By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsDynamoDB Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityLogging & Monitoring ConfigurationsBackups & DRBilling and Cost Management

Configuration Packages

Strategy Guides

Other

Backups & DR

A collection of AWS controls related to creating and managed backups for AWS resources. Configuration items include templates to set up AWS Backup Plans which can backup data for AWS services such as DynamoDB, EFS, RDS, Storage Gateway and EC2, as well as Data LifeCycle Manager for EBS snapshots, and a number of compliance rules using AWS Config to ensure that AWS resources are properly backed up

Backup

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

CloudFormationTerraformAWS CLI
Data Lifecycle Manager

Configure a Data Lifecycle Manager (DLM) policy to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.

CloudFormationAWS CLI
Config Rule

A Config rule that checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.

CloudFormationTerraformAWS CLI

A config rule that checks whether RDS DB instances have backups enabled. Optionally, the rule checks the backup retention period and the backup window.

CloudFormationTerraformAWS CLI

A config rule that checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. The rule is NON_COMPLIANT, if Amazon RDS DB snapshots are not encrypted.

CloudFormationTerraformAWS CLI

A Config rule that checks that Amazon Redshift automated snapshots are enabled for clusters. The rule is NON_COMPLIANT if the value for automatedSnapshotRetentionPeriod is greater than MaxRetentionPeriod or less than MinRetentionPeriod or the value is 0.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon Elastic Block Store snapshots are not publicly restorable. The rule is NON_COMPLIANT if one or more snapshots with the RestorableByUserIds field is set to all. If this field is set to all, then Amazon EBS snapshots are public.

CloudFormationTerraformAWS CLI

A Config rule that checks if the Amazon ElastiCache Redis clusters have automatic backup turned on. The rule is NON_COMPLIANT if the SnapshotRetentionLimit for Redis cluster is less than the SnapshotRetentionPeriod parameter.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon RDS database is present in back plans of AWS Backup. The rule is NON_COMPLIANT if Amazon RDS databases are not included in any AWS Backup plan.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup. The rule is NON_COMPLIANT if EFS file systems are not included in the backup plans.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon DynamoDB table is present in AWS Backup plans. The rule is NON_COMPLIANT if DynamoDB tables are not present in any AWS Backup plan.

CloudFormationTerraformAWS CLI

A Config rule that checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.

CloudFormationTerraformAWS CLI
Backup
Data Lifecycle Manager
Config Rule