Posted On: Apr 22, 2020
AWS Config Conformance packs are now available in the Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. Conformance packs help you manage configuration compliance of your AWS resources at scale--from policy definition to auditing and aggregated reporting--using a common framework and packaging model.
Conformance packs are integrated with AWS Organizations. This integration enables you to package a collection of AWS Config rules and remediation actions that can then be deployed together as a single entity across an entire organization. This is particularly useful if you need to quickly establish a common baseline for resource configuration policies and best practices across multiple accounts in your organization in a scalable and efficient way.
Conformance packs can be created by authoring a YAML template that contains the list of AWS Config rules (managed or custom) and remediation actions. You then deploy the template by using the AWS Config console or the AWS CLI. You can use one of the sample conformance pack templates to quickly get started and evaluate your AWS environment. Some of the sample templates include operational best practices for Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB, AWS Well-Architected Framework best practices for AWS Identity and Access Management (IAM), and operational best practices for PCI-DSS. You can modify these sample templates to suit your environment or create a new template by referencing the AWS Config Developer Guide.
Conformance packs are charged using a tiered pricing model based on the number of conformance pack evaluations you run each month. For more information, visit the AWS Config Pricing page and full list of Regions where AWS Config Conformance packs are offered. To learn more about AWS Config, visit the AWS Config webpage.