AWS Security Blog

Category: AWS Config

How to perform automated incident response in a multi-account environment

How quickly you respond to security incidents is key to minimizing their impacts. Automating incident response helps you scale your capabilities, rapidly reduce the scope of compromised resources, and reduce repetitive work by security teams. But when you use automation, you also must manage exceptions to standard response procedures. In this post, I provide a […]

Read More

How to track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules

On April 20th, AWS Config announced support for AWS Secrets Manager, making it easier to track configuration changes to the secrets you manage in AWS Secrets Manager. You can now use AWS Config to track changes to secrets’ metadata — such as secret description and rotation configuration, relationship to other AWS sources such as the […]

Read More

Enable automatic logging of web ACLs by using AWS Config

In this blog post, I will show you how to use AWS Config, with its auto-remediation functionality, to ensure that all web ACLs have logging enabled. The AWS CloudFormation template included in this blog post will facilitate this solution, and will get you started being able to manage web ACL logging at scale. AWS Firewall […]

Read More

How to import AWS Config rules evaluations as findings in Security Hub

In June at re:Inforce 2019, AWS announced the general availability of AWS Security Hub, a security service that enables customers to centrally view and manage compliance checks and security findings across their AWS accounts. AWS Security Hub imports security findings from AWS Guard Duty, Amazon Inspector, Amazon Macie, and over 30 AWS partner security solutions. […]

Read More

Continuously monitor unused IAM roles with AWS Config

January 6, 2020: Made an update to reflect a valid STS session duration if configured to assume a role into other accounts. Developing in the cloud encourages you to iterate frequently as your applications and resources evolve. You should also apply this iterative approach to the AWS Identity and Access Management (IAM) roles you create. […]

Read More

How to Use AWS Config to Monitor for and Respond to Amazon S3 Buckets Allowing Public Access

AWS Config enables continuous monitoring of your AWS resources, making it simple to assess, audit, and record resource configurations and changes. AWS Config does this through the use of rules that define the desired configuration state of your AWS resources. AWS Config provides a number of AWS managed rules that address a wide range of […]

Read More

All AWS Services GDPR ready

Oct 3, 2019: We’ve updated a sentence to clarify that AWS services can be used in compliance with GDPR. Today, I’m very pleased to announce that all AWS services can be used in compliance with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS […]

Read More

How to Audit Your AWS Resources for Security Compliance by Using Custom AWS Config Rules

AWS Config Rules enables you to implement security policies as code for your organization and evaluate configuration changes to AWS resources against these policies. You can use Config rules to audit your use of AWS resources for compliance with external compliance frameworks such as CIS AWS Foundations Benchmark and with your internal security policies related […]

Read More

Register for and Attend This November 10 Webinar—Introduction to Three AWS Security Services

Update: This webinar is now available as an on-demand video and slide deck. As part of the AWS Webinar Series, AWS will present Introduction to Three AWS Security Services on Thursday, November 10. This webinar will start at 10:30 A.M. and end at 11:30 A.M. Pacific Time. AWS Solutions Architect Pierre Liddle shows how AWS Identity and […]

Read More

Announcing the AWS Config Rules Repository: A New Community-Based Source of Custom Rules for AWS Config

Today, we’re happy to release the AWS Config Rules repository, a community-based source of custom AWS Config Rules. This new repository gives you a streamlined way to automate your assessment and compliance against best practices for security of AWS resources. AWS Config Rules is a service that provides automated, periodic security and compliance checking of […]

Read More