AWS Config launches 75 new managed rules AWS Config announces the launch of an additional 75 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across AWS Amplify, Amazon SageMaker, Amazon Route 53, and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched: ACM_CERTIFICATE_TRANSPARENT_LOGGING_ENABLED AMPLIFY_APP_BUILD_SPEC_CONFIGURED AMPLIFY_APP_PLATFORM_CHECK AMPLIFY_BRANCH_AUTO_BUILD_ENABLED AMPLIFY_BRANCH_BUILD_SPEC_CONFIGURED AMPLIFY_BRANCH_FRAMEWORK_CONFIGURED AMPLIFY_BRANCH_PULL_REQUEST_PREVIEW_ENABLED APIGATEWAY_DOMAIN_NAME_TLS_CHECK APIGATEWAYV2_INTEGRATION_PRIVATE_HTTPS_ENABLED APPINTEGRATIONS_APPLICATION_APPROVED_ORIGINS_CHECK APPINTEGRATIONS_APPLICATION_TAGGED APPMESH_MESH_IP_PREF_CHECK APPMESH_VIRTUAL_GATEWAY_LISTENERS_HEALTH_CHECK_ENABLED APPMESH_VIRTUAL_NODE_LISTENERS_HEALTH_CHECK_ENABLED APPMESH_VIRTUAL_NODE_LISTENERS_OUTLIER_DETECT_ENABLED APPMESH_VIRTUAL_NODE_SERVICE_BACKENDS_TLS_ENFORCED CLOUDTRAIL_EVENT_DATA_STORE_MULTI_REGION CLOUDWATCH_ALARM_DESCRIPTION CODEARTIFACT_REPOSITORY_TAGGED CODEBUILD_PROJECT_TAGGED EC2_IPAMSCOPE_TAGGED EC2_LAUNCHTEMPLATE_EBS_ENCRYPTED ECS_SERVICE_PROPAGATE_TAGS_ENABLED ELBV2_TARGETGROUP_HEALTHCHECK_PROTOCOL_ENCRYPTED ELBV2_TARGETGROUP_PROTOCOL_ENCRYPTED EVENTSCHEMAS_DISCOVERER_TAGGED EVENTSCHEMAS_REGISTRY_TAGGED GROUNDSTATION_CONFIG_TAGGED GROUNDSTATION_DATAFLOWENDPOINTGROUP_TAGGED GROUNDSTATION_MISSIONPROFILE_TAGGED HEALTHLAKE_FHIRDATASTORE_TAGGED IAM_OIDC_PROVIDER_CLIENT_ID_LIST_CHECK IAM_POLICY_DESCRIPTION IMAGEBUILDER_DISTRIBUTIONCONFIGURATION_TAGGED IMAGEBUILDER_IMAGEPIPELINE_TAGGED IMAGEBUILDER_IMAGERECIPE_EBS_VOLUMES_ENCRYPTED IMAGEBUILDER_IMAGERECIPE_TAGGED IMAGEBUILDER_INFRASTRUCTURECONFIGURATION_TAGGED KINESISVIDEO_SIGNALINGCHANNEL_TAGGED KINESISVIDEO_STREAM_TAGGED LAMBDA_FUNCTION_APPLICATION_LOG_LEVEL_CHECK LAMBDA_FUNCTION_LOG_FORMAT_JSON LAMBDA_FUNCTION_SYSTEM_LOG_LEVEL_CHECK LIGHTSAIL_BUCKET_OBJECT_VERSIONING_ENABLED MEDIAPACKAGE_PACKAGINGCONFIGURATION_TAGGED MEDIATAILOR_PLAYBACKCONFIGURATION_TAGGED MEMORYDB_SUBNETGROUP_TAGGED NEPTUNE_CLUSTER_SNAPSHOT_IAM_DATABASE_AUTH_ENABLED OPENSEARCHSERVERLESS_COLLECTION_DESCRIPTION OPENSEARCHSERVERLESS_COLLECTION_STANDBYREPLICAS_ENABLED PANORAMA_PACKAGE_TAGGED RDS_CLUSTER_BACKUP_RETENTION_CHECK RDS_GLOBAL_CLUSTER_AURORA_MYSQL_SUPPORTED_VERSION RESILIENCEHUB_APP_TAGGED RESILIENCEHUB_RESILIENCYPOLICY_TAGGED ROUTE53_RECOVERY_CONTROL_CLUSTER_TAGGED ROUTE53_RECOVERY_READINESS_CELL_TAGGED ROUTE53_RECOVERY_READINESS_READINESS_CHECK_TAGGED ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP_TAGGED ROUTE53_RECOVERY_READINESS_RESOURCE_SET_TAGGED ROUTE53_RESOLVER_RESOLVER_ENDPOINT_TAGGED S3_DIRECTORY_BUCKET_LIFECYCLE_POLICY_RULE_CHECK SAGEMAKER_DATA_QUALITY_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_DATA_QUALITY_JOB_ISOLATION SAGEMAKER_FEATUREGROUP_DESCRIPTION SAGEMAKER_INFERENCEEXPERIMENT_TAGGED SAGEMAKER_MODEL_BIAS_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_MODEL_BIAS_JOB_ISOLATION SAGEMAKER_MODEL_EXPLAINABILITY_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_MODEL_QUALITY_JOB_ENCRYPT_TRANSIT SAGEMAKER_MONITORING_SCHEDULE_ISOLATION SIGNER_SIGNINGPROFILE_TAGGED TRANSFER_CONNECTOR_AS2_ENCRYPTION_ALGORITHM_CHECK TRANSFER_CONNECTOR_AS2_MDN_SIGNING_ALGORITHM_CHECK TRANSFER_CONNECTOR_AS2_SIGNING_ALGORITHM_CHECK

