aws - [ERROR] KeyError: 'name' - CodePeipeline Custodian Policies with mode Config-rule fails

Describe the bug -> After deploying the CodePipeline Tag Compliance policy and Artifact Store Encryption key check with config-rule mode in the AWS environment, I am encountering an error listed below:

Note: The error is same for both the policy logs.

[ERROR] KeyError: ‘name’ Traceback (most recent call last):   File “/var/task/custodian_policy.py”, line 4, in run     return handler.dispatch_event(event, context)   File “/var/task/c7n/handler.py”, line 166, in dispatch_event     p.push(event, context)   File “/var/task/c7n/policy.py”, line 1138, in push     return mode.run(event, lambda_ctx)   File “/var/task/c7n/policy.py”, line 854, in run     resources = super(ConfigRuleMode, self).run(event, lambda_context)   File “/var/task/c7n/policy.py”, line 442, in run     resources = self.policy.resource_manager.filter_resources(   File “/var/task/c7n/manager.py”, line 112, in filter_resources     resources = f.process(resources, event)   File “/var/task/c7n/filters/core.py”, line 325, in process     sweeper = AnnotationSweeper(self.get_resource_type_id(), resources)   File “/var/task/c7n/filters/core.py”, line 383, in init     ra_map[r[id_key]] = {k: v for k, v in r.items() if k.startswith(‘c7n’)}

The config rule created, for both the checks, through this policies shows “No resources in scope”

To Reproduce 1.Deploy this cloudformation template to create a a codepipeline. codepipeline-codecommit-events-yaml.yaml.zip SampleApp_Linux.zip

1. Deploy the policy in your account and check your config rule and cloudformation logs.

Note: Change the account number and role name.

Expected behavior On successful execution of the policy, the config rule should flag the Code pipelines with missing required tags as Non-compliant resource.

Background (please complete the following information):

• Python Version: 3.8.5
• Custodian Version: 0.9.7
• Cloud Provider: AWS
• Policy: [please exclude any account/sensitive information]

Tag Compliance

---
policies:
  - name: d-codepipeline-missing-tags-1
    resource: aws.codepipeline
    description: >
      Type: Config Rule|
      Compliance: Codepipeline missing tags
    mode:
      type: config-rule
      role: "arn:aws:iam::<acc_number>:role/<role_name>"
      timeout: 200
    filters:
      - or:
          - tag:abc: absent
          - tag:def: absent
          - tag:efg: absent
      - tag:__dwf: absent

ArtifactStore Encryption Key Check

---
policies:
  - name: d-codepipeline-encryption-2
    resource: aws.codepipeline
    description: >
      Type: Config Rule|
      Compliance: Codepipeline not encrypted
    mode:
      type: config-rule
      role: "arn:aws:iam::<account_numer>:role/<role_name>"
      timeout: 200
    filters:
      - type: value
        key: artifactStore.encryptionKey
        value: absent
      - tag:__CPEncryption: absent

Here are the cloudwatch log files for both policies lambda execution. CodePipelineEncryptionKeyCheckCWLogs.docx CodePipelineTagComplianeCWLogs.docx

Additional context Custodian: 0.9.7 Python: 3.8.5 (default, Jul 21 2020, 10:42:08) [Clang 11.0.0 (clang-1100.0.33.17)] Platform: posix.uname_result(sysname=‘Darwin’, nodename=‘f8ffc201b550.ant.amazon.com’, release=‘18.7.0’, version=‘Darwin Kernel Version 18.7.0: Mon Aug 31 20:53:32 PDT 2020; root:xnu-4903.278.44~1/RELEASE_X86_64’, machine=‘x86_64’) Using venv: True Docker: False Installed:

argcomplete==1.12.1 attrs==20.2.0 boto3==1.16.10 botocore==1.19.10 importlib-metadata==1.7.0 jmespath==0.10.0 jsonpickle==1.3 jsonschema==3.2.0 pyrsistent==0.17.3 python-dateutil==2.8.1 pyyaml==5.3.1 s3transfer==0.3.3 setuptools==47.1.0 six==1.15.0 tabulate==0.8.7 urllib3==1.25.11 zipp==3.4.0