A configuration package to automatically monitor CloudFormation stack drift (When resources deployed through CloudFormation are manaully changed after), and optionally alert on these events.
CloudFormation
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
By Implementation
By Service Protected
Reference Guides
Other
Guided Walkthroughs
Configuration Packages
AI CloudAdvisor (Beta)
Configuration Stack0
By Service Protected
VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
ECR Security Controls
EMR Security
Lambda Security
CloudFormation Security
CodeX Security Controls
CloudFront Security
AWS Certificate Manager (ACM) Security
Logging & Monitoring Configurations
Backups & DR
Billing and Cost ManagementBy Implementation
Reference Guides
Other
CloudFormation Security
A collection of AWS Security controls for AWS CloudFormation. Controls include AWS Config rules for monitoring compliance, IAM policies, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform
Monitoring & Compliance Packages
Config Rule
A config rule that checks whether your CloudFormation stacks are sending event notifications to an SNS topic. Optionally checks whether specified SNS topics are used.
CloudFormationTerraformAWS CLI
A config rule that checks whether an AWS CloudFormation stack's actual configuration differs, or has drifted, from it's expected configuration. A stack is considered to have drifted if one or more of its resources differ from their expected configuration. The rule and the stack are COMPLIANT when the stack drift status is IN_SYNC. The rule and the stack are NON_COMPLIANT when the stack drift status is DRIFTED.
CloudFormationTerraformAWS CLI
CloudWatch Alarms
A CloudWatch Alarm that triggers when a new CloudFormation stack is created
CloudFormationTerraformAWS CLI
A CloudWatch Alarm that triggers when an existing CloudFormation stack is updated
CloudFormationTerraformAWS CLI
A CloudWatch Alarm that triggers when an existing CloudFormation stack is deleted
CloudFormationTerraformAWS CLI
IAM Policy
An IAM policy that allows all CloudFormation APIs access, but denies UpdateStack and DeleteStack APIs access on a specific stack (e.g. a production stack). This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
An IAM policy that allows users to create new or update existing CloudFormation stacks, as long as the template URL used is allowed. This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
Prevent Creating or Updating CloudFormation Stacks that Contain Specific AWS Resource Types
Add to StackAn IAM policy that prevents creating or updating CloudFormation stacks that contain specific resource types (This policy uses IAM resources as the default example). This policy also provides the permissions necessary to complete this action on the console.
CloudFormationTerraformAWS CLI
Service Control Policy
This SCP restricts IAM principals in accounts from making changes to specific CloudFormation stacks with the exception of a specific IAM role (This could be a common administrative IAM role created in all accounts in your organization)
CloudFormationTerraformAWS CLI
Configuration Package
A configuration package to create a custom CloudFormation Guard rules template. The package includes 150+ rules across most AWS services including EC2, S3, IAM, and many more.
CloudFormation Guard
CloudFormation guard rules template for IAM resources
CloudFormation Guard Rules
CloudFormation guard rules template for EC2 resources
CloudFormation Guard Rules
CloudFormation guard rules template for S3 resources
CloudFormation Guard Rules
CloudFormation guard rules template for Security Groups
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Lambda resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS OpenSearch resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon VPC resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon SageMaker resources
CloudFormation Guard Rules
CloudFormation guard rules template for DynamoDB and DynamoDB Accelerator (DAX) resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Certificate Manager (ACM) resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Budget resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS CloudFront resources
CloudFormation Guard Rules
CloudFormation guard rules template for CloudWatch Log groups
CloudFormation Guard Rules
CloudFormation guard rules template for CodeBuild resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Config
CloudFormation Guard Rules
CloudFormation guard rules template for AWS DMS
CloudFormation Guard Rules
CloudFormation guard rules template for AWS DocumentDB resources
CloudFormation Guard Rules
CloudFormation guard rules template for EFS resources
CloudFormation Guard Rules
CloudFormation guard rules template for ElastiCache resources
CloudFormation Guard Rules
CloudFormation guard rules template for KMS resources
CloudFormation Guard Rules
CloudFormation guard rules template for Network Firewall resources
CloudFormation Guard Rules
CloudFormation guard rules template for SNS resources
CloudFormation Guard Rules
CloudFormation guard rules template for SQS resources
CloudFormation Guard Rules
CloudFormation guard rules template for WAF resources
CloudFormation Guard Rules
CloudFormation guard rules template for API Gateway resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Backup resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS CloudTrail resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS CloudWatch Alarms
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon ECR resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon EKS resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Load Balancer resources
CloudFormation Guard Rules
CloudFormation guard rules template for EMR resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon FSx resources
CloudFormation Guard Rules
CloudFormation guard rules template for AWS Secrets Manager resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon Redshift resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon Route53 resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon MSK (Managed Apache Kafka) resources
CloudFormation Guard Rules
CloudFormation guard rules template for Amazon Neptune resources
CloudFormation Guard Rules
CloudFormation guard rules template for Auto Scaling Group resources
CloudFormation Guard Rules
Filter by source
Monitoring & Compliance Packages
Config Rule
CloudWatch Alarms
IAM Policy
Service Control Policy
Configuration Package
CloudFormation Guard