🆕 AWS Config adds 75 new managed rules for security, durability, and operations, enabling multi-account governance and compliance across services like AWS Amplify and Amazon SageMaker. Streamlined with Conformance Packs. For details, visit AWS Config documentation.

#AWS #AwsConfig

AWS Config launches 75 new managed rules AWS Config announces the launch of an additional 75 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across AWS Amplify, Amazon SageMaker, Amazon Route 53, and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the https://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html. For description of each rule and the AWS Regions in which it is available, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html. To start using Config rules, please refer our https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_add-rules.html. New Rules Launched: ACM_CERTIFICATE_TRANSPARENT_LOGGING_ENABLED AMPLIFY_APP_BUILD_SPEC_CONFIGURED AMPLIFY_APP_PLATFORM_CHECK AMPLIFY_BRANCH_AUTO_BUILD_ENABLED AMPLIFY_BRANCH_BUILD_SPEC_CONFIGURED AMPLIFY_BRANCH_FRAMEWORK_CONFIGURED AMPLIFY_BRANCH_PULL_REQUEST_PREVIEW_ENABLED APIGATEWAY_DOMAIN_NAME_TLS_CHECK APIGATEWAYV2_INTEGRATION_PRIVATE_HTTPS_ENABLED APPINTEGRATIONS_APPLICATION_APPROVED_ORIGINS_CHECK APPINTEGRATIONS_APPLICATION_TAGGED APPMESH_MESH_IP_PREF_CHECK APPMESH_VIRTUAL_GATEWAY_LISTENERS_HEALTH_CHECK_ENABLED APPMESH_VIRTUAL_NODE_LISTENERS_HEALTH_CHECK_ENABLED APPMESH_VIRTUAL_NODE_LISTENERS_OUTLIER_DETECT_ENABLED APPMESH_VIRTUAL_NODE_SERVICE_BACKENDS_TLS_ENFORCED CLOUDTRAIL_EVENT_DATA_STORE_MULTI_REGION CLOUDWATCH_ALARM_DESCRIPTION CODEARTIFACT_REPOSITORY_TAGGED CODEBUILD_PROJECT_TAGGED EC2_IPAMSCOPE_TAGGED EC2_LAUNCHTEMPLATE_EBS_ENCRYPTED ECS_SERVICE_PROPAGATE_TAGS_ENABLED ELBV2_TARGETGROUP_HEALTHCHECK_PROTOCOL_ENCRYPTED ELBV2_TARGETGROUP_PROTOCOL_ENCRYPTED EVENTSCHEMAS_DISCOVERER_TAGGED EVENTSCHEMAS_REGISTRY_TAGGED GROUNDSTATION_CONFIG_TAGGED GROUNDSTATION_DATAFLOWENDPOINTGROUP_TAGGED GROUNDSTATION_MISSIONPROFILE_TAGGED HEALTHLAKE_FHIRDATASTORE_TAGGED IAM_OIDC_PROVIDER_CLIENT_ID_LIST_CHECK IAM_POLICY_DESCRIPTION IMAGEBUILDER_DISTRIBUTIONCONFIGURATION_TAGGED IMAGEBUILDER_IMAGEPIPELINE_TAGGED IMAGEBUILDER_IMAGERECIPE_EBS_VOLUMES_ENCRYPTED IMAGEBUILDER_IMAGERECIPE_TAGGED IMAGEBUILDER_INFRASTRUCTURECONFIGURATION_TAGGED KINESISVIDEO_SIGNALINGCHANNEL_TAGGED KINESISVIDEO_STREAM_TAGGED LAMBDA_FUNCTION_APPLICATION_LOG_LEVEL_CHECK LAMBDA_FUNCTION_LOG_FORMAT_JSON LAMBDA_FUNCTION_SYSTEM_LOG_LEVEL_CHECK LIGHTSAIL_BUCKET_OBJECT_VERSIONING_ENABLED MEDIAPACKAGE_PACKAGINGCONFIGURATION_TAGGED MEDIATAILOR_PLAYBACKCONFIGURATION_TAGGED MEMORYDB_SUBNETGROUP_TAGGED NEPTUNE_CLUSTER_SNAPSHOT_IAM_DATABASE_AUTH_ENABLED OPENSEARCHSERVERLESS_COLLECTION_DESCRIPTION OPENSEARCHSERVERLESS_COLLECTION_STANDBYREPLICAS_ENABLED PANORAMA_PACKAGE_TAGGED RDS_CLUSTER_BACKUP_RETENTION_CHECK RDS_GLOBAL_CLUSTER_AURORA_MYSQL_SUPPORTED_VERSION RESILIENCEHUB_APP_TAGGED RESILIENCEHUB_RESILIENCYPOLICY_TAGGED ROUTE53_RECOVERY_CONTROL_CLUSTER_TAGGED ROUTE53_RECOVERY_READINESS_CELL_TAGGED ROUTE53_RECOVERY_READINESS_READINESS_CHECK_TAGGED ROUTE53_RECOVERY_READINESS_RECOVERY_GROUP_TAGGED ROUTE53_RECOVERY_READINESS_RESOURCE_SET_TAGGED ROUTE53_RESOLVER_RESOLVER_ENDPOINT_TAGGED S3_DIRECTORY_BUCKET_LIFECYCLE_POLICY_RULE_CHECK SAGEMAKER_DATA_QUALITY_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_DATA_QUALITY_JOB_ISOLATION SAGEMAKER_FEATUREGROUP_DESCRIPTION SAGEMAKER_INFERENCEEXPERIMENT_TAGGED SAGEMAKER_MODEL_BIAS_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_MODEL_BIAS_JOB_ISOLATION SAGEMAKER_MODEL_EXPLAINABILITY_JOB_ENCRYPT_IN_TRANSIT SAGEMAKER_MODEL_QUALITY_JOB_ENCRYPT_TRANSIT SAGEMAKER_MONITORING_SCHEDULE_ISOLATION SIGNER_SIGNINGPROFILE_TAGGED TRANSFER_CONNECTOR_AS2_ENCRYPTION_ALGORITHM_CHECK TRANSFER_CONNECTOR_AS2_MDN_SIGNING_ALGORITHM_CHECK TRANSFER_CONNECTOR_AS2_SIGNING_ALGORITHM_CHECK

