Posted On: Jul 26, 2022
AWS Config now supports compliance scores as an enhancement to conformance packs. A compliance score is a percentage-based score that helps you quickly discern the level to which your resources are compliant for a set of requirements that are captured within the scope of a conformance pack. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an AWS account or AWS Region, or across an organization in AWS Organizations.
A compliance score is calculated based on the number of rule-to-resource combinations that are compliant within the scope of a conformance pack. For example, a conformance pack with 5 rules applying to 5 resources has 25 (5x5) possible rule-resource combinations. If 2 resources are not compliant with 2 rules, the compliance score would be 84%, indicating that 21 out of 25 rule-resource combinations are currently in compliance. Further, compliance scores are emitted to Amazon CloudWatch metrics, which allows for tracking over time. Compliance scores offer a consistent measurement to track remediation progress, perform comparisons across different sets of requirements, and see the impact a specific change or deployment has on your compliance posture.
Compliance scores are part of conformance packs and are available in all AWS Regions where AWS Config conformance packs are available. AWS Config conformance packs follow a tiered pricing model based on the number of rule evaluations you run each month; compliance scores are available at no additional cost to this. To learn more about compliance scores and conformance pack pricing, visit the AWS Config product page, or see the documentation on Viewing the AWS Config Dashboard and Viewing Compliance Data in the Conformance Packs Dashboard.