AWS Config announces launch of an additional 13 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across Amazon Cognito User pools, Amazon EBS Snapshots, AWS Cloudformation Stacks and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched:
AURORA_GLOBAL_DATABASE_ENCRYPTION_AT_REST
CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK
CLOUDFORMATION_TERMINATION_PROTECTION_CHECK
CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED
COGNITO_USER_POOL_DELETE_PROTECTION_ENABLED
COGNITO_USER_POOL_MFA_ENABLED
COGNITO_USERPOOL_CUST_AUTH_THREAT_FULL_CHECK
EBS_SNAPSHOT_BLOCK_PUBLIC_ACCESS
ECS_CAPACITY_PROVIDER_TERMINATION_CHECK
ECS_TASK_DEFINITION_EFS_ENCRYPTION_ENABLED
ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT
ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN
SES_SENDING_TLS_REQUIRED
Quelle: aws.amazon.com
Published by