From ef44da21d4ec87a4c271086098351b187d680fa0 Mon Sep 17 00:00:00 2001
From: Tsenko <98589639+Tsenko@users.noreply.github.com>
Date: Mon, 17 Oct 2022 18:53:37 +0300
Subject: [PATCH] Removing DLQ check rule

Hello, currently the recommended way for handling failures of Lambda functions is to use Lambda Destinations, not DLQs. I couldn't find an AWS managed rule for Lambda Destinations, so currently the replacement would be to create a custom rule that checks if you are using Destinations for your Lambdas.

https://aws.amazon.com/blogs/compute/introducing-aws-lambda-destinations/
"...Dead Letter Queues (DLQ) have been available since 2016 and are a great way to handle asynchronous failure situations. Destinations provide more useful capabilities by passing additional function execution information, including code exception stack traces, to more destination services.

Destinations and DLQs can be used together and at the same time although Destinations should be considered a more preferred solution..."
---
 .../Security-Best-Practices-for-Lambda.yaml            | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/aws-config-conformance-packs/Security-Best-Practices-for-Lambda.yaml b/aws-config-conformance-packs/Security-Best-Practices-for-Lambda.yaml
index 66c01d7e..b8d8aee0 100644
--- a/aws-config-conformance-packs/Security-Best-Practices-for-Lambda.yaml
+++ b/aws-config-conformance-packs/Security-Best-Practices-for-Lambda.yaml
@@ -14,16 +14,6 @@ Parameters:
       python3.6, ruby2.7, java11, java8, java8.al2, go1.x, dotnetcore3.1, dotnet6
     Type: String
 Resources:
-  LambdaDlqCheck:
-    Properties:
-      ConfigRuleName: lambda-dlq-check
-      Scope:
-        ComplianceResourceTypes:
-        - AWS::Lambda::Function
-      Source:
-        Owner: AWS
-        SourceIdentifier: LAMBDA_DLQ_CHECK
-    Type: AWS::Config::ConfigRule
   LambdaFunctionSettingsCheck:
     Properties:
       ConfigRuleName: lambda-function-settings-check