AWS Config launches 75 new managed rules

AWS Config announces the launch of an additional 75 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config...

#AWS #AwsConfig

AWS Config now supports 30 new resource types AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::AppSync::DataSource AWS::Deadline::LicenseEndpoint AWS::Batch::ConsumableResource AWS::Deadline::QueueEnvironment AWS::Bedrock::DataSource AWS::Detective::OrganizationAdmin AWS::BedrockAgentCore::Gateway AWS::GameLift::ContainerFleet AWS::BedrockAgentCore::Memory AWS::GameLift::ContainerGroupDefinition AWS::Cognito::IdentityPoolRoleAttachment AWS::GameLift::GameServerGroup AWS::Cognito::LogDeliveryConfiguration AWS::GameLift::Location AWS::Cognito::UserPoolUICustomizationAttachment AWS::IoT::TopicRule AWS::Connect::RoutingProfile AWS::Omics::ReferenceStore AWS::DataBrew::Dataset AWS::PCAConnectorAD::Template AWS::DataBrew::Job AWS::PCAConnectorSCEP::Challenge AWS::DataBrew::Project AWS::ResourceExplorer2::View AWS::DataBrew::Recipe AWS::ResourceGroups::Group AWS::DataBrew::Ruleset AWS::Scheduler::ScheduleGroup AWS::DataBrew::Schedule AWS::VerifiedPermissions::IdentitySource

🆕 AWS Config now supports 30 new resource types, including Amazon Bedrock and Cognito, enhancing coverage for better discovery, audit, and remediation across AWS services. If recording is enabled, these additions are automatically tracked.

