AWS Config announces launch of an additional 13 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment.
With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across Amazon Cognito User pools, Amazon EBS Snapshots, AWS Cloudformation Stacks and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance.
For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation.
New Rules Launched:
- AURORA_GLOBAL_DATABASE_ENCRYPTION_AT_REST
- CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK
- CLOUDFORMATION_TERMINATION_PROTECTION_CHECK
- CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED
- COGNITO_USER_POOL_DELETE_PROTECTION_ENABLED
- COGNITO_USER_POOL_MFA_ENABLED
- COGNITO_USERPOOL_CUST_AUTH_THREAT_FULL_CHECK
- EBS_SNAPSHOT_BLOCK_PUBLIC_ACCESS
- ECS_CAPACITY_PROVIDER_TERMINATION_CHECK
- ECS_TASK_DEFINITION_EFS_ENCRYPTION_ENABLED
- ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT
- ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN
- SES_SENDING_TLS_REQUIRED