Posted On: Mar 30, 2021
AWS Config now supports the ability to capture and view the compliance history of AWS Config conformance packs. You can see how the overall compliance status of a conformance pack changed over time, and which rules within a conformance pack impacted the status change. You can aggregate conformance pack compliance data from multiple accounts and AWS Regions using AWS Config aggregators to get a centralized view of your compliance regimes and operational best practices. You can maintain up to 7 years of history. You can also run AWS Config advanced queries on this data for more details about your conformance pack compliance.
To get started, open the AWS Config console, and navigate to the Conformance packs page. You can add a conformance pack by choosing one of the 54 sample conformance pack templates, or uploading your own template. After the conformance pack deploys, choose the conformance pack name, and choose the Conformance pack timeline button. This opens the Timeline page where you can view the compliance change history. To get an aggregated view of your conformance packs, you can either create a new aggregator or use an existing one. You can navigate to the Aggregators > Conformance packs page, and select an aggregator to see the conformance pack data from the accounts that are part of the selected aggregator. You can also run either one of the sample advanced queries for conformance packs, or write your own query on the conformance pack compliance data.
This feature is available at no additional cost to AWS Config customers in Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), South America (São Paulo), US East (N. Virginia), US East (Ohio), US West (N. California) and US West (Oregon). For more information about AWS Config, see the AWS Config webpage and the AWS Config Developer Guide.