Ensure that AWS Config service is enabled in all regions in order to have complete visibility over your AWS infrastructure configuration changes.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Once enabled, the Config service detects your existing AWS resources and records their current configurations and any changes made to them later. The data recorded by this service can be extremely useful for your compliance team during security auditing or troubleshooting sessions, as it can determine how a resource was configured at a certain point in time and what relationships had with other resources.
Note: The AWS resources currently supported by the Config service are VPC, EC2, EBS, IAM and CloudTrail.
To determine if AWS Config is enabled in the current AWS region, perform the following:
Remediation / Resolution
To enable AWS Config in all regions available, perform the following:
- AWS Documentation
- How Does AWS Config Work?
- Supported Resources, Configuration Items, and Relationships
- Monitoring AWS Config Resource Changes by Email
- Set Up AWS Config Using the Console
- Set Up AWS Config Using the AWS CLI
- Permissions for the IAM Role Assigned to AWS Config
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Config Enabled
Risk level: High