in rules/customer-fc/ecs_instance_used_image_owner_check.py [0:0]
def evaluate_configuration_item(context, rule_parameters, configuration_item):
instance_region_id = configuration_item["regionId"]
instance_image_id = json.loads(configuration_item['configuration'])["ImageId"]
image_owner = query_image_owner(context, instance_region_id, instance_image_id)
compliance_type = COMPLIANCE_TYPE_COMPLIANT
annotation = None
desired_owner = 'system'
if not image_owner or image_owner != desired_owner:
compliance_type = COMPLIANCE_TYPE_NON_COMPLIANT
annotation = json.dumps({'configuration': image_owner, 'desiredValue': desired_owner, 'operator': 'Equals'})
return compliance_type, annotation