Risk Level: Low
Cloud Entity: AWS Config
CloudGuard Rule ID: D9.AWS.MON.16
Covered by Spectral: Yes
Category: Management Tools
ConfigSetting where recordingIsOn=true should have deliveryChannel.s3BucketName and deliveryChannel.snsTopicARN
Use following steps to set configuration recorder on. You can follow reference section for more details.
- Create the Amazon S3 bucket.
- Create the SNS topic.
- Create the KMS Key.
- Create the delivery channel.
Use below steps to start configuration recorder:
- Open the AWS Config console.
- In the navigation pane, choose Settings.
- In Recording is off, choose Turn on, and then choose Continue.
From Command Line
Step 1: Use following command to create a delivery channel:
a. Using a text editor, copy and paste the following example template, and then save it as a JSON file. You can change the deliveryFrequency value to match your use case. If you choose not to activate encryption, omit the s3KmsKeyArn value from the JSON file.
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you are using the most recent AWS CLI version.
Note: The s3KeyPrefix must be provided if the S3 bucket policy restricts PutObject to a certain prefix, rather than the default.
b. Run the following AWS CLI command:
aws configservice put-delivery-channel --delivery-channel file://deliveryChannel.json
c. Run the following AWS CLI command to confirm that the Delivery Channel created:
aws configservice describe-delivery-channels
Step 2. Use below command to Start the configuration recorder.
aws configservice start-configuration-recorder --configuration-recorder-name configRecorderName
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
- AWS CCPA Framework
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ITSG-33
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated 2 months ago