AWS Config Landing Page

AWS Config was launched at last year’s re:Invent and I’m excited to see a robust new set of functionality added today with AWS Config Rules.

This new functionality provides additional visibility into your deployment and will help you not only reach compliance but create a process that helps you maintain compliance.

What is AWS Config Rules?

There’s a great post on the AWS blog that dives into some of the specifics but, the gist is that you can establish a set of rules that can be run against your current deployment. This rule set defines how your deployment should be configured and, results returned show you how your deployment is currently configured.

Unfortunately, these two states are not always the same thing which is why this functionality is really valuable. Results like this are extremely useful in any number of compliance situations as well as daily operations. You can then work through the results and determine where to take action to fix any misconfigurations.

AWS Config Rules are a powerful extension to the service that provide additional visibility into your deployment.


Deep Security plays a critical part in most compliance scenarios and we’re excited to be building support for this new functionality in AWS Config. Let’s take PCI DSS (payment card industry data security standard) for example. Requirement 5.1 and 5.1.1 of the specification require the use of anti-malware controls on your instances. This is one of many PCI technical requirements that Deep Security satisfies.

With the use of AWS Config Rules, you can now verify that each of your instances protected with Deep Security is in compliance with this specification, and that’s just the tip of the iceberg.

Easier Reporting

Deep Security has always had strong reporting around major compliance frameworks like PCI DSS but only for the technical controls it directly implements. Integrating with AWS Config Rules allows you to compile all of the technical information around compliance for your AWS deployment in one centralized location. This capability makes continuous monitoring of your compliance much easier, and also helps you avoid “last minute rush” situations many organizations fall into when facing compliance.

What’s My First Step?

AWS Config Rules are available in preview today, and it only takes a few steps to add rules to your configuration. With that in place, you can now compare the assumed and actual states of your deployment.

If you’re using Deep Security to secure that deployment (and if you’re not, you’re only 1 click away from a free trial to get started) drop us a line at and we’ll help you configure the AWS Config Rule set for Deep Security.

Will AWS Config Rules be useful for you? What do you think of the new functionality? Let me know on Twitter where I’m @marknca or if you’re at AWS re:Invent 2015, come on by booth No. 1004.