Guided Walkthroughs

Configuration Packages

AI CloudAdvisor (Beta)

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

CloudFormation Security

A collection of AWS Security controls for AWS CloudFormation. Controls include AWS Config rules for monitoring compliance, IAM policies, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

Monitoring & Compliance Packages

A configuration package to automatically monitor CloudFormation stack drift (When resources deployed through CloudFormation are manaully changed after), and optionally alert on these events.

CloudFormation
Config Rule

A config rule that checks whether your CloudFormation stacks are sending event notifications to an SNS topic. Optionally checks whether specified SNS topics are used.

CloudFormationTerraformAWS CLI

A config rule that checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration. A stack is considered to have drifted if one or more of its resources differ from their expected configuration. The rule and the stack are COMPLIANT when the stack drift status is IN_SYNC. The rule and the stack are NON_COMPLIANT when the stack drift status is DRIFTED.

CloudFormationTerraformAWS CLI
CloudWatch Alarms

A CloudWatch Alarm that triggers when a new CloudFormation stack is created

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is updated

CloudFormationTerraformAWS CLI

A CloudWatch Alarm that triggers when an existing CloudFormation stack is deleted

CloudFormationTerraformAWS CLI
IAM Policy

An IAM policy that allows all CloudFormation APIs access, but denies UpdateStack and DeleteStack APIs access on a specific stack (e.g. a production stack). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that allows users to create new or update existing CloudFormation stacks, as long as the template URL used is allowed. This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI

An IAM policy that prevents creating or updating CloudFormation stacks that contain specific resource types (This policy uses IAM resources as the default example). This policy also provides the permissions necessary to complete this action on the console.

CloudFormationTerraformAWS CLI
Service Control Policy

This SCP restricts IAM principals in accounts from making changes to specific CloudFormation stacks with the exception of a specific IAM role (This could be a common administrative IAM role created in all accounts in your organization)

CloudFormationTerraformAWS CLI
Configuration Package

A configuration package to create a custom CloudFormation Guard rules template. The package includes 150+ rules across most AWS services including EC2, S3, IAM, and many more.

CloudFormation Guard

CloudFormation guard rules template for IAM resources

CloudFormation Guard Rules

CloudFormation guard rules template for EC2 resources

CloudFormation Guard Rules

CloudFormation guard rules template for S3 resources

CloudFormation Guard Rules

CloudFormation guard rules template for Security Groups

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Lambda resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS OpenSearch resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon VPC resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon SageMaker resources

CloudFormation Guard Rules

CloudFormation guard rules template for DynamoDB and DynamoDB Accelerator (DAX) resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Certificate Manager (ACM) resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Budget resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudFront resources

CloudFormation Guard Rules

CloudFormation guard rules template for CloudWatch Log groups

CloudFormation Guard Rules

CloudFormation guard rules template for CodeBuild resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Config

CloudFormation Guard Rules

CloudFormation guard rules template for AWS DMS

CloudFormation Guard Rules

CloudFormation guard rules template for AWS DocumentDB resources

CloudFormation Guard Rules

CloudFormation guard rules template for EFS resources

CloudFormation Guard Rules

CloudFormation guard rules template for ElastiCache resources

CloudFormation Guard Rules

CloudFormation guard rules template for KMS resources

CloudFormation Guard Rules

CloudFormation guard rules template for Network Firewall resources

CloudFormation Guard Rules

CloudFormation guard rules template for SNS resources

CloudFormation Guard Rules

CloudFormation guard rules template for SQS resources

CloudFormation Guard Rules

CloudFormation guard rules template for WAF resources

CloudFormation Guard Rules

CloudFormation guard rules template for API Gateway resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Backup resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudTrail resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS CloudWatch Alarms

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon ECR resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon EKS resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Load Balancer resources

CloudFormation Guard Rules

CloudFormation guard rules template for EMR resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon FSx resources

CloudFormation Guard Rules

CloudFormation guard rules template for AWS Secrets Manager resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Redshift resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Route53 resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon MSK (Managed Apache Kafka) resources

CloudFormation Guard Rules

CloudFormation guard rules template for Amazon Neptune resources

CloudFormation Guard Rules

CloudFormation guard rules template for Auto Scaling Group resources

CloudFormation Guard Rules
Filter by source
 
Monitoring & Compliance Packages
Config Rule
CloudWatch Alarms
IAM Policy
Service Control Policy
Configuration Package
CloudFormation Guard