# RDKlib
[](https://github.com/awslabs/aws-config-rdklib/actions?query=workflow%3Aci+branch%3Amaster)
RDKlib is a Python library to enable you to **run custom AWS Config Rules at scale**. The library can be used to:
- Help you to focus only on the compliance logic, while the library
does the heavy lifting
- Ease maintenance by moving the boilerplate code as a AWS Lambda
Layer
- Ease deployment by using AWS Serverless Application Repository
RDKLib works in synergy with the [AWS Config Rule Development Kit](https://github.com/awslabs/aws-config-rdk).
# Getting Started
## Install the library locally
```bash
pip install rdklib
```
## Create a rule using the RDK
> Note: you need to [install the RDK](https://github.com/awslabs/aws-config-rdk#getting-started) first.
To use `rdklib`, specify a `python3.x-lib` runtime when you run `rdk create` (or don't specify any runtime; `rdklib` is now the default for `rdk create`). This will populate the `rdklib` runtime in the RDK `parameters.json` of your Rule template. Examples:
- For periodic trigger:
```bash
rdk create YOUR_RULE_NAME --runtime python3.12-lib --maximum-frequency TwentyFour_Hours
```
- For configuration change trigger (for example S3 Bucket):
```bash
rdk create YOUR_RULE_NAME --runtime python3.12-lib --resource-types AWS::S3::Bucket
```
After you've created your rule, update the `.py` file that was generated, adding your custom logic within the `evaluate_change()` method for change-triggered rules or the `evaluate_periodic()` method for periodic rules (you may need to uncomment `evaluate_periodic()`. If you need to create a `boto3` client, use the `client_factory` helper (eg. instead of `boto3.client("s3")`, use `client_factory.build_client("s3")`). Examples of `rdklib` rules can be found [here](https://github.com/awslabs/aws-config-rules/blob/master/python-rdklib/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH/config_rule/config-version/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH.py).
## Deploy your rule with RDKlib layer
RDKlib is designed to work as a AWS Lambda Layer. It allows you to use the library without needing to include it in your deployment package.
1. Install RDKlib layer (with AWS CLI)
```bash
aws serverlessrepo create-cloud-formation-change-set --application-id arn:aws:serverlessrepo:ap-southeast-1:711761543063:applications/rdklib --stack-name RDKlib-Layer
# Copy/paste the full change-set ARN to customize the following command
aws cloudformation execute-change-set --change-set-name NAME_OF_THE_CHANGE_SET
aws cloudformation describe-stack-resources --stack-name serverlessrepo-RDKlib-Layer
# Copy the ARN of the Lambda layer in the "PhysicalResourceId" key (i.e. arn:aws:lambda:YOUR_REGION:YOUR_ACCOUNT:layer:rdklib-layer:1).
```
> Note: You can do the same step manually going to <https://console.aws.amazon.com/lambda/home#/create/function?tab=serverlessApps> and find "rdklib"
1. Deploy the rule
```bash
rdk deploy YOUR_RULE_NAME --rdklib-layer-arn YOUR_RDKLIB_LAYER_ARN
```
# FAQs
- Q. What is the `client_factory` that I see in my `rdklib` rules?
- A. A `client_factory` is a class that allows for dynamic provisioning of a `boto3` client. In an `rdklib` rule, you should treat `client_factory` as the way to create a `boto3` client. So instead of calling `client = boto3.client("s3")`, you would call `client = client_factory.build_client("s3")`.
- Q. ...Why?
- A. It's mainly there to allow for cross-account functionality so that your client evaluates the rule in the right account.
# License
This project is licensed under the Apache-2.0 License.
