Posted On: Nov 28, 2022
AWS Config announces the ability to proactively check for compliance with AWS Config rules prior to resource provisioning. Customers use AWS Config to track the configuration changes made to their cloud resources and check if those resources match their desired configurations through a feature known as AWS Config rules. Proactive compliance allows customers to evaluate the configurations of their cloud resources before they are created or updated.
Typically, customers run compliance checks against the resources after they have been created or updated. This launch extends AWS Config functionality so that, in addition to being run after resources have been provisioned, AWS Config rules can now be run at any time before provisioning, saving customers time spent remediating non-compliant resources. Administrators can use the feature to create standard resource templates which they know to be compliant with AWS Config rules before sharing these templates across their organization. Developers can incorporate AWS Config rules into their infrastructure-as-code CI/CD pipelines to identify non-compliant resources before provisioning.
To get started, you can use the AWS Config console or APIs to enable AWS Config rules to run proactively. Then, you can invoke these AWS Config rules at any time before provisioning to learn whether the configurations of your resource are compliant or non-compliant with your policies. Through a custom hook, you can also trigger AWS Config rules to run proactively as part of resource deployments through AWS CloudFormation.
Proactive compliance in AWS Config is available in all commercial AWS Regions. Rule evaluations in proactive mode are available at no additional charge for customers who are also using AWS Config rules to monitor changes after resources are provisioned. To learn more about our pricing, visit the AWS Config pricing page. For more information about this new feature, see our documentation.