AWS Config launches 13 new managed rules

AWS Config Launches New Managed Rules

AWS Config has introduced 13 new managed rules for security, durability, and operations. You can now search, discover, enable, and manage these rules directly from AWS Config to govern more use cases in your AWS environment.

With this launch, you can enable these controls across your account or organization, assessing your security posture across various services like Amazon Cognito User Pools, Amazon EBS Snapshots, AWS CloudFormation Stacks, and more. You can also use Conformance Packs to group these new controls and deploy them across an account or organization, streamlining your multi-account governance.

New Rules Launched

• AURORA_GLOBAL_DATABASE_ENCRYPTION_AT_REST
• CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK
• CLOUDFORMATION_TERMINATION_PROTECTION_CHECK
• CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED
• COGNITO_USER_POOL_DELETE_PROTECTION_ENABLED
• COGNITO_USER_POOL_MFA_ENABLED
• COGNITO_USERPOOL_CUST_AUTH_THREAT_FULL_CHECK
• EBS_SNAPSHOT_BLOCK_PUBLIC_ACCESS
• ECS_CAPACITY_PROVIDER_TERMINATION_CHECK
• ECS_TASK_DEFINITION_EFS_ENCRYPTION_ENABLED
• ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT
• ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN
• SES_SENDING_TLS_REQUIRED

For the full list of recently released rules, visit the AWS Config developer guide. For descriptions of each rule and the AWS Regions in which they are available, refer to our Config managed rules documentation. To start using Config rules, refer to our documentation.

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.