Use AWS Config Rules to Remediate Noncompliant Resources
AWS Config now includes remediation capability with AWS Config rules. This feature gives you the ability to associate and execute remediation actions with AWS Config rules to address noncompliant resources. You can choose from a list of available remediation actions. For example, you can create an AWS Config rule to check that your Amazon S3 buckets do not allow public read access. You can then associate a remediation action to disable public access for noncompliant S3 buckets.
It's easy to set up remediation actions through the AWS Config console or API. Just choose the remediation action you want to associate from a prepopulated list, or create your own custom remediation actions using AWS Systems Manager Automation documents.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Remediation with AWS Config rules is available to customers in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), South America (São Paulo) and in AWS GovCloud (US) Regions. Standard metering rates apply to record configuration items and per active AWS Config rules. Limits and charges for using AWS Systems Manager Automation documents also apply. For detailed pricing information, see AWS Config Pricing and AWS Systems Manager Pricing.
Visit Remediation with AWS Config rules and AWS Systems Manager Automation for more information.