Best practice rules for AWS Config
AWS Config is a fully managed service that provides you with a detailed inventory of your AWS resources and their current configurations. This service also records your configuration history and notifies you when your configurations change.
Config Rules allows you to script rules that will automatically checks the configuration of your AWS resources. Config Rules can only check configurations associated with resources recorded in AWS Config.
Trend Micro Cloud One™ – Conformity monitors AWS Config with the following rules:
- AWS Config Configuration Changes
AWS Config service configuration changes have been detected within your Amazon Web Services account.
- AWS Config Enabled
Ensure AWS Config is enabled in all regions to get the optimal visibility of the activity on your account.
- AWS Config Global Resources
Ensure Global resources are included into AWS Config service configuration.
- AWS Config Referencing Missing S3 Bucket
Ensure AWS Config service is using an active S3 bucket to store configuration changes files.
- Config Delivery Failing
Ensure Amazon Config log files are delivered as expected.