AWS Cloud Operations & Migrations Blog
Tag: Config rules
Use tags to create and maintain Amazon CloudWatch alarms for Amazon EC2 instances (Part 2)
This blog post is the second in a two-part series. Part one of this blog post showed how to deploy and configure the CloudWatchAutoAlarms Lambda function to create a default alarm set and custom alarms for your Amazon Elastic Compute Cloud (Amazon EC2) instances using EC2 instance tags. In this post, I show how you […]
Read MoreBest practices for AWS Config conformance packs
AWS Config conformance packs help you manage configuration compliance of your AWS resources at scale. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account or across an organization in AWS Organizations. This is particularly useful if you need to quickly establish a […]
Read MoreAWS Config Rule Development Kit library: Build and operate rules at scale
AWS would like to introduce you to the RDKLib, an open source Python library you can use to build, develop, and deploy custom AWS Config rules at scale. RDKLib works with the AWS Config Rule Development Kit. It is designed to work at the AWS Lambda layer, so you can use the library without needing […]
Read MoreAmazon S3 bucket compliance using AWS Config Auto Remediation feature
AWS Config keeps track of the configuration of your AWS resources and their relationships to your other resources. It can also evaluate those AWS resources for compliance. This service uses rules that can be configured to evaluate AWS resources against desired configurations. For example, there are AWS Config rules that check whether or not your […]
Read MoreHow to create custom AWS Config rules with AWS CodeStar
The AWS Config rules feature enables you to define in code the desired configuration of your AWS resources. For example, you can check that your Amazon S3 buckets are not publicly accessible or that your instances are associated with a security group. While Config offers a set of prebuilt (managed) rules that represent common best […]
Read MoreHow to develop custom AWS Config rules using the Rule Development Kit
To help customers rapidly prototype, develop, and deploy their custom AWS Config rules at scale, AWS introduces a new version of the AWS Config Rule Development Kit (RDK). The RDK is a command-line utility designed to help you to shorten your security and compliance feedback cycles when using Config. It helps you build a continuous […]
Read MoreAWS Config: A Year in Review 2017
It’s been another exciting year for AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. We have expanded our regional availability, added support for new resource types, introduced new managed Config rules, and introduced a dashboard view of your resource configuration and compliance. In this post, […]
Read MoreExample Scenarios for AWS Config Continuous Monitoring of Amazon S3 Bucket Access Controls
Recently, AWS Config announced two new managed rules to detect Amazon S3 buckets that have overly permissive controls. You can now check your S3 buckets continuously for unrestricted public write access or unrestricted public read access. In addition, you can view compliance of all your S3 buckets against these rules, and receive notifications via Amazon […]
Read MoreA Year in AWS Config and AWS Config Rules
AWS Config is a fully managed service that provides AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. You can use AWS Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. Over the last year, we expanded the service coverage […]
Read More