AWS Config Should Be Enabled
Ensure compliance by enabling AWS Config for all regions as per Common Criteria Related to Communication and Information benchmark.
| Rule | AWS Config should be enabled |
| Framework | SOC 2 |
| Severity | ✔ High |
Rule Description:
AWS Config is a service offered by Amazon Web Services that provides a detailed view of the resources in your AWS account and their current configuration. It helps you assess the configuration of your resources and ensure compliance with various industry standards and best practices.
Enabling AWS Config for SOC 2 compliance ensures that your AWS resources are continuously monitored and audited for regulatory requirements related to security, availability, processing integrity, confidentiality, and privacy.
Troubleshooting Steps:
- 1.
Check if AWS Config service is available in your AWS region. Not all regions may support AWS Config, so you need to ensure that it is available before proceeding.
- 2.
Verify if you have the necessary permissions to enable AWS Config. You must be assigned the required IAM policy or have the necessary permissions to enable and configure the service.
- 3.
Ensure that you have a valid AWS Config configuration recorder created. If you don't have a configuration recorder, you will need to create one before enabling AWS Config for SOC 2 compliance.
Necessary Code (if any):
No specific code is required to enable AWS Config for SOC 2 compliance. However, you may need to use AWS CLI commands to configure certain settings or retrieve information related to AWS Config.
Step-by-Step Guide for Remediation:
Follow these steps to enable AWS Config for SOC 2 compliance:
- 1.
Open the AWS Management Console and navigate to the AWS Config service.
- 2.
Ensure that your desired region is selected. If AWS Config is not available in the selected region, switch to a region that supports AWS Config.
- 3.
Click on the "Get started" button to begin the configuration process. If you have already configured AWS Config, you may skip this step.
- 4.
Choose the resources you want to monitor with AWS Config. For SOC 2 compliance, it is recommended to monitor all relevant resources, including EC2 instances, S3 buckets, RDS databases, etc. Make the appropriate selections and click "Next".
- 5.
Choose the AWS Config rule evaluations for SOC 2 compliance. AWS Config provides pre-defined rulesets for various compliance standards, including SOC 2. Select the SOC 2 rule evaluations you want to apply and click "Next".
- 6.
Configure the Amazon S3 bucket settings. AWS Config stores configuration history and configuration snapshots in an S3 bucket. If you already have an existing S3 bucket, you can select it; otherwise, create a new one. Click "Next" to proceed.
- 7.
Review the configuration settings and make any necessary changes. Ensure that the selected resources, rule evaluations, and S3 bucket settings are accurate and aligned with your SOC 2 compliance requirements.
- 8.
Click on the "Enable AWS Config" button to enable AWS Config for SOC 2 compliance. This will trigger the creation and configuration of the required AWS Config resources, including the configuration recorder and rule evaluations.
- 9.
Once AWS Config is enabled, it will start monitoring and auditing your AWS resources for SOC 2 compliance. You can view the compliance status and detailed configuration history of your resources through the AWS Config console.
Remember to regularly review and monitor the compliance data provided by AWS Config to ensure ongoing SOC 2 compliance. You can also set up notifications and automated remediation actions for any non-compliant resources detected by AWS Config.