigured resources. The RDK is provided on a best-effort support basis by maintainers.