6.1
Review and ensure that you have setup your development environment before going through the steps below.
AWS Config provides preconfigured Config Rules - called Managed Config Rules - that are created and maintained by AWS. These rules determine whether a resource is noncompliant with established best practices. For example, there are currently 8 Managed Config Rules thay evaluate whether encryption is enabled for resources such as DynamoDB, S3, and EBS Volumes. These rules are run after a resource is provisioned.
Here is an illustration of some of the other types of Managed Rules:
In this sublesson, you will create a Managed Config Rule that evaluates with which of your EBS Volumes are encrypted.
In this exercise, you will configure the settings for AWS Config which includes turning on the Config recorder along with a delivery channel. If you have already configured AWS Config, this section is optional. Here are the steps:
- Go to the AWS Config console.
- If it is your first time using Config, click the Get Started button.
- Select the Include global resources (e.g., AWS IAM resources) checkbox.
- In the Amazon SNS topic section, select the Stream configuration changes and notifications to an Amazon SNS topic checkbox.
- Choose the Create a topic radio button in the Amazon SNS topic section
- In the Amazon S3 bucket section, select the Create a bucket radio button
- In the AWS Config role section, select the Use an existing AWS Config service-linked role radio button
- Click the Next button
- Click the Skip button on the AWS Config rules page
- Click the Confirm button on the Review page
- Launch the AWS Config Console
- Click Rules
- Click Add rule
- Type encrypted
- Select encrypted-volumes
- Click Save
- Go to the AWS Config Dashboard and refresh the results
