You must be logged in to view saved presets
Conformance Packs
Operational Best Practices for Management and Governance Services
A conformance pack is a collection of AWS Config rules that can be deployed as a single entity in an AWS account and a region. This conformance pack defines Operational Best Practices for Management and Governance Services and is based on this AWS template. The conformance pack includes the following rules:
A premium subscription is required for this content
Items
1
Size
5.1 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConformancePack:
Type: 'AWS::Config::ConformancePack'
Properties:
ConformancePackName: conformance-pack-mgmt-governance-best-practices
TemplateBody: |
Resources:
ConfigRule1:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: account-part-of-organizations
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: ACCOUNT_PART_OF_ORGANIZATIONS
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule2:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloud-trail-cloud-watch-logs-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUD_TRAIL_CLOUD_WATCH_LOGS_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule3:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloudtrail-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUD_TRAIL_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule4:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloud-trail-encryption-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUD_TRAIL_ENCRYPTION_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule5:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloud-trail-log-file-validation-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUD_TRAIL_LOG_FILE_VALIDATION_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule6:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloudtrail-s3-dataevents-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUDTRAIL_S3_DATAEVENTS_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule7:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloudtrail-security-trail-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUDTRAIL_SECURITY_TRAIL_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule8:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: multi-region-cloud-trail-enabled
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: MULTI_REGION_CLOUD_TRAIL_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule9:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloudwatch-alarm-action-check
Scope:
ComplianceResourceTypes:
- 'AWS::CloudWatch::Alarm'
InputParameters:
alarmActionRequired: 'true'
insufficientDataActionRequired: 'true'
okActionRequired: 'true'
Source:
Owner: AWS
SourceIdentifier: CLOUDWATCH_ALARM_ACTION_CHECK
ConfigRule10:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cloudwatch-log-group-encrypted
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule11:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: cw-loggroup-retention-period-check
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: CW_LOGGROUP_RETENTION_PERIOD_CHECK
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule12:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: ec2-instance-managed-by-systems-manager
Scope:
ComplianceResourceTypes:
- 'AWS::EC2::Instance'
- 'AWS::SSM::ManagedInstanceInventory'
Source:
Owner: AWS
SourceIdentifier: EC2_INSTANCE_MANAGED_BY_SSM
Parameters: {}
Metadata: {}
Conditions: {}
© 2024 asecurecloud. All rights reserved.