Skip to content

fix(aws.config): handle empty DescribeConfigRules responses#14958

Merged
andrewkroh merged 5 commits intoelastic:mainfrom
andrewkroh:aws/fix/config-rules-empty
Aug 19, 2025
Merged

fix(aws.config): handle empty DescribeConfigRules responses#14958
andrewkroh merged 5 commits intoelastic:mainfrom
andrewkroh:aws/fix/config-rules-empty

Conversation

@andrewkroh
Copy link
Copy Markdown
Member

@andrewkroh andrewkroh commented Aug 18, 2025

Proposed commit message

fix(aws.config): handle empty DescribeConfigRules responses

This change addresses issues discovered during testing of the AWS Config
integration CEL program. The program was failing to handle empty ConfigRules
responses properly, which could occur when AWS Config has no rules configured
in a region. The failures resulted in 'index out of bounds: 0' errors.

The fix ensures that empty ConfigRules lists are handled gracefully without
causing program failures.

The error.message values now accurately reflect the URL path and include the
specific AWS Config API call being made (DescribeConfigRules vs
GetComplianceDetailsByConfigRule).

State management has been improved to consistently preserve the URL value
across all execution paths, preventing debug warnings about missing state
values.

Comments have been added to explain the different stages of the CEL program.

Closes #14955

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@andrewkroh
fix(aws.config): Handle empty ConfigRules response
0bc7c19 
Handle responses from DescribeConfigRules that contain an empty list (e.g. `ConfigRules: []`).
@andrewkroh
feat(aws.config): add comments
02483c7 
The comments help me navigate the program more effectively.
@andrewkroh
fix(aws.config: modify error.message for accuracy
68188d9 
The error.message values indicated a request URL path that is different than
the actual requested URL. So modify the format of the error message to be accurate
while also indicating what API call was being performed.
@andrewkroh andrewkroh added Integration:aws AWS bugfix Pull request that fixes a bug issue labels Aug 18, 2025
@andrewkroh
add changelog
30b5ac9 
[git-generate]
elastic-package -C packages/aws changelog add --description "Fixed issue where empty DescribeConfigRules responses caused 'index out of bounds' errors in AWS Config integration." --type bugfix --next patch --link "elastic#14958"
@andrewkroh andrewkroh added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Aug 18, 2025
@andrewkroh andrewkroh marked this pull request as ready for review August 18, 2025 18:01
@andrewkroh andrewkroh requested review from a team as code owners August 18, 2025 18:01
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Aug 18, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@andrewkroh andrewkroh mentioned this pull request Aug 18, 2025
Closed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Aug 18, 2025
edited
Loading

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

andrewkroh
andrewkroh commented Aug 19, 2025
View reviewed changes
@andrewkroh andrewkroh enabled auto-merge (squash) August 19, 2025 04:34
@elastic-sonarqube
Copy link
Copy Markdown

elastic-sonarqube bot commented Aug 19, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
20.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Aug 19, 2025

💚 Build Succeeded

History

@andrewkroh andrewkroh merged commit f474bce into elastic:main Aug 19, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod bot commented Aug 19, 2025

Package aws - 3.14.1 containing this change is available at https://epr.elastic.co/package/aws/3.14.1/

tehbooom pushed a commit to tehbooom/integrations that referenced this pull request Nov 19, 2025
@andrewkroh
fix(aws.config): handle empty DescribeConfigRules responses (elastic#…
cb52faa 
…14958)

This change addresses issues discovered during testing of the AWS Config
integration CEL program. The program was failing to handle empty ConfigRules
responses properly, which could occur when AWS Config has no rules configured
in a region. The failures resulted in 'index out of bounds: 0' errors.

The fix ensures that empty ConfigRules lists are handled gracefully without
causing program failures.

The error.message values now accurately reflect the URL path and include the
specific AWS Config API call being made (DescribeConfigRules vs
GetComplianceDetailsByConfigRule).

State management has been improved to consistently preserve the URL value
across all execution paths, preventing debug warnings about missing state
values.

Comments have been added to explain the different stages of the CEL program.

Closes elastic#14955
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efd6 efd6 efd6 approved these changes

Assignees

No one assigned

Labels

bugfix Pull request that fixes a bug issue Integration:aws AWS Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[aws.config]: index out of bounds error when no config rules applied

3 participants

@andrewkroh @elasticmachine @efd6