By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesVPC Endpoint PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

Conformance Packs

Operational Best Practices for Asset Management

A conformance pack is a collection of AWS Config rules that can be deployed as a single entity in an AWS account and a region. This conformance pack defines Operational Best Practices for Asset Management and is based on this AWS template. The conformance pack includes the following rules:

Items
1
Size
3.0 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  ConformancePack:
    Type: "AWS::Config::ConformancePack"
    Properties:
      ConformancePackName: "conformance-pack-asset-mgmt-best-practices"
      TemplateBody: "Resources:\n  ConfigRule1:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-instance-managed-by-systems-manager\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::EC2::Instance\"\n          - \"AWS::SSM::ManagedInstanceInventory\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_INSTANCE_MANAGED_BY_SSM\"\n  ConfigRule2:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-managedinstance-association-compliance-status-check\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::SSM::AssociationCompliance\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_MANAGEDINSTANCE_ASSOCIATION_COMPLIANCE_STATUS_CHECK\"\n  ConfigRule3:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-managedinstance-patch-compliance-status-check\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::SSM::PatchCompliance\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK\"\n  ConfigRule4:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-security-group-attached-to-eni\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::EC2::SecurityGroup\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_SECURITY_GROUP_ATTACHED_TO_ENI\"\n  ConfigRule5:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-stopped-instance\"\n      Scope:\n        ComplianceResourceTypes: []\n      InputParameters:\n        AllowedDays: \"30\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_STOPPED_INSTANCE\"\n      MaximumExecutionFrequency: \"TwentyFour_Hours\"\n  ConfigRule6:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"ec2-volume-inuse-check\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::EC2::Volume\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EC2_VOLUME_INUSE_CHECK\"\n  ConfigRule7:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"eip-attached\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::EC2::EIP\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"EIP_ATTACHED\"\n  ConfigRule8:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"iam-user-unused-credentials-check\"\n      Scope:\n        ComplianceResourceTypes: []\n      InputParameters:\n        maxCredentialUsageAge: \"90\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"IAM_USER_UNUSED_CREDENTIALS_CHECK\"\n      MaximumExecutionFrequency: \"TwentyFour_Hours\"\n"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Resource Settings

EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT