Posted On: Sep 1, 2022

AWS Config conformance pack templates can now be stored in and deployed from AWS Systems Manager documents (SSM documents). Conformance packs are collections of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. Conformance packs are defined through a YAML-based template and deployed by AWS Config. As templates are offline files, customers had to maintain manual processes for version control and sharing across accounts.

With this launch, customers can now utilize SSM documents to store their conformance pack templates on AWS and directly deploy conformance packs using SSM document names. With SSM document support, customers now have another storage mechanism to maintain their conformance pack templates. SSM documents also provide customers with built-in versioning, access control, and sharing capabilities to ensure the integrity of the conformance pack templates and make the deployment process more efficient.

Support for SSM document based conformance pack templates is available in all Regions where conformance packs are supported. Conformance pack templates are available as a new document type in Systems Manager. Customers can see and use AWS provided sample templates in the Systems Manager console. When deploying conformance packs from the AWS Config console, customers can supply an SSM document name and version to deploy a conformance pack based on template in SSM documents. There is no additional charge to use SSM documents to store and deploy conformance pack templates. To learn more about AWS Config conformance packs visit our documentation. More information about SSM documents can be found in the Systems Manager user guide