My Saved Presets
You must be logged in to view saved presets

Loading Library ...

Conformance Packs

Operational Best Practices for Asset Management

A conformance pack is a collection of AWS Config rules that can be deployed as a single entity in an AWS account and a region. This conformance pack defines Operational Best Practices for Asset Management and is based on this AWS template. The conformance pack includes the following rules:

A premium subscription is required for this content

Items
1
Size
3.5 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConformancePack:
    Type: 'AWS::Config::ConformancePack'
    Properties:
      ConformancePackName: conformance-pack-asset-mgmt-best-practices
      TemplateBody: |
        Resources:
          ConfigRule1:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-instance-managed-by-systems-manager
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::EC2::Instance'
                  - 'AWS::SSM::ManagedInstanceInventory'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_INSTANCE_MANAGED_BY_SSM
          ConfigRule2:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-managedinstance-association-compliance-status-check
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::SSM::AssociationCompliance'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK
          ConfigRule3:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-managedinstance-patch-compliance-status-check
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::SSM::PatchCompliance'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK
          ConfigRule4:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-security-group-attached-to-eni
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::EC2::SecurityGroup'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_SECURITY_GROUP_ATTACHED_TO_ENI
          ConfigRule5:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-stopped-instance
              Scope:
                ComplianceResourceTypes: []
              InputParameters:
                AllowedDays: '30'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_STOPPED_INSTANCE
              MaximumExecutionFrequency: TwentyFour_Hours
          ConfigRule6:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: ec2-volume-inuse-check
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::EC2::Volume'
              Source:
                Owner: AWS
                SourceIdentifier: EC2_VOLUME_INUSE_CHECK
          ConfigRule7:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: eip-attached
              Scope:
                ComplianceResourceTypes:
                  - 'AWS::EC2::EIP'
              Source:
                Owner: AWS
                SourceIdentifier: EIP_ATTACHED
          ConfigRule8:
            Type: 'AWS::Config::ConfigRule'
            Properties:
              ConfigRuleName: iam-user-unused-credentials-check
              Scope:
                ComplianceResourceTypes: []
              InputParameters:
                maxCredentialUsageAge: '90'
              Source:
                Owner: AWS
                SourceIdentifier: IAM_USER_UNUSED_CREDENTIALS_CHECK
              MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Resource Settings

EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT

© 2024 asecurecloud. All rights reserved.