Posted On: Apr 28, 2020
AWS Config now offers two additional conformance pack sample templates to help you manage the configuration compliance of your AWS resources across AWS accounts. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. These packs are created by authoring a YAML template that contains the list of AWS Config managed or custom rules and remediation actions.
The AWS Control Tower Guardrails conformance pack template contains all of the guardrails that are based on AWS Config rules. Use this conformance pack to apply AWS Control Tower detective guardrails to your existing accounts before you enroll the accounts in AWS Control Tower. You can also use this conformance pack to manage resources in your accounts that are in Regions not currently supported by AWS Control Tower.
The CIS Compliance Pack Template contains a set of AWS Config rules that help you to verify compliance with the CIS Amazon Web Services Foundations Benchmark, v1.2.0.
Conformance packs are charged using a tiered pricing model based on the number of conformance pack evaluations you run each month. For more information, visit the AWS Config Pricing page and full list of Regions where AWS Config Conformance packs are offered. To learn more about AWS Config, visit the AWS Config webpage.
Disclaimer: Conformance packs provide a general purpose compliance framework to help you create security, operational, or cost optimization governance checks using managed or custom AWS Config rules and Automation documents. The conformance pack sample templates are intended to help you create your own conformance packs by extending these sample templates with rules, input parameters, and remediation actions that suit your environment. The sample templates related to compliance standards and industry benchmarks are designed to help you improve your governance posture and can neither replace your internal efforts nor guarantee that you will pass a compliance assessment.