Posted On: Sep 5, 2018

AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources, announces seven new managed rules to help you evaluate whether your AWS resource configurations comply with common best practices. This allows you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.

You can now

1. Report non-compliant patches in your managed instances using ec2-managedinstance-patch-compliance-status-check.

2. Report non-compliant AWS Systems Manager associations installed on your instance using ec2-managedinstance-association-compliance-status-check.

3. Verify that an EC2 instance is managed by AWS Systems Manager using ec2-instance-managed-by-ssm.

4. Verify that Amazon GuardDuty is enabled or centralized in the AWS account using guardduty-enabled-centralized.

5. Check if Amazon RDS snapshots are public using rds-snapshots-public-prohibited.

6. Check that a bucket policy on Amazon S3 buckets doesn’t allow any blacklisted actions on any of the resources using s3-blacklisted-actions-prohibited.

7. Check that the policy attached to an Amazon S3 bucket isn’t more permissive than a control policy specified by the user using s3-bucket-policy-not-more-permissive.

AWS Config supports these new rules in all public AWS Regions where AWS Config rules are currently available and in the AWS GovCloud (US-West) Region.