#AWS #AwsConfig

AWS Config now supports 30 new resource types AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::AppSync::DataSource AWS::Deadline::LicenseEndpoint AWS::Batch::ConsumableResource AWS::Deadline::QueueEnvironment AWS::Bedrock::DataSource AWS::Detective::OrganizationAdmin AWS::BedrockAgentCore::Gateway AWS::GameLift::ContainerFleet AWS::BedrockAgentCore::Memory AWS::GameLift::ContainerGroupDefinition AWS::Cognito::IdentityPoolRoleAttachment AWS::GameLift::GameServerGroup AWS::Cognito::LogDeliveryConfiguration AWS::GameLift::Location AWS::Cognito::UserPoolUICustomizationAttachment AWS::IoT::TopicRule AWS::Connect::RoutingProfile AWS::Omics::ReferenceStore AWS::DataBrew::Dataset AWS::PCAConnectorAD::Template AWS::DataBrew::Job AWS::PCAConnectorSCEP::Challenge AWS::DataBrew::Project AWS::ResourceExplorer2::View AWS::DataBrew::Recipe AWS::ResourceGroups::Group AWS::DataBrew::Ruleset AWS::Scheduler::ScheduleGroup AWS::DataBrew::Schedule AWS::VerifiedPermissions::IdentitySource

AWS Config now supports 30 new resource types

AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectivel...

#AWS #AwsConfig

AWS Config now supports 30 new resource types AWS Config now supports 30 additional AWS resource types across key services including Amazon EKS, Amazon Q, and AWS IoT. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::ApplicationSignals::ServiceLevelObjective AWS::IoT::SoftwarePackage AWS::ARCZonalShift::AutoshiftObserverNotificationStatus      AWS::IoT::TopicRule AWS::B2BI::Transformer AWS::IoTWireless::Destination AWS::CE::CostCategory AWS::IoTWireless::DeviceProfile AWS::CleanRooms::ConfiguredTable AWS::IoTWireless::NetworkAnalyzerConfiguration  AWS::CleanRooms::Membership AWS::IoTWireless::TaskDefinition AWS::CodeArtifact::PackageGroup AWS::IoTWireless::WirelessGateway AWS::Connect::Prompt AWS::Kinesis::ResourcePolicy AWS::EKS::Nodegroup AWS::PCAConnectorSCEP::Connector AWS::GameLift::MatchmakingRuleSet AWS::QBusiness::Application AWS::GameLift::Script AWS::QuickSight::DataSet AWS::Glue::Crawler AWS::QuickSight::Dashboard AWS::InternetMonitor::Monitor AWS::Route53::DNSSEC AWS::IoT::BillingGroup AWS::SSM::PatchBaseline AWS::IoT::ResourceSpecificLogging AWS::Transfer::User

AWS Config now supports 30 new resource types

AWS Config now supports 30 additional AWS resource types across key services including Amazon EKS, Amazon Q, and AWS IoT. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover...

#AWS #AwsConfig

AWS Config now supports 30 new resource types AWS Config now supports 30 additional AWS resource types across key services including Amazon EKS, Amazon Q, and AWS IoT. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::ApplicationSignals::ServiceLevelObjective AWS::IoT::SoftwarePackage AWS::ARCZonalShift::AutoshiftObserverNotificationStatus      AWS::IoT::TopicRule AWS::B2BI::Transformer AWS::IoTWireless::Destination AWS::CE::CostCategory AWS::IoTWireless::DeviceProfile AWS::CleanRooms::ConfiguredTable AWS::IoTWireless::NetworkAnalyzerConfiguration  AWS::CleanRooms::Membership AWS::IoTWireless::TaskDefinition AWS::CodeArtifact::PackageGroup AWS::IoTWireless::WirelessGateway AWS::Connect::Prompt AWS::Kinesis::ResourcePolicy AWS::EKS::Nodegroup AWS::PCAConnectorSCEP::Connector AWS::GameLift::MatchmakingRuleSet AWS::QBusiness::Application AWS::GameLift::Script AWS::QuickSight::DataSet AWS::Glue::Crawler AWS::QuickSight::Dashboard AWS::InternetMonitor::Monitor AWS::Route53::DNSSEC AWS::IoT::BillingGroup AWS::SSM::PatchBaseline AWS::IoT::ResourceSpecificLogging AWS::Transfer::User

🆕 AWS Config now supports 30 new resource types, including Amazon EKS, Q, and IoT, enhancing coverage and enabling better discovery, assessment, and audit of a broader range of resources across all AWS Regions.

