Auto Remediation Rules

A collection of Automatic Remediation rules to automatically respond to misconfigurations in an AWS account. Rules use Config Rules for detection and CloudWatch Event Rules and SSM Automations for response. Auto Remediation rules cover various AWS services such EC2 and S3.

8/8
FILTERS
 
S3
Enable S3 Bucket Encryption If Not Configured
Auto Remediation with SSM
Auto remediation configuration to enable S3 Bucket Encryption if an S3 bucket created without server side encryption. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Enable S3 Bucket Versioning If Not Configured
Auto Remediation with SSM
Auto remediation configuration to configure S3 Bucket Versioning if versioning is not enabled at the time of bucket creation. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Enable S3 Bucket Logging If Not Configured
Auto Remediation with SSM
Auto remediation configuration to enable S3 Bucket Logging if an S3 bucket created with logging disabled. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
EC2
Stop/Terminate EC2 Instances Running Unapproved AMIs (by AMI ID)
Auto Remediation with SSM
Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI ID). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Stop/Terminate EC2 Instances Running Unapproved AMIs (by AMI Tag)
Auto Remediation with SSM
Auto remediation configuration to stop or terminate EC2 instances running unapproved AMIs (by AMI Tag). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Stop/Terminate EC2 Instances Running Unapproved EC2 Tenancy Mode
Auto Remediation with SSM
Auto remediation configuration to stop or terminate EC2 instances running unapproved Tenancy Modes (Shared or Dedicated). Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Stop/Terminate EC2 Instances Running Unapproved EC2 Instance Types
Auto Remediation with SSM
Auto remediation configuration to stop or terminate EC2 instances using unapproved instance types. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.
Stop/Terminate EC2 Instances with Public IPs
Auto Remediation with SSM
Auto remediation configuration to stop or terminate EC2 instances with public IP addresses. Detection uses a managed AWS Config Rule and remediation is with SSM Automation.