AWS Config Rules Supports New Managed Rules

Posted on: Feb 21, 2017

AWS Config Rules now supports seven new managed rules, which are predefined rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices. 

The following managed rules are now supported:

• ec2-instance-detailed-monitoring-enabled
  Checks whether detailed monitoring is enabled for EC2 instances.
• ec2-managedinstance-inventory-blacklisted
  Checks whether instances managed by Amazon EC2 Systems Manager are configured to collect blacklisted inventory types.
• ec2-volume-inuse-check
  Checks whether EBS volumes are attached to EC2 instances. Optionally checks if EBS volumes are marked for deletion when an instance is terminated.
• acm-certificate-expiration-check
  Checks whether ACM Certificates in your account are marked for expiration within the specified number of days. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.
• iam-user-group-membership-check
  Checks whether IAM users are members of at least one IAM group.
• iam-user-no-policies-check
  Checks that none of your IAM users have policies attached. IAM users must inherit permissions from IAM groups or roles.
• s3-bucket-ssl-requests-only
  Checks whether S3 buckets have policies that require requests to use Secure Socket Layer (SSL).

Visit our product page for more information on AWS Config.