Service Control Policies
Config Rules
Auto Remediation Rules
Conformance Packs
Amazon GuardDuty
Amazon Inspector
AWS Security Hub
AWS Network Firewall
Route53 Resolver Security
Amazon Macie
S3 Bucket Policies
CloudWatch Alarms and Event Rules
AWS WAF
AWS Secrets Manager
AWS Systems Manager
Security Groups & NACLs
AWS KMS
AWS SSO
IAM Policies
VPC Endpoint Policies
CloudFormation Guard Rules
Load Balancers
RDS Event Subscriptions
AWS Resource Access Manager (RAM)A collection of Automatic Remediation rules to automatically respond to misconfigurations in an AWS account. Rules use Config Rules for detection and CloudWatch Event Rules and SSM Automations for response. Auto Remediation rules cover various AWS services such EC2 and S3.
A configuration package to enable AWS Config Rule Automatic Remediation for non-compliant environment changes. Remediation is carried out using SSM Documents, and an IAM Role with the required permissions is included in the template. Resources protected include S3 and EC2.
Auto remediation configuration to release unattached Elastic IPs. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI ID). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI Tag). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to stop or terminate EC2 instances running unapproved Tenancy Modes (Shared or Dedicated). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to stop or terminate EC2 instances using unapproved instance types. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to stop or terminate EC2 instances with public IP addresses. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to enable S3 Bucket Encryption if an S3 bucket created without server side encryption. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to configure S3 Bucket Versioning if versioning is not enabled at the time of bucket creation. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Auto remediation configuration to enable S3 Bucket Logging if an S3 bucket created with logging disabled. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
