VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
EMR Security
Lambda Security
CloudFormation Security
AWS Certificate Manager (ACM) Security
Logging & Monitoring Configurations
Backups & DR
Billing and Cost ManagementA collection of AWS controls related to creating and managed backups for AWS resources. Configuration items include templates to set up AWS Backup Plans which can backup data for AWS services such as DynamoDB, EFS, RDS, Storage Gateway and EC2, as well as Data LifeCycle Manager for EBS snapshots, and a number of compliance rules using AWS Config to ensure that AWS resources are properly backed up
Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption
Configure AWS Backup Audit Manager to audit the compliance of your AWS Backup policies against controls that you define. This template deploys the AWS backup framework (a collection of controls that helps you to evaluate your backup practices) and (optionally) automatic daily reports for the compliance status of the frameworks set up.
Configure AWS Backup Audit Manager to create automated daily reports on backup job activity. Other reports that can be configured include Backup Restore activity and Backup Copy Jobs activity This template deploys can (optionally) also audit frameworks to evaluate backup policies for the account.
Configure a Data Lifecycle Manager (DLM) policy to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.
A Config rule that checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.
A config rule that checks whether RDS DB instances have backups enabled. Optionally, the rule checks the backup retention period and the backup window.
A config rule that checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. The rule is NON_COMPLIANT, if Amazon RDS DB snapshots are not encrypted.
A Config rule that checks that Amazon Redshift automated snapshots are enabled for clusters. The rule is NON_COMPLIANT if the value for automatedSnapshotRetentionPeriod is greater than MaxRetentionPeriod or less than MinRetentionPeriod or the value is 0.
A Config rule that checks whether Amazon Elastic Block Store snapshots are not publicly restorable. The rule is NON_COMPLIANT if one or more snapshots with the RestorableByUserIds field is set to all. If this field is set to all, then Amazon EBS snapshots are public.
A Config rule that checks if the Amazon ElastiCache Redis clusters have automatic backup turned on. The rule is NON_COMPLIANT if the SnapshotRetentionLimit for Redis cluster is less than the SnapshotRetentionPeriod parameter.
A Config rule that checks whether Amazon RDS database is present in back plans of AWS Backup. The rule is NON_COMPLIANT if Amazon RDS databases are not included in any AWS Backup plan.
A Config rule that checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup. The rule is NON_COMPLIANT if EFS file systems are not included in the backup plans.
A Config rule that checks whether Amazon DynamoDB table is present in AWS Backup plans. The rule is NON_COMPLIANT if DynamoDB tables are not present in any AWS Backup plan.
A Config rule that checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.
