Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Managing Deleted Resources for AWS Config Custom Lambda Rules

PDF
RSS
Focus mode
Managing Deleted Resources for AWS Config Custom Lambda Rules - AWS Config

Rules reporting on deleted resources should return the evaluation result of NOT_APPLICABLE in order to avoid unnecessary rule evaluations.

When you delete a resource, AWS Config creates a configurationItem with ResourceDeleted for the configurationItemStatus. You can use this metadata to check if a rule reports on a deleted resource. For more information on configuration items, see Concepts | Configuration Items.

Include the following code snippets to check for deleted resources and set the evaluation result of an AWS Config custom lambda rule to NOT_APPLICABLE if it reports on a deleted resource:

Custom Lambda Rules (Node.js)
// Check whether the resource has been deleted. If the resource was deleted, then the evaluation returns not applicable.
function isApplicable(configurationItem, event) {
    checkDefined(configurationItem, 'configurationItem');
    checkDefined(event, 'event');
    const status = configurationItem.configurationItemStatus;
    const eventLeftScope = event.eventLeftScope;
    return (status === 'OK' || status === 'ResourceDiscovered') && eventLeftScope === false;
}
Custom Lambda Rules (Python)
# Check whether the resource has been deleted. If the resource was deleted, then the evaluation returns not applicable.
def is_applicable(configurationItem, event):
    try:
        check_defined(configurationItem, 'configurationItem')
        check_defined(event, 'event')
    except:
        return True
    status = configurationItem['configurationItemStatus']
    eventLeftScope = event['eventLeftScope']
    if status == 'ResourceDeleted':
        print("Resource Deleted, setting Compliance Status to NOT_APPLICABLE.")
    return (status == 'OK' or status == 'ResourceDiscovered') and not eventLeftScope
anchoranchor
// Check whether the resource has been deleted. If the resource was deleted, then the evaluation returns not applicable.
function isApplicable(configurationItem, event) {
    checkDefined(configurationItem, 'configurationItem');
    checkDefined(event, 'event');
    const status = configurationItem.configurationItemStatus;
    const eventLeftScope = event.eventLeftScope;
    return (status === 'OK' || status === 'ResourceDiscovered') && eventLeftScope === false;
}
Note

AWS Config managed rules and AWS Config custom policy rules handle this behavior by default.

If you create an AWS Config custom lambd rule with Python using the AWS Config Development Kit (RDK) and AWS Config Development Kit Library (RDKlib), the imported Evaluator class will check this behavior. For information on how to write rules with the RDK and RDKlib, see Writing rules with the RDK and RDKlib.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.