By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesVPC Endpoint PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

Conformance Packs

Operational Best Practices for Serverless

A conformance pack is a collection of AWS Config rules that can be deployed as a single entity in an AWS account and a region. This conformance pack defines Operational Best Practices for Serverless and is based on this AWS template. The conformance pack includes the following rules:

Items
1
Size
4.0 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  ConformancePack:
    Type: "AWS::Config::ConformancePack"
    Properties:
      ConformancePackName: "conformance-pack-serverless-best-practices"
      TemplateBody: "Resources:\n  ConfigRule1:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"api-gw-cache-enabled-and-encrypted\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::ApiGateway::Stage\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"API_GW_CACHE_ENABLED_AND_ENCRYPTED\"\n  ConfigRule2:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"api-gw-execution-logging-enabled\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::ApiGateway::Stage\"\n          - \"AWS::ApiGatewayV2::Stage\"\n      InputParameters:\n        loggingLevel: \"ERROR,INFO\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"API_GW_EXECUTION_LOGGING_ENABLED\"\n  ConfigRule3:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"dynamodb-autoscaling-enabled\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::DynamoDB::Table\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"DYNAMODB_AUTOSCALING_ENABLED\"\n      MaximumExecutionFrequency: \"TwentyFour_Hours\"\n  ConfigRule4:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"dynamodb-in-backup-plan\"\n      Scope:\n        ComplianceResourceTypes: []\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"DYNAMODB_IN_BACKUP_PLAN\"\n      MaximumExecutionFrequency: \"TwentyFour_Hours\"\n  ConfigRule5:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"dynamodb-pitr-enabled\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::DynamoDB::Table\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"DYNAMODB_PITR_ENABLED\"\n  ConfigRule6:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"dynamodb-table-encrypted-kms\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::DynamoDB::Table\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"DYNAMODB_TABLE_ENCRYPTED_KMS\"\n  ConfigRule7:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"dynamodb-throughput-limit-check\"\n      Scope:\n        ComplianceResourceTypes: []\n      InputParameters:\n        accountRCUThresholdPercentage: \"80\"\n        accountWCUThresholdPercentage: \"80\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"DYNAMODB_THROUGHPUT_LIMIT_CHECK\"\n      MaximumExecutionFrequency: \"TwentyFour_Hours\"\n  ConfigRule8:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"lambda-concurrency-check\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::Lambda::Function\"\n      InputParameters:\n        ConcurrencyLimitLow: \"500\"\n        ConcurrencyLimitHigh: \"1000\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"LAMBDA_CONCURRENCY_CHECK\"\n  ConfigRule9:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"lambda-dlq-check\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::Lambda::Function\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"LAMBDA_DLQ_CHECK\"\n  ConfigRule10:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"lambda-function-public-access-prohibited\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::Lambda::Function\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"LAMBDA_FUNCTION_PUBLIC_ACCESS_PROHIBITED\"\n  ConfigRule11:\n    Type: \"AWS::Config::ConfigRule\"\n    Properties:\n      ConfigRuleName: \"lambda-inside-vpc\"\n      Scope:\n        ComplianceResourceTypes:\n          - \"AWS::Lambda::Function\"\n      Source:\n        Owner: \"AWS\"\n        SourceIdentifier: \"LAMBDA_INSIDE_VPC\"\n"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Resource Settings

EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT