All news with #aws config tag

AWS Config Conformance Packs Expand to Five Regions

📣 AWS Config conformance packs and organization-level management are now available in additional Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei), and Mexico (Central). Conformance packs let you package managed or custom AWS Config rules into reusable bundles for security, operational, or cost-optimization governance and to monitor compliance scores. You can deploy packs via the AWS Config console, AWS CLI, or AWS CloudFormation. Note that pricing is charged per conformance pack evaluation per account and Region.

AWS Config Adds 42 New Managed Rules for Governance

🔔 AWS Config has launched 42 new managed rules to help organizations govern security, cost, durability, and operational best practices across AWS environments. You can now search, discover, enable, and manage these rules directly from AWS Config, and apply them account-wide or across an organization, including via Conformance Packs. New checks cover services such as Amazon EKS Fargate, EC2 Network Insights, AWS Glue ML transforms, Amazon Cognito, Lightsail, Amplify, Lambda, RDS, Route53 Resolver, Kinesis Video, and more.

AWS Config Adds 52 New Resource Types Across Key Services

🔔 AWS Config now supports 52 additional AWS resource types across services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. With recording for all resource types enabled, AWS Config will automatically begin tracking these additions and they are available to Config rules and aggregators. You can monitor the new types in all Regions where supported, expanding discovery, assessment, audit, and remediation coverage.

AWS Config Adds Support for Three New Resource Types

📣 AWS Config now supports three additional resource types—AWS::ApiGatewayV2::Integration, AWS::CloudTrail::EventDataStore, and AWS::Config::StoredQuery—providing broader visibility across AWS environments. If you have recording enabled for all resource types, AWS Config will automatically begin tracking these new types. They are available for use in Config rules and Config aggregators in all Regions where the resources exist. This expansion enhances your ability to discover, assess, audit, and remediate a wider range of resources.

AWS Config Advanced Queries, Aggregators in New Zealand

🔔 AWS has expanded AWS Config advanced queries and configuration aggregators to the Asia Pacific (New Zealand) region. Advanced queries provide a single query endpoint and a query language to retrieve current resource configuration and compliance state without issuing service-specific describe API calls. Aggregators enable centralized visibility by collecting configuration and compliance data from multiple accounts and Regions or across an AWS Organization. These capabilities are accessible from the AWS Console and AWS CLI and, with this expansion, are now available in all supported regions.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

AWS Config Tracks Resource Tags for IAM Policies Globally

🔍 AWS Config now records resource tags for IAM policy resource types, enabling you to capture tag values and track their changes directly in your Config recorder. You can scope both Config-managed and custom rule evaluations by tag and use Config aggregators to selectively collect IAM policies across accounts. This capability is available in all supported AWS Regions at no additional cost.

AWS Config Adds Five New Resource Types for Monitoring

🔔 AWS Config now supports five additional AWS resource types, expanding its ability to discover, assess, audit, and remediate resources across your accounts. The new types — AWS::CodeArtifact::Domain, AWS::Config::ConformancePack, AWS::Glue::Database, AWS::NetworkManager::TransitGatewayPeering, and AWS::RolesAnywhere::TrustAnchor — are tracked automatically if you record all resource types and are available for Config rules and aggregators. Support applies in all Regions where these resources are available, enabling broader compliance and operational visibility. This update simplifies monitoring and remediation workflows.

AWS releases SRA Verify: Open-source SRA assessment

🔍 SRA Verify is an open-source assessment tool from AWS that automates validation of an organization’s alignment to the AWS Security Reference Architecture (AWS SRA). It runs automated checks across multiple services to verify configurations and highlight deviations from recommended patterns. The tool links checks to remediation guidance and IaC examples to help teams implement fixes more quickly. It currently covers CloudTrail, GuardDuty, IAM Access Analyzer, Config, Security Hub, S3, Inspector, and Macie, with plans to expand.