Guided Walkthroughs

Configuration Packages

AI CloudAdvisor (Beta)

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

Backups & DR

A collection of AWS controls related to creating and managed backups for AWS resources. Configuration items include templates to set up AWS Backup Plans which can backup data for AWS services such as DynamoDB, EFS, RDS, Storage Gateway and EC2, as well as Data LifeCycle Manager for EBS snapshots, and a number of compliance rules using AWS Config to ensure that AWS resources are properly backed up

Backup

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

CloudFormationTerraformAWS CLI

Configure AWS Backup Audit Manager to audit the compliance of your AWS Backup policies against controls that you define. This template deploys the AWS backup framework (a collection of controls that helps you to evaluate your backup practices) and (optionally) automatic daily reports for the compliance status of the frameworks set up.

CloudFormationTerraformAWS CLI

Configure AWS Backup Audit Manager to create automated daily reports on backup job activity. Other reports that can be configured include Backup Restore activity and Backup Copy Jobs activity  This template deploys can (optionally) also audit frameworks to evaluate backup policies for the account.

CloudFormationTerraformAWS CLI
Data Lifecycle Manager

Configure a Data Lifecycle Manager (DLM) policy to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.

CloudFormationAWS CLI
Config Rule

A Config rule that checks if Amazon Relational Database Service (Amazon RDS) snapshots are public. The rule is non-compliant if any existing and new Amazon RDS snapshots are public.

CloudFormationTerraformAWS CLI

A config rule that checks whether RDS DB instances have backups enabled. Optionally, the rule checks the backup retention period and the backup window.

CloudFormationTerraformAWS CLI

A config rule that checks whether Amazon Relational Database Service (Amazon RDS) DB snapshots are encrypted. The rule is NON_COMPLIANT, if Amazon RDS DB snapshots are not encrypted.

CloudFormationTerraformAWS CLI

A Config rule that checks that Amazon Redshift automated snapshots are enabled for clusters. The rule is NON_COMPLIANT if the value for automatedSnapshotRetentionPeriod is greater than MaxRetentionPeriod or less than MinRetentionPeriod or the value is 0.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon Elastic Block Store snapshots are not publicly restorable. The rule is NON_COMPLIANT if one or more snapshots with the RestorableByUserIds field is set to all. If this field is set to all, then Amazon EBS snapshots are public.

CloudFormationTerraformAWS CLI

A Config rule that checks if the Amazon ElastiCache Redis clusters have automatic backup turned on. The rule is NON_COMPLIANT if the SnapshotRetentionLimit for Redis cluster is less than the SnapshotRetentionPeriod parameter.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon RDS database is present in back plans of AWS Backup. The rule is NON_COMPLIANT if Amazon RDS databases are not included in any AWS Backup plan.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup. The rule is NON_COMPLIANT if EFS file systems are not included in the backup plans.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon DynamoDB table is present in AWS Backup plans. The rule is NON_COMPLIANT if DynamoDB tables are not present in any AWS Backup plan.

CloudFormationTerraformAWS CLI

A Config rule that checks if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.

CloudFormationTerraformAWS CLI

A Config rule that checks if a backup plan has a backup rule that satisfies the required frequency and retention period. The rule is NON_COMPLIANT if recovery points are not created at least as often as the specified frequency or expire before the specified period.

CloudFormationTerraformAWS CLI

A Config rule that checks if a recovery point is encrypted. The rule is NON_COMPLIANT if the recovery point is not encrypted.

CloudFormationTerraformAWS CLI

A Config rule that checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. The rule is NON_COMPLIANT if the Backup Vault does not have resource-based policies or has policies without a suitable 'Deny' statement.

CloudFormationTerraformAWS CLI

A Config rule that checks if a recovery point expires no earlier than after the specified period. The rule is NON_COMPLIANT if the recovery point has a retention point that is less than the required retention period.

CloudFormationTerraformAWS CLI
Backup
Data Lifecycle Manager
Config Rule