# Feedback / Questions
Feel free to email <rdk-maintainers@amazon.com>
# Contacts
- **Benjamin Morris** - _Maintainer, code, testing_
# Acknowledgements
- **Mark Beacom** - _Maintainer, code, testing_
- **Michael Borchert** - _Design, code, testing, feedback_
- **Ricky Chau** - _Maintainer, code, testing_
- **Julio Delgado Jr.** - *Design, testing, feedback*
- **Chris Gutierrez** - _Design, feedback_
- **Joe Lee** - _Design, feedback_
- **Jonathan Rault** - _Maintainer, design, code, testing, feedback_
- **Carlo DePaolis** - _Maintainer, code, testing_
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-config-rdklib",
"name": "rdklib",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "amazon, aws, awslabs, rdk, rdklib, layer, lambda, config, rules, compliance",
"author": "AWS RDK Maintainers",
"author_email": "rdk-maintainers@amazon.com",
"download_url": "https://files.pythonhosted.org/packages/cb/17/599eaa6eaad7ae4c4a568b3082b960a17531387c57f4dae881e2f0b69488/rdklib-0.3.8.tar.gz",
"platform": null,
"description": "# RDKlib\n\n[](https://github.com/awslabs/aws-config-rdklib/actions?query=workflow%3Aci+branch%3Amaster)\n\nRDKlib is a Python library to enable you to **run custom AWS Config Rules at scale**. The library can be used to:\n\n- Help you to focus only on the compliance logic, while the library\n does the heavy lifting\n- Ease maintenance by moving the boilerplate code as a AWS Lambda\n Layer\n- Ease deployment by using AWS Serverless Application Repository\n\nRDKLib works in synergy with the [AWS Config Rule Development Kit](https://github.com/awslabs/aws-config-rdk).\n\n# Getting Started\n\n## Install the library locally\n\n```bash\npip install rdklib\n```\n\n## Create a rule using the RDK\n\n> Note: you need to [install the RDK](https://github.com/awslabs/aws-config-rdk#getting-started) first.\n\nTo use `rdklib`, specify a `python3.x-lib` runtime when you run `rdk create` (or don't specify any runtime; `rdklib` is now the default for `rdk create`). This will populate the `rdklib` runtime in the RDK `parameters.json` of your Rule template. Examples:\n\n- For periodic trigger:\n\n```bash\n rdk create YOUR_RULE_NAME --runtime python3.12-lib --maximum-frequency TwentyFour_Hours\n```\n\n- For configuration change trigger (for example S3 Bucket):\n\n```bash\n rdk create YOUR_RULE_NAME --runtime python3.12-lib --resource-types AWS::S3::Bucket\n```\n\nAfter you've created your rule, update the `.py` file that was generated, adding your custom logic within the `evaluate_change()` method for change-triggered rules or the `evaluate_periodic()` method for periodic rules (you may need to uncomment `evaluate_periodic()`. If you need to create a `boto3` client, use the `client_factory` helper (eg. instead of `boto3.client(\"s3\")`, use `client_factory.build_client(\"s3\")`). Examples of `rdklib` rules can be found [here](https://github.com/awslabs/aws-config-rules/blob/master/python-rdklib/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH/config_rule/config-version/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH/EC2_INSTANCE_EBS_VOLUME_TAGS_MATCH.py). \n\n## Deploy your rule with RDKlib layer\n\nRDKlib is designed to work as a AWS Lambda Layer. It allows you to use the library without needing to include it in your deployment package.\n\n1. Install RDKlib layer (with AWS CLI)\n\n```bash\n aws serverlessrepo create-cloud-formation-change-set --application-id arn:aws:serverlessrepo:ap-southeast-1:711761543063:applications/rdklib --stack-name RDKlib-Layer\n\n # Copy/paste the full change-set ARN to customize the following command\n aws cloudformation execute-change-set --change-set-name NAME_OF_THE_CHANGE_SET\n\n aws cloudformation describe-stack-resources --stack-name serverlessrepo-RDKlib-Layer\n # Copy the ARN of the Lambda layer in the \"PhysicalResourceId\" key (i.e. arn:aws:lambda:YOUR_REGION:YOUR_ACCOUNT:layer:rdklib-layer:1).