#AWS #AwsConfig

AWS Config launches 13 new managed rules AWS Config announces launch of an additional 13 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across Amazon Cognito User pools, Amazon EBS Snapshots, AWS Cloudformation Stacks and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the https://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html. For description of each rule and the AWS Regions in which it is available, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html. To start using Config rules, please refer our https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_add-rules.html. New Rules Launched: AURORA_GLOBAL_DATABASE_ENCRYPTION_AT_REST CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK CLOUDFORMATION_TERMINATION_PROTECTION_CHECK CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED COGNITO_USER_POOL_DELETE_PROTECTION_ENABLED COGNITO_USER_POOL_MFA_ENABLED COGNITO_USERPOOL_CUST_AUTH_THREAT_FULL_CHECK EBS_SNAPSHOT_BLOCK_PUBLIC_ACCESS ECS_CAPACITY_PROVIDER_TERMINATION_CHECK ECS_TASK_DEFINITION_EFS_ENCRYPTION_ENABLED ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN SES_SENDING_TLS_REQUIRED

AWS Config launches 13 new managed rules

AWS Config announces launch of an additional 13 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from...

#AWS #AwsConfig #AwsGovcloudUs

AWS Config launches 13 new managed rules AWS Config announces launch of an additional 13 managed Config rules for various use cases such as security, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can assess your security posture across Amazon Cognito User pools, Amazon EBS Snapshots, AWS Cloudformation Stacks and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched: AURORA_GLOBAL_DATABASE_ENCRYPTION_AT_REST CLOUDFORMATION_STACK_SERVICE_ROLE_CHECK CLOUDFORMATION_TERMINATION_PROTECTION_CHECK CLOUDFRONT_DISTRIBUTION_KEY_GROUP_ENABLED COGNITO_USER_POOL_DELETE_PROTECTION_ENABLED COGNITO_USER_POOL_MFA_ENABLED COGNITO_USERPOOL_CUST_AUTH_THREAT_FULL_CHECK EBS_SNAPSHOT_BLOCK_PUBLIC_ACCESS ECS_CAPACITY_PROVIDER_TERMINATION_CHECK ECS_TASK_DEFINITION_EFS_ENCRYPTION_ENABLED ECS_TASK_DEFINITION_LINUX_USER_NON_ROOT ECS_TASK_DEFINITION_WINDOWS_USER_NON_ADMIN SES_SENDING_TLS_REQUIRED

🆕 AWS Config adds 13 new managed rules for security, durability, and operations, enabling multi-account governance via Conformance Packs. Rules include checks for Amazon Cognito, EBS, CloudFormation, and more. For details, visit AWS Config documentation.

#AWS #AwsConfig #AwsGovcloudUs

AWS Config now supports 21 new resource types AWS Config now supports 21 additional AWS resource types across key services including Amazon EC2, Amazon SageMaker, and Amazon S3 Tables. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::AppStream::AppBlockBuilder AWS::IoT::ThingGroup AWS::B2BI::Capability AWS::IoTSiteWise::Asset AWS::CleanRoomsML::TrainingDataset AWS::Location::APIKey AWS::CloudFront::KeyValueStore AWS::MediaPackageV2::OriginEndpoint AWS::Connect::SecurityProfile AWS::PCAConnectorAD::Connector AWS::Deadline::Monitor AWS::Route53::DNSSEC AWS::EC2::SubnetCidrBlock AWS::S3Tables::TableBucketPolicy AWS::ECR::ReplicationConfiguration AWS::SageMaker::UserProfile AWS::GameLift::Build AWS::SecretsManager::ResourcePolicy AWS::GuardDuty::MalwareProtectionPlan       AWS::SSMContacts::Contact AWS::ImageBuilder::LifecyclePolicy  

AWS Config now supports 21 new resource types

AWS Config now supports 21 additional AWS resource types across key services including Amazon EC2, Amazon SageMaker, and Amazon S3 Tables. This expansion provides greater coverage over your AWS environment, enabling ...

#AWS #AwsConfig #AwsGovcloudUs

AWS Config now supports 21 new resource types AWS Config now supports 21 additional AWS resource types across key services including Amazon EC2, Amazon SageMaker, and Amazon S3 Tables. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::AppStream::AppBlockBuilder AWS::IoT::ThingGroup AWS::B2BI::Capability AWS::IoTSiteWise::Asset AWS::CleanRoomsML::TrainingDataset AWS::Location::APIKey AWS::CloudFront::KeyValueStore AWS::MediaPackageV2::OriginEndpoint AWS::Connect::SecurityProfile AWS::PCAConnectorAD::Connector AWS::Deadline::Monitor AWS::Route53::DNSSEC AWS::EC2::SubnetCidrBlock AWS::S3Tables::TableBucketPolicy AWS::ECR::ReplicationConfiguration AWS::SageMaker::UserProfile AWS::GameLift::Build AWS::SecretsManager::ResourcePolicy AWS::GuardDuty::MalwareProtectionPlan       AWS::SSMContacts::Contact AWS::ImageBuilder::LifecyclePolicy

🆕 AWS Config now supports 21 new resource types, including EC2, SageMaker, and S3 Tables, enhancing coverage for better discovery, audit, and remediation across AWS services. New types include AppStream AppBlockBuilder, IoT ThingGroup, and S3 Tables.

