Posted On: Jan 25, 2023
We’re excited to announce the ability to change the default AMS response for Config Rules in Accelerate operations plan. With this release, customers can now choose whether they want AMS to remediate, ask for customer approval, or just add to a monthly report on the alerts from AMS supported security Config Rules. By adjusting the default response, you can increase conformance by setting more Config Rules for remediation. When you select remediation of a finding, AMS response is quick and consistent. Findings can also create a case asking for your approval or just be reported during your next Monthly Business Review (MBR). You can set up multiple responses for a Config Rule that are matched to the account and resources based on tags.
With this launch, Accelerate customers can enforce the remediation of non-compliant resources and request to be contacted only when you want to take a second look. For example, customers can change default response of unencrypted S3 buckets to be ‘ask for approval’ for specific accounts. You can also add additional responses like ‘remediate’ for unencrypted S3 buckets with the tag key value pair “Regulated: True” and ‘report-only’ for S3 buckets that have the tags “Regulated: False”. You can start with the default configuration provided by AMS while your Cloud Architect helps you modify responses according to your preferences per account.
This feature is generally available in all commercial regions supported by AMS Accelerate. See the Region Table for the latest updates. To learn more about using AMS, visit the website.