\n```\n\n> Note: You can do the same step manually going to <https://console.aws.amazon.com/lambda/home#/create/function?tab=serverlessApps> and find \"rdklib\"\n\n1. Deploy the rule\n\n```bash\n rdk deploy YOUR_RULE_NAME --rdklib-layer-arn YOUR_RDKLIB_LAYER_ARN\n```\n\n# FAQs\n\n- Q. What is the `client_factory` that I see in my `rdklib` rules?\n - A. A `client_factory` is a class that allows for dynamic provisioning of a `boto3` client. In an `rdklib` rule, you should treat `client_factory` as the way to create a `boto3` client. So instead of calling `client = boto3.client(\"s3\")`, you would call `client = client_factory.build_client(\"s3\")`.\n - Q. ...Why?\n - A. It's mainly there to allow for cross-account functionality so that your client evaluates the rule in the right account.\n\n# License\n\nThis project is licensed under the Apache-2.0 License.\n\n# Feedback / Questions\n\nFeel free to email <rdk-maintainers@amazon.com>\n\n# Contacts\n\n- **Benjamin Morris** - _Maintainer, code, testing_\n\n# Acknowledgements\n\n- **Mark Beacom** - _Maintainer, code, testing_\n- **Michael Borchert** - _Design, code, testing, feedback_\n- **Ricky Chau** - _Maintainer, code, testing_\n- **Julio Delgado Jr.** - *Design, testing, feedback*\n- **Chris Gutierrez** - _Design, feedback_\n- **Joe Lee** - _Design, feedback_\n- **Jonathan Rault** - _Maintainer, design, code, testing, feedback_\n- **Carlo DePaolis** - _Maintainer, code, testing_\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Rule Development Kit Library for AWS Config",
"version": "0.3.8",
"project_urls": {
"Documentation": "https://aws-config-rdklib.readthedocs.io",
"Homepage": "https://github.com/awslabs/aws-config-rdklib",
"Repository": "https://github.com/awslabs/aws-config-rdklib"
},
"split_keywords": [
"amazon",
" aws",
" awslabs",
" rdk",
" rdklib",
" layer",
" lambda",
" config",
" rules",
" compliance"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "7954151762fce4d5312932826ce6d9d110ecd3e5458243e76ea2cadd5d71005c",
"md5": "879f56ae377917f5b133e4ec3d41ee12",
"sha256": "18c9ddf56b769095b872f2cefc4f10e97d9e37b22815b8239f4872cb77ddee85"
},
"downloads": -1,
"filename": "rdklib-0.3.8-py3-none-any.whl",
"has_sig": false,
"md5_digest": "879f56ae377917f5b133e4ec3d41ee12",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 19779,
"upload_time": "2025-07-15T01:14:06",
"upload_time_iso_8601": "2025-07-15T01:14:06.687972Z",
"url": "https://files.pythonhosted.org/packages/79/54/151762fce4d5312932826ce6d9d110ecd3e5458243e76ea2cadd5d71005c/rdklib-0.3.8-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "cb17599eaa6eaad7ae4c4a568b3082b960a17531387c57f4dae881e2f0b69488",
"md5": "ba5a225757c397e4489be69e6e2279b8",
"sha256": "d98fb3c77e66145367ca81125ac15ec1f230629eb45327698055673c5e65ead9"
},
"downloads": -1,
"filename": "rdklib-0.3.8.tar.gz",
"has_sig": false,
"md5_digest": "ba5a225757c397e4489be69e6e2279b8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 15342,
"upload_time": "2025-07-15T01:14:07",
"upload_time_iso_8601": "2025-07-15T01:14:07.504265Z",
"url": "https://files.pythonhosted.org/packages/cb/17/599eaa6eaad7ae4c4a568b3082b960a17531387c57f4dae881e2f0b69488/rdklib-0.3.8.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-15 01:14:07",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-config-rdklib",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "rdklib"
}