Merge pull request ekristen#177 from ekristen/fix-configservice-configrules

fix(configservice-configrules): filter out rules created by config-conforms

Author: ekristen

resources/configservice-configrules.go

@@ -2,14 +2,14 @@ package resources
 
 import (
 	"context"
-
 	"fmt"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/configservice"
 
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
 
 	"github.com/ekristen/aws-nuke/pkg/nuke"
 )
@@ -69,6 +69,10 @@ func (f *ConfigServiceConfigRule) Filter() error {
 		return fmt.Errorf("cannot remove rule owned by securityhub.amazonaws.com")
 	}
 
+	if aws.StringValue(f.createdBy) == "config-conforms.amazonaws.com" {
+		return fmt.Errorf("cannot remove rule owned by config-conforms.amazonaws.com")
+	}
+
 	return nil
 }
 
@@ -83,3 +87,9 @@ func (f *ConfigServiceConfigRule) Remove(_ context.Context) error {
 func (f *ConfigServiceConfigRule) String() string {
 	return *f.configRuleName
 }
+
+func (f *ConfigServiceConfigRule) Properties() types.Properties {
+	props := types.NewProperties()
+	props.Set("CreatedBy", f.createdBy)
+	return props
+}