Best practice rules for AWS Config
AWS Config is a fully managed service that provides you with a detailed inventory of your AWS resources and their current configurations. This service also records your configuration history and notifies you when your configurations change.
Config Rules allows you to script rules that will automatically checks the configuration of your AWS resources. Config Rules can only check configurations associated with resources recorded in AWS Config.
- AWS Config Aggregator Source Status
Ensure that AWS Config Aggregator is configured and all aggregation sources are successfully collecting configuration and compliance data.
- AWS Config Configuration Changes
AWS Config service configuration changes have been detected within your Amazon Web Services account.
- AWS Config Enabled
Ensure AWS Config is enabled in all regions to get the optimal visibility of the activity on your account.
- AWS Config Global Resources
Ensure Global resources are included into AWS Config service configuration.
- AWS Config Referencing Missing S3 Bucket
Ensure AWS Config service is using an active S3 bucket to store configuration changes files.
- AWS Config Referencing Missing SNS Topic
Ensure AWS Config service is using an active SNS topic to monitor configuration changes.
- Config Delivery Failing
Ensure Amazon Config log files are delivered as expected.