#AWS #AwsConfig #AwsGovcloudUs

Automated EKS Cost Optimization with AWS Config Through the past years, I helped a number of organizations to optimize cloud costs in AWS, more...

✨ New article published on @dev.to

I shared how i used AWS Config rules to optimize EKS Cloud costs on @awscloud.bsky.social
Read more 👉 dev.to/aaitaazizi/a...

#AWS #AWSConfig #EKS #Kubernetes #FinOps

AWS Control Tower introduces a Controls Dedicated experience AWS Control Tower now offers Control Only Experience, enabling faster governance setup for established multi-account environments by providing access to AWS managed controls without requiring a full landing zone implementation.

AWS Control Tower introduces a Controls Dedicated experience

AWS Control Tower now offers Control Only Experience, enabling faster governance setup for established multi-account environments by providing access to AWS managed...

#AWS #AwsConfig #AwsControlTower #AwsOrganizations #ManagementTools

Make compliance continuous, not quarterly.
Enable AWS Config rules (or similar) to detect drift: public S3, unencrypted EBS, missing CloudTrail. Automate alerts to close the feedback loop.
#Compliance #AWSConfig #DevSecOps

AWS Config conformance packs now available in additional AWS Regions AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html templates or craft a custom YAML file from scratch based on a https://docs.aws.amazon.com/config/latest/developerguide/custom-conformance-pack.html. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config https://aws.amazon.com/config/pricing/ for more details. To learn more about AWS Config conformance packs, see our https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html.

AWS Config conformance packs now available in additional AWS Regions

AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a sin...

#AWS #AwsConfig

AWS Config conformance packs now available in additional AWS Regions AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided sample conformance pack templates or craft a custom YAML file from scratch based on a custom conformance pack. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config conformance packs, see our documentation.

🆕 AWS Config conformance packs now available in more regions, including Asia Pacific (Malaysia), New Zealand, Thailand, Taipei, and Mexico, to simplify compliance management across your AWS Organization. Deploy via console, CLI, or CloudFormation. Pricing per evaluation.

#AWS #AwsConfig

AWS Config launches 42 new managed rules AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the https://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html. For description of each rule and the AWS Regions in which it is available, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html. To start using Config rules, please refer our https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_add-rules.html. New Rules Launched: AMPLIFY_APP_NO_ENVIRONMENT_VARIABLES AMPLIFY_BRANCH_DESCRIPTION APIGATEWAY_STAGE_DESCRIPTION APIGATEWAYV2_STAGE_DESCRIPTION API_GWV2_STAGE_DEFAULT_ROUTE_DETAILED_METRICS_ENABLED APIGATEWAY_STAGE_ACCESS_LOGS_ENABLED APPCONFIG_DEPLOYMENT_STRATEGY_MINIMUM_FINAL_BAKE_TIME APPCONFIG_DEPLOYMENT_STRATEGY_TAGGED APPFLOW_FLOW_TRIGGER_TYPE_CHECK APPMESH_VIRTUAL_NODE_CLOUD_MAP_IP_PREF_CHECK APPMESH_VIRTUAL_NODE_DNS_IP_PREF_CHECK APPRUNNER_SERVICE_IP_ADDRESS_TYPE_CHECK APPRUNNER_SERVICE_MAX_UNHEALTHY_THRESHOLD APS_RULE_GROUPS_NAMESPACE_TAGGED AUDITMANAGER_ASSESSMENT_TAGGED BATCH_MANAGED_COMPUTE_ENV_ALLOCATION_STRATEGY_CHECK BATCH_MANAGED_SPOT_COMPUTE_ENVIRONMENT_MAX_BID COGNITO_IDENTITY_POOL_UNAUTHENTICATED_LOGINS COGNITO_USER_POOL_PASSWORD_POLICY_CHECK CUSTOMERPROFILES_DOMAIN_TAGGED DEVICEFARM_PROJECT_TAGGED DEVICEFARM_TEST_GRID_PROJECT_TAGGED DMS_REPLICATION_INSTANCE_MULTI_AZ_ENABLED EC2_LAUNCH_TEMPLATES_EBS_VOLUME_ENCRYPTED EC2_NETWORK_INSIGHTS_ANALYSIS_TAGGED EKS_FARGATE_PROFILE_TAGGED GLUE_ML_TRANSFORM_TAGGED IOT_SCHEDULED_AUDIT_TAGGED IOT_PROVISIONING_TEMPLATE_DESCRIPTION IOT_PROVISIONING_TEMPLATE_JITP IOT_PROVISIONING_TEMPLATE_TAGGED KINESIS_VIDEO_STREAM_MINIMUM_DATA_RETENTION LAMBDA_FUNCTION_DESCRIPTION LIGHTSAIL_BUCKET_ALLOW_PUBLIC_OVERRIDES_DISABLED RDS_MYSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK RDS_PGSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_TAGGED ROUTE53_RESOLVER_RESOLVER_RULE_TAGGED RUM_APP_MONITOR_TAGGED RUM_APP_MONITOR_CLOUDWATCH_LOGS_ENABLED

AWS Config launches 42 new managed rules

AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Conf...

