You must be logged in to view saved presets
Conformance Packs
Operational Best Practices for Serverless
A conformance pack is a collection of AWS Config rules that can be deployed as a single entity in an AWS account and a region. This conformance pack defines Operational Best Practices for Serverless and is based on this AWS template. The conformance pack includes the following rules:
A premium subscription is required for this content
Items
1
Size
4.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
ConformancePack:
Type: 'AWS::Config::ConformancePack'
Properties:
ConformancePackName: conformance-pack-serverless-best-practices
TemplateBody: |
Resources:
ConfigRule1:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: api-gw-cache-enabled-and-encrypted
Scope:
ComplianceResourceTypes:
- 'AWS::ApiGateway::Stage'
Source:
Owner: AWS
SourceIdentifier: API_GW_CACHE_ENABLED_AND_ENCRYPTED
ConfigRule2:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: api-gw-execution-logging-enabled
Scope:
ComplianceResourceTypes:
- 'AWS::ApiGateway::Stage'
- 'AWS::ApiGatewayV2::Stage'
InputParameters:
loggingLevel: 'ERROR,INFO'
Source:
Owner: AWS
SourceIdentifier: API_GW_EXECUTION_LOGGING_ENABLED
ConfigRule3:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: dynamodb-autoscaling-enabled
Scope:
ComplianceResourceTypes:
- 'AWS::DynamoDB::Table'
Source:
Owner: AWS
SourceIdentifier: DYNAMODB_AUTOSCALING_ENABLED
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule4:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: dynamodb-in-backup-plan
Scope:
ComplianceResourceTypes: []
Source:
Owner: AWS
SourceIdentifier: DYNAMODB_IN_BACKUP_PLAN
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule5:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: dynamodb-pitr-enabled
Scope:
ComplianceResourceTypes:
- 'AWS::DynamoDB::Table'
Source:
Owner: AWS
SourceIdentifier: DYNAMODB_PITR_ENABLED
ConfigRule6:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: dynamodb-table-encrypted-kms
Scope:
ComplianceResourceTypes:
- 'AWS::DynamoDB::Table'
Source:
Owner: AWS
SourceIdentifier: DYNAMODB_TABLE_ENCRYPTED_KMS
ConfigRule7:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: dynamodb-throughput-limit-check
Scope:
ComplianceResourceTypes: []
InputParameters:
accountRCUThresholdPercentage: '80'
accountWCUThresholdPercentage: '80'
Source:
Owner: AWS
SourceIdentifier: DYNAMODB_THROUGHPUT_LIMIT_CHECK
MaximumExecutionFrequency: TwentyFour_Hours
ConfigRule8:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: lambda-concurrency-check
Scope:
ComplianceResourceTypes:
- 'AWS::Lambda::Function'
InputParameters:
ConcurrencyLimitLow: '500'
ConcurrencyLimitHigh: '1000'
Source:
Owner: AWS
SourceIdentifier: LAMBDA_CONCURRENCY_CHECK
ConfigRule9:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: lambda-dlq-check
Scope:
ComplianceResourceTypes:
- 'AWS::Lambda::Function'
Source:
Owner: AWS
SourceIdentifier: LAMBDA_DLQ_CHECK
ConfigRule10:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: lambda-function-public-access-prohibited
Scope:
ComplianceResourceTypes:
- 'AWS::Lambda::Function'
Source:
Owner: AWS
SourceIdentifier: LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED
ConfigRule11:
Type: 'AWS::Config::ConfigRule'
Properties:
ConfigRuleName: lambda-inside-vpc
Scope:
ComplianceResourceTypes:
- 'AWS::Lambda::Function'
Source:
Owner: AWS
SourceIdentifier: LAMBDA_INSIDE_VPC
Parameters: {}
Metadata: {}
Conditions: {}
© 2024 asecurecloud. All rights reserved.