Posted On: May 27, 2020
Last year, AWS Config launched the ability to deploy AWS Config rules and conformance packs across an organization from the master account in AWS Organizations. Starting today, you can deploy these AWS Config artifacts from any delegated member account in your organization, in addition to the master account. This option provides additional flexibility to users who want to manage these deployments centrally, from a dedicated account such as an audit, security or compliance account.
You can get started by registering a member account as a delegated administrator for the organization. After a member account is registered as a delegated administrator, you can use that account to set up organization conformance pack or organization AWS Config rules through the AWS CLI or an SDK.
AWS Organizations helps you centrally govern your environment and your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts.
AWS Config is a fully managed configuration audit service that records AWS resource configuration changes. AWS Config verifies compliance against defined policies and best practices by using AWS Config rules and conformance packs.
The new capability is available in all commercial AWS Regions where AWS Config and AWS Organizations are supported. For the full list of supported Regions, see AWS Regions and Endpoints in the AWS General Reference. To learn more about AWS Config and these features, visit the AWS Config webpage and the AWS Config Developer Guide.