Posted On: Jun 3, 2020
AWS Config now supports nine new managed rules, which are predefined rules that can help you evaluate whether your AWS resource configurations comply with common best practices.
The following managed rules are now supported:
- SNS_ENCRYPTED_KMS: Evaluates whether Amazon Simple Notification Service (Amazon SNS) is encrypted with AWS Key Management Service (AWS KMS).
- SECURITYHUB_ENABLED: Checks whether AWS Security Hub is enabled for an AWS account.
- S3_DEFAULT_ENCRYPTION_KMS: Checks whether Amazon S3 buckets in your account are encrypted with AWS Key Management Service (AWS KMS).
- S3_BUCKET_DEFAULT_LOCK_ENABLED: Checks whether your Amazon S3 bucket default Lock is enabled
- REDSHIFT_REQUIRE_TLS_SSL: Checks whether Amazon Redshift clusters in your account require TLS/SSL encryption to connect to SQL clients.
- RDS_SNAPSHOT_ENCRYPTED: Checks whether Amazon Relational Database Service (Amazon RDS) DB Snapshots are encrypted.
- EC2_EBS_ENCRYPTION_BY_DEFAULT: Checks that Amazon Elastic Block Store (Amazon EBS) encryption by default is enabled.
- DYNAMODB_TABLE_ENCRYPTED_KMS: Checks whether your Amazon DynamoDB table is encrypted with AWS KMS.
- DYNAMODB_PITR_ENABLED: Checks that Point-in-time recovery (PITR) is enabled to provide continuous backups of your Amazon DynamoDB table data.