Posted On: Oct 4, 2016

AWS Config launched 8 new managed rules that automatically evaluate the configuration of important AWS resources:

  1. IAM Password Policy: Checks whether the password policy for IAM Users meets the specified criteria. This rule codifies best practices, and you can further strengthen the policy.
  2. RDS encryption: Checks whether storage encryption is enabled for your RDS DB Instances. Optionally, you can specify the KMS Key ID that should be used.
  3. RDS Multi-AZ: Checks whether high availability is enabled for your RDS DB Instances.
  4. RDS Backup: Checks whether RDS DB Instances have backups enabled. You can also check for expected backup windows and retention policies.
  5. EBS Optimized EC2 Instances: Checks whether EBS optimization is enabled for EC2 Instance types that can be EBS optimized. This rule ensures best I/O performance for EBS volumes attached to these instances.
  6. EC2 Instance Type: Checks whether EC2 Instances are of the specified set of types. For example, all EC2 Instances must be of type t2.small or m4.large.
  7. Approved AMIs by ID: Checks whether running EC2 Instances are using the approved set of AMI IDs.
  8. Approved AMIs by Tag: Checks whether running EC2 Instances are using the set of AMIs specified by Tag key/value on these AMIs.

In addition, two existing rules are updated to provide more flexibility: In the required tags rule, you can permit multiple tag values per key. In the desired tenancy rule, you can specify multiple values for AMI IDs and Host IDs.

These rules are available for use in all regions where AWS Config Rules are available. Details about these rules are available in the AWS Config documentation page.

To get started, add these rules from the AWS Config Rules console or CLIs.