Ensure that AWS Config service is enabled in all regions in order to have complete visibility over your AWS infrastructure configuration changes.
This rule can help you with the following compliance standards:
- The Center of Internet Security AWS Foundations Benchmark
- General Data Protection Regulation (GDPR)
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Once enabled, the Config service detects your existing AWS resources and records their current configurations and any changes made to them later. The data recorded by this service can be extremely useful for your compliance team during security auditing or troubleshooting sessions, as it can determine how a resource was configured at a certain point in time and what relationships had with other resources.
Note: The AWS resources currently supported by the Config service are VPC, EC2, EBS, IAM and CloudTrail.
To determine if AWS Config is enabled in the current AWS region, perform the following:
Remediation / Resolution
To enable AWS Config in all regions available, perform the following:
- AWS Documentation
- How Does AWS Config Work?
- Supported Resources, Configuration Items, and Relationships
- Monitoring AWS Config Resource Changes by Email
- Set Up AWS Config Using the Console
- Set Up AWS Config Using the AWS CLI
- Permissions for the IAM Role Assigned to AWS Config
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
AWS Config Enabled
Risk level: High