Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Ensure AWS Config is enabled in all regions Rule

This rule ensures AWS Config is enabled in all regions to maintain compliance.

RuleEnsure AWS Config is enabled in all regions
Frameworkcis_v140
Severity
Critical

Rule Description:

Enabling AWS Config ensures that configuration changes made to your AWS resources are tracked and monitored. This rule focuses on ensuring that AWS Config is enabled in all regions to meet the requirements of the CIS AWS Foundation Benchmark version 1.4.0 (cis_v140).

Rule Remediation:

AWS Config can be enabled in all regions by following these steps:

  2. 1.

    Manual Method:

    • Sign in to the AWS Management Console.
    • Open the AWS Config console at https://console.aws.amazon.com/config/.
    • Select each region one by one from the region selector in the top-right corner of the console.
    • If AWS Config is not enabled, click on the "Get started" button to initiate the process.
    • Follow the configuration steps provided by the AWS Config console to enable AWS Config in each region.
  4. 2.

    AWS Command Line Interface (CLI) Method:

    • Install and configure the AWS CLI on your local system.

    • Open a terminal or command prompt.

    • Run the following command to enable AWS Config in each region:

      aws configservice put-config-organization-rule --organization-custom-rule-metadata file://rule.json

      Note: Replace 'rule.json' with the path to a JSON file containing the rule configuration parameters.

    • Repeat the above command for each region, changing the 

      --region
      flag accordingly.

Troubleshooting Steps:

  • Issue: AWS Config fails to enable in some regions.

    • Ensure that you have the necessary permissions to enable AWS Config. You need the 
      config:PutConfigurationAggregator
      permission for each region.
    • Check if there are any service or IAM role restrictions that prevent AWS Config from being enabled in certain regions.
    • Verify that the AWS Config service is available and not experiencing any outages.
    • Make sure your AWS account is not hitting any resource limits that may prevent AWS Config from being enabled.

  • Issue: Missing or outdated AWS CLI version.

    • Update your AWS CLI to the latest version by running the following command: 
      pip install --upgrade awscli

  • Issue: JSON file format for rule configuration is incorrect.

    • Ensure that the JSON file containing the rule configuration parameters is correctly formatted and includes all the required fields.
    • Validate the JSON file using a JSON validator or online JSON validation tool.

Additional Notes:

It is recommended to regularly check the AWS Config console or use the AWS CLI to verify that AWS Config is enabled in all regions. Additionally, you can set up Amazon CloudWatch alarms to receive notifications if AWS Config is disabled in any of the regions. This will help maintain continuous configuration governance and compliance with the CIS AWS Foundation Benchmark version 1.4.0 (cis_v140).

Is your System Free of Underlying Vulnerabilities?
Find Out Now