AWS Security Blog

Announcing the AWS Config Rules Repository: A New Community-Based Source of Custom Rules for AWS Config

Today, we’re happy to release the AWS Config Rules repository, a community-based source of custom AWS Config Rules. This new repository gives you a streamlined way to automate your assessment and compliance against best practices for security of AWS resources. AWS Config Rules is a service that provides automated, periodic security and compliance checking of AWS resources, and affords customers the ability to forego manual inspection of security configurations.

The AWS Config Rules repository accelerates automated compliance checking by allowing customers to tap in to the collective ingenuity and expertise of the AWS community. Additionally, the repository is free, public, and hosted on an independent platform, and it contains full source code for each rule, allowing you to learn and contribute. We look forward to working together to leverage the combined wisdom and lessons learned by our security experts and the security experts in the broader AWS user base.

As I mentioned in my previous post, we have partnered with the Center for Internet Security to establish industry best practices for securing AWS accounts. The repository has been seeded with rules that will help you maintain alignment with these best practices. Here’s a sample of the Custom Rules you now have access to:

  1. Ensure CloudTrail is enabled in all regions.
  2. Ensure all accounts have multi-factor authentication (MFA) enabled.
  3. Ensure no access keys exist for the root account.
  4. Ensure an AWS Identity and Access Management (IAM) password policy exists.
  5. Ensure access keys are rotated.

To get started using these rules in your AWS account, see the readme file on GitHub. I encourage you to use this repository to share with the AWS community the Custom Rules you have written.


Chad Woolf

Chad joined Amazon in 2010 and built the AWS compliance functions from the ground up, including audit and certifications, privacy, contract compliance, control automation engineering and security process monitoring. Chad’s work also includes enabling public sector and regulated industry adoption of the AWS cloud, compliance with complex privacy regulations such as GDPR and operating a trade and product compliance team in conjunction with global region expansion. Prior to joining AWS, Chad spent 12 years with Ernst & Young as a Senior Manager working directly with Fortune 100 companies consulting on IT process, security, risk, and vendor management advisory work, as well as designing and deploying global security and assurance software solutions. Chad holds a Masters of Information Systems Management and a Bachelors of Accounting from Brigham Young University, Utah. Follow Chad on Twitter.