#AWS #AwsConfig

AWS Config launches 42 new managed rules AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched: AMPLIFY_APP_NO_ENVIRONMENT_VARIABLES AMPLIFY_BRANCH_DESCRIPTION APIGATEWAY_STAGE_DESCRIPTION APIGATEWAYV2_STAGE_DESCRIPTION API_GWV2_STAGE_DEFAULT_ROUTE_DETAILED_METRICS_ENABLED APIGATEWAY_STAGE_ACCESS_LOGS_ENABLED APPCONFIG_DEPLOYMENT_STRATEGY_MINIMUM_FINAL_BAKE_TIME APPCONFIG_DEPLOYMENT_STRATEGY_TAGGED APPFLOW_FLOW_TRIGGER_TYPE_CHECK APPMESH_VIRTUAL_NODE_CLOUD_MAP_IP_PREF_CHECK APPMESH_VIRTUAL_NODE_DNS_IP_PREF_CHECK APPRUNNER_SERVICE_IP_ADDRESS_TYPE_CHECK APPRUNNER_SERVICE_MAX_UNHEALTHY_THRESHOLD APS_RULE_GROUPS_NAMESPACE_TAGGED AUDITMANAGER_ASSESSMENT_TAGGED BATCH_MANAGED_COMPUTE_ENV_ALLOCATION_STRATEGY_CHECK BATCH_MANAGED_SPOT_COMPUTE_ENVIRONMENT_MAX_BID COGNITO_IDENTITY_POOL_UNAUTHENTICATED_LOGINS COGNITO_USER_POOL_PASSWORD_POLICY_CHECK CUSTOMERPROFILES_DOMAIN_TAGGED DEVICEFARM_PROJECT_TAGGED DEVICEFARM_TEST_GRID_PROJECT_TAGGED DMS_REPLICATION_INSTANCE_MULTI_AZ_ENABLED EC2_LAUNCH_TEMPLATES_EBS_VOLUME_ENCRYPTED EC2_NETWORK_INSIGHTS_ANALYSIS_TAGGED EKS_FARGATE_PROFILE_TAGGED GLUE_ML_TRANSFORM_TAGGED IOT_SCHEDULED_AUDIT_TAGGED IOT_PROVISIONING_TEMPLATE_DESCRIPTION IOT_PROVISIONING_TEMPLATE_JITP IOT_PROVISIONING_TEMPLATE_TAGGED KINESIS_VIDEO_STREAM_MINIMUM_DATA_RETENTION LAMBDA_FUNCTION_DESCRIPTION LIGHTSAIL_BUCKET_ALLOW_PUBLIC_OVERRIDES_DISABLED RDS_MYSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK RDS_PGSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_TAGGED ROUTE53_RESOLVER_RESOLVER_RULE_TAGGED RUM_APP_MONITOR_TAGGED RUM_APP_MONITOR_CLOUDWATCH_LOGS_ENABLED

🆕 AWS Config adds 42 new managed rules for security, cost, and operations. Enable controls across accounts or organizations, assess tagging strategies, and streamline multi-account governance with Conformance Packs. For details, visit AWS Config documentation.

#AWS #AwsConfig

AWS Config now supports 52 new resource types AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

AWS Config now supports 52 new resource types

AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effec...

#AWS #AwsConfig

AWS Config now supports 52 new resource types AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the supported resource types page.

🆕 AWS Config now supports 52 new resource types, including Amazon EC2, Bedrock, and SageMaker, enhancing monitoring and auditing across your AWS environment. If recording is enabled, these new types are automatically tracked.

#AWS #AwsConfig

AWS Config now supports 3 new resource types AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

AWS Config now supports 3 new resource types

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader rang...

#AWS #AwsGovcloudUs #AwsConfig

AWS Config now supports 3 new resource types AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

🆕 AWS Config now supports 3 new resource types: AWS::ApiGatewayV2::Integration, AWS::CloudTrail::EventDataStore, and AWS::Config::StoredQuery, enhancing coverage and enabling better auditing and remediation across your AWS environment.

