By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Auto Remediation Rules

A collection of Automatic Remediation rules to automatically respond to misconfigurations in an AWS account. Rules use Config Rules for detection and CloudWatch Event Rules and SSM Automations for response. Auto Remediation rules cover various AWS services such EC2 and S3.

AWS

A configuration package to enable AWS Config Rule Automatic Remediation for non-compliant environment changes. Remediation is carried out using SSM Documents, and an IAM Role with the required permissions is included in the template. Resources protected include S3 and EC2.

CloudFormationAWS CLI
EC2

Auto remediation configuration to release unattached Elastic IPs. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI ID). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI Tag). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to stop or terminate EC2 instances running unapproved Tenancy Modes (Shared or Dedicated). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to stop or terminate EC2 instances using unapproved instance types. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to stop or terminate EC2 instances with public IP addresses. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI
S3

Auto remediation configuration to enable S3 Bucket Encryption if an S3 bucket created without server side encryption. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to configure S3 Bucket Versioning if versioning is not enabled at the time of bucket creation. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI

Auto remediation configuration to enable S3 Bucket Logging if an S3 bucket created with logging disabled. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.

CloudFormationAWS CLI