AI CloudAdvisor (Beta)

My Presets

You must be logged in to save or view your saved configuration templates

Security Controls

Service Control PoliciesConfig RulesCloudWatch Alarms and Event RulesCloudFormation Guard RulesLogging & Monitoring ConfigurationsBackups & DRAuto Remediation RulesConformance PacksBilling and Cost ManagementS3 Bucket PoliciesSecurity Groups & NACLsIAM PoliciesVPC Endpoint Policies

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

AI CloudAdvisor (Beta)

Configuration Stack
0

My Presets

Security Controls

AWS Services

Guided Walkthroughs

Configuration Packages

Reference Guides

Other

CloudFormation Security

A collection of AWS Security controls for AWS CloudFormation. Controls include AWS Config rules for monitoring compliance, IAM policies, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

Monitoring & Compliance Packages

A configuration package to automatically monitor CloudFormation stack drift (When resources deployed through CloudFormation are manaully changed after), and optionally alert on these events.

CloudFormation
CloudFormation

This template creates a nested stack using the `AWS::CloudFormation::Stack` resource. It specifies a template URL and parameters for the nested stack.

CloudFormation

This template creates a default version of a resource in CloudFormation. It specifies a new resource version and sets it as the default version. The `ResourceVersion` resource is created with the `TypeName` property set to `My::Sample::Resource` and the `SchemaHandlerPackage` property set to `s3://my-sample-resourceversion-bucket/my-sample-resource.zip`. The `ResourceDefaultVersion` resource is then created with the `TypeVersionArn` property set to the `Ref` value of the `ResourceVersion` resource.

CloudFormation

This template registers a module version with the CloudFormation service. It specifies the module name and the location of the module package in an S3 bucket.

CloudFormation

This template registers two versions of a module and sets the second version as the default version for CloudFormation to use. The `DependsOn` attribute is used to ensure that CloudFormation provisions version one before version two.

CloudFormation

This template creates a new hook version for the AWS CloudFormation registry and sets it as the default version. It specifies the type name and the schema handler package for the hook version, and uses the `Ref` return value to set the version as the default for the hook.

CloudFormation

This template creates a default version of a hook. The default version of the hook is used in CloudFormation operations for this AWS account and AWS Region.

CloudFormation

This template creates a new hook configuration with the TypeName property type. The hook configuration specifies the target stacks, failure mode, and properties for the hook.

CloudFormation

This template creates a new hook configuration with the TypeArn property type. The hook configuration specifies the target stacks, failure mode, and properties for the hook.

CloudFormation

This template creates a stack set with managed execution activated. With managed execution, StackSets performs non-conflicting operations concurrently and queues conflicting operations.

CloudFormation
Config Rule

A config rule that checks whether your CloudFormation stacks are sending event notifications to an SNS topic. Optionally checks whether specified SNS topics are used.

CloudFormationTerraformAWS CLI

A config rule that checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration. A stack is considered to have drifted if one or more of its resources differ from their expected configuration. The rule and the stack are COMPLIANT when the stack drift status is IN_SYNC. The rule and the stack are NON_COMPLIANT when the stack drift status is DRIFTED.

CloudFormationTerraformAWS CLI
CloudWatch Alarms

A CloudWatch Alarm that triggers when a new CloudFormation stack is created

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is updated

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is deleted

CloudFormationTerraformAWS CLI
IAM Policy

An IAM policy that allows all CloudFormation APIs access, but denies UpdateStack and DeleteStack APIs access on a specific stack (e.g. a production stack). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that allows users to create new or update existing CloudFormation stacks, as long as the template URL used is allowed. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that prevents creating or updating CloudFormation stacks that contain specific resource types (This policy uses IAM resources as the default example). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Service Control Policy

This SCP restricts IAM principals in accounts from making changes to specific CloudFormation stacks with the exception of a specific IAM role (This could be a common administrative IAM role created in all accounts in your organization)

CloudFormationTerraformAWS CLI
Configuration Package

A configuration package to create a custom CloudFormation Guard rules template. The package includes 150+ rules across most AWS services including EC2, S3, IAM, and many more.

CloudFormation Guard

CloudFormation guard rules template for IAM resources

CloudFormation Guard Rules

CloudFormation guard rules template for EC2 resources

CloudFormation Guard Rules

CloudFormation guard rules template for S3 resources

CloudFormation Guard Rules

CloudFormation guard rules template for Security Groups

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Lambda resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS OpenSearch resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon VPC resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon SageMaker resources

CloudFormation Guard Rules

CloudFormation guard rules template for DynamoDB and DynamoDB Accelerator (DAX) resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Certificate Manager (ACM) resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Budget resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudFront resources

CloudFormation Guard Rules

CloudFormation guard rules template for CloudWatch Log groups

CloudFormation Guard Rules

CloudFormation guard rules template for CodeBuild resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Config

CloudFormation Guard Rules

CloudFormation guard rules template for AWS DMS

CloudFormation Guard Rules

CloudFormation guard rules template for AWS DocumentDB resources

CloudFormation Guard Rules

CloudFormation guard rules template for EFS resources

CloudFormation Guard Rules

CloudFormation guard rules template for ElastiCache resources

CloudFormation Guard Rules

CloudFormation guard rules template for KMS resources

CloudFormation Guard Rules

CloudFormation guard rules template for Network Firewall resources

CloudFormation Guard Rules

CloudFormation guard rules template for SNS resources

CloudFormation Guard Rules

CloudFormation guard rules template for SQS resources

CloudFormation Guard Rules

CloudFormation guard rules template for WAF resources

CloudFormation Guard Rules

CloudFormation guard rules template for API Gateway resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Backup resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudTrail resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudWatch Alarms

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon ECR resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon EKS resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Load Balancer resources

CloudFormation Guard Rules

CloudFormation guard rules template for EMR resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon FSx resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Secrets Manager resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Redshift resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Route53 resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon MSK (Managed Apache Kafka) resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Neptune resources

CloudFormation Guard Rules

CloudFormation guard rules template for Auto Scaling Group resources

CloudFormation Guard Rules
Filter by source
 
Monitoring & Compliance Packages
CloudFormation
Config Rule
CloudWatch Alarms
IAM Policy
Service Control Policy
Configuration Package
CloudFormation Guard