Guided Walkthroughs

Configuration Packages

AI CloudAdvisor (Beta)

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

AWS Systems Manager

A collection of AWS Systems Manager (SSM) configuration templates for the automation of security and operation tasks in AWS environments. Configuration items include templates to configure patching, maintenance windows, required IAM roles for SSM operations, as well as security configurations to support AWS SSM such as IAM policies, config rules, and more.

IAM Role

Configuration to create an IAM role for EC2 instances to access to AWS Systems Manager (SSM) services, with the least permissions required

CloudFormationTerraformAWS CLI
Systems Manager

A configuration guide for setting up the necessary configuration for AWS Systems Manager Patch Manager to automatically scan and/or apply patches to EC2 instances in an AWS environment.

CloudFormation

Configure an AWS Systems Manager Custom Patch Baseline and Patch Groups

CloudFormationAWS CLI
Config Rule

A Config rule that checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.

CloudFormationTerraformAWS CLI

A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager (SSM) association compliance is COMPLIANT or NON_COMPLIANT after the association execution on the instance. The rule is compliant if the field status is COMPLIANT.

CloudFormationTerraformAWS CLI

A Config rule that checks whether the compliance status of the Amazon EC2 Systems Manager patch compliance is COMPLIANT or NON_COMPLIANT after the patch installation on the instance. The rule is compliant if the field status is COMPLIANT.

CloudFormationTerraformAWS CLI

A Config rule that checks whether EC2 managed instances have the desired configurations.

CloudFormationTerraformAWS CLI

A Config rule that checks whether all of the specified applications are installed on the instance. Optionally, specify the minimum acceptable version. You can also specify the platform to apply the rule only to instances running that platform.

CloudFormationTerraformAWS CLI

A Config rule that checks that none of the specified applications are installed on the instance. Optionally, specify the application version. Newer versions of the application will not be blacklisted. You can also specify the platform to apply the rule only to instances running that platform.

CloudFormationTerraformAWS CLI

A Config rule that checks whether instances managed by AWS Systems Manager are configured to collect blacklisted inventory types.

CloudFormationTerraformAWS CLI
IAM Policy

An IAM policy that provides end users the ability start a session to a particular instance and the ability to terminate only their own sessions.

CloudFormationTerraformAWS CLI

An IAM policy that provides end users the ability start a session to instances based on the tags assigned and the ability to terminate only their own sessions.

CloudFormationTerraformAWS CLI

An IAM policy that allows a user to fully interact with all instances and all sessions created by all users for all instances, as well as permissions to permission to create, update and delete preferences. It should be granted only to an Administrator who needs full control over your organization's Session Manager activities.

CloudFormationTerraformAWS CLI
Filter by source
 
IAM Role
Systems Manager
Config Rule
IAM Policy