Enable AWS Config Rule
Implement the rule requiring AWS Config to be enabled for better security measures.
| Rule | AWS Config should be enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
Enabling AWS Config provides visibility into the compliance of your AWS resources with AWS Foundational Security Best Practices. AWS Config is a fully managed service that provides a detailed inventory of your resources, tracks configuration changes, and enables compliance assessment and troubleshooting. By enabling AWS Config for AWS Foundational Security Best Practices, you can effectively monitor and assess the security posture of your AWS resources.
Troubleshooting Steps:
- 1.
Ensure that you have the required permissions to enable AWS Config. You must have the
permission.config:PutConfigRule - 2.
Make sure you have the AWS Config service enabled in your AWS account. If you have not already enabled AWS Config, follow the steps below:
- Sign in to the AWS Management Console.
- Open the AWS Config console.
- Click the "Get started" button.
- Choose the resource types you want to record configuration changes for and click "Next".
- Configure the Amazon S3 bucket where you want AWS Config to store configuration snapshots and click "Next".
- Review the settings and click "Confirm".
- 3.
Verify if the AWS Foundational Security Best Practices rule is available. Here's how:
- Open the AWS Config console.
- Click on "Rules" in the left sidebar.
- Search for the "AWS Foundational Security Best Practices" rule.
- If the rule is not available, click on "Add rule" and choose the "AWS Foundational Security Best Practices" rule.
- Configure any required parameters and click "Save".
Necessary Code:
There is no specific code required for this rule as it involves enabling and configuring the AWS Config service and utilizing the pre-built "AWS Foundational Security Best Practices" rule.
Step-by-Step Guide for Remediation:
- 1.Sign in to the AWS Management Console with the appropriate credentials.
- 2.Open the AWS Config console.
- 3.If AWS Config is not already enabled, follow the steps described earlier to enable AWS Config.
- 4.Once AWS Config is enabled, click on "Rules" in the left sidebar.
- 5.Search for the "AWS Foundational Security Best Practices" rule.
- 6.If the rule is not available, click on "Add rule" and choose the "AWS Foundational Security Best Practices" rule.
- 7.Configure any required parameters such as the desired compliance level and the frequency of evaluations.
- 8.Click "Save" to enable the rule.
- 9.AWS Config will now start evaluating the compliance of your AWS resources against the AWS Foundational Security Best Practices.
- 10.To view the compliance status, click on "Resources" in the left sidebar, and then select "Compliance" from the dropdown menu.
- 11.You can now review the compliance results for each AWS resource and take necessary actions to remediate any non-compliant configurations.
By following these steps, you can successfully enable AWS Config for AWS Foundational Security Best Practices and leverage its capabilities to monitor and maintain the security compliance of your AWS resources.