Posted On: Nov 20, 2019
AWS Config announces the launch of conformance packs. Conformance packs help you manage configuration compliance of your AWS resources at scale--from policy definition to auditing and aggregated reporting--using a common framework and packaging model.
Conformance packs are integrated with AWS Organizations. This integration enables you to package a collection of AWS Config rules and remediation actions that can then be deployed together as a single entity across an entire organization. This is particularly useful if you need to quickly establish a common baseline for resource configuration policies and best practices across multiple accounts in your organization in a scalable and efficient way.
Conformance packs can be created by authoring a YAML template that contains the list of AWS Config rules (managed or custom) and remediation actions. You then deploy the template by using the AWS Config console or the AWS CLI. You can use one of the sample conformance pack templates to quickly get started and evaluate your AWS environment. Some of the sample templates include operational best practices for Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB, AWS Well-Architected Framework best practices for AWS Identity and Access Management (IAM), and operational best practices for PCI-DSS. You can modify these sample templates to suit your environment or create a new template by referencing the AWS Config Developer Guide.
Conformance packs are now available in the following AWS Regions: Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo) , Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), EU (Stockholm), South America (Sao Paulo), US East (N. Virginia), US East (Ohio), US West (N. California) and US West (Oregon).