Posted On: Dec 22, 2020

AWS Config conformance packs now enable the inclusion of process checks rules, in addition to AWS Config managed rules, custom rules and remediation actions. Process check rules help you track resource-agnostic tasks as part of different compliance frameworks and operational best practices. You can add process check rules to new and existing conformance pack templates in your account. Unlike other rules and remediation actions in AWS Config, which can be used to automatically evaluate the compliance of specific AWS resources, the compliance status of a process check rule is manually administered and set by you through the AWS Config console or using the PutExternalEvaluation API. Two new sample conformance pack templates for operational best practices for CIS benchmarks Level 1 and Level 2 are now available, which include process check rules to match specific controls.

A conformance pack is a collection of AWS Config managed or custom rules, remediation actions and now, process check rules, that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. Conformance packs are created by authoring a YAML template that contains a list of AWS Config rules, remediation actions and process check rules. Over 50 sample conformance pack sample templates are currently available to choose from. You can deploy a conformance pack template by using the AWS Config console or the AWS CLI.

For more information, see the AWS Config documentation, or log in to the AWS Config console to get started. Pricing for conformance packs is based on the number of evaluations, using a tiered pricing model as listed in AWS Config pricing. Conformance packs are available in the AWS Regions listed here.

For more information about AWS Config, see the AWS Config webpage.

Disclaimer: Customers are responsible for making their own independent assessment of the sample conformance pack templates, and the AWS Config rules and remediation actions included in any such template, in connection with assessing compliance with any governance framework or standard. Each sample conformance pack template provides a basis to help you create security, operational or cost-optimization governance checks using managed or custom AWS Config rules and remediation actions. Sample conformance pack templates are intended to help you create your own conformance packs with different or additional rules, input parameters and remediation actions that are most appropriate for your resources. The sample conformance pack templates, including those related to specific compliance standards and industry frameworks, are not designed to, and do not, ensure your compliance with any such standard or framework and it is your responsibility to ensure any such compliance. Using a sample conformance pack template neither replaces your need for internal efforts to ensure compliance with any applicable standard nor guarantees that you will pass any compliance assessment.