#AWS #AwsGovcloudUs #AwsConfig

AWS Config advanced query and aggregator now available in Asia Pacific (New Zealand) Region AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state of your AWS resources. Aggregators enable centralized visibility and analysis by aggregating configuration and compliance data from multiple accounts and regions, or across an AWS Organization. Advanced queries provide a single query endpoint and a query language to get current resource configuration and compliance state without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. Advanced queries can be used from https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-console.html and https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-cli.html. To learn more about aggregators, please refer to our https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html. With this expansion, AWS Config advanced queries and aggregators are now available in https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html#aggregation-regions.

AWS Config advanced query and aggregator now available in Asia Pacific (New Zealand) Region

AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state ...

#AWS #AwsConfig

AWS Config advanced query and aggregator now available in Asia Pacific (New Zealand) Region AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state of your AWS resources. Aggregators enable centralized visibility and analysis by aggregating configuration and compliance data from multiple accounts and regions, or across an AWS Organization. Advanced queries provide a single query endpoint and a query language to get current resource configuration and compliance state without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. Advanced queries can be used from AWS console and AWS CLI. To learn more about aggregators, please refer to our documentation. With this expansion, AWS Config advanced queries and aggregators are now available in all supported regions.

🆕 AWS Config's advanced queries and aggregators are now in Asia Pacific (New Zealand), offering centralized visibility and compliance analysis across accounts and regions. Use them via AWS console and CLI. Available globally.

#AWS #AwsConfig

AWS Config now supports resource tags for IAM Policies AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies. With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance. This feature is now available across all supported https://docs.aws.amazon.com/config/latest/developerguide/config-region-support.html#config-region-support-list at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managing-recorder_console-start.html.

AWS Config now supports resource tags for IAM Policies

AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies.

With this enhancement, you c...

#AWS #AwsConfig

AWS Config now supports resource tags for IAM Policies AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies. With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance. This feature is now available across all supported AWS Regions at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our documentation.

🆕 AWS Config now supports resource tags for IAM Policies, enhancing metadata tracking for better configuration assessment and multi-account governance across all regions at no extra cost.

#AWS #AwsConfig

AWS Config now supports 5 new resource types AWS Config now supports 5 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available. Resource Types: AWS::CodeArtifact::Domain AWS::Config::ConformancePack AWS::Glue::Database AWS::NetworkManager::TransitGatewayPeering AWS::RolesAnywhere::TrustAnchor

AWS Config now supports 5 new resource types

AWS Config now supports 5 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources....

#AWS #AwsConfig

AWS Config now supports 5 new resource types AWS Config now supports 5 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available. Resource Types: AWS::CodeArtifact::Domain AWS::Config::ConformancePack AWS::Glue::Database AWS::NetworkManager::TransitGatewayPeering AWS::RolesAnywhere::TrustAnchor

🆕 AWS Config now supports 5 new resource types: AWS::CodeArtifact::Domain, AWS::Config::ConformancePack, AWS::Glue::Database, AWS::NetworkManager::TransitGatewayPeering, and AWS::RolesAnywhere::TrustAnchor, enhancing environment coverage and audit capabilities.

#AWS #AwsConfig

AWS Config rules add classifications from AWS Control Tower Control Catalog Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks. Control Catalog has classifications including Domain (such as "Data Protection"), Objective (such as "Data Encryption"), and common control (such as "Encrypt data at rest") to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule. If you're using AWS Config, you'll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture. AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available. To learn more about AWS Config rules and compliance frameworks, visit the AWS Config documentation.

🆕 AWS Config now links rules to CIS, FedRAMP, and NIST frameworks, leveraging AWS Control Tower's Control Catalog for streamlined compliance across AWS Config and Control Tower, available in all commercial regions.

#AWS #AwsControlTower #AwsConfig

AWS Config rules add classifications from AWS Control Tower Control Catalog Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks. Control Catalog has classifications including Domain (such as "Data Protection"), Objective (such as "Data Encryption"), and common control (such as "Encrypt data at rest") to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule. If you're using AWS Config, you'll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture. AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available. To learn more about AWS Config rules and compliance frameworks, visit the AWS Config https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html.

AWS Config rules add classifications from AWS Control Tower Control Catalog

Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance framew...

#AWS #AwsControlTower #AwsConfig

AWS Control Tower now supports seven new compliance frameworks Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023. To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We've also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., "Data Protection"), an objective (e.g., "Data Encryption"), and a common control (e.g., "Encrypt data at rest"). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you're using AWS Config, now you'll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment. You can use Control Catalog with new mappings in all https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit https://docs.aws.amazon.com/controltower/latest/controlreference/config-controls.html.

AWS Control Tower now supports seven new compliance frameworks

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existi...

#AWS #AwsConfig