Compliance Check Using AWS Config Rules (Managed & Custom)


157 students completed the lab in ~1h:12m

Total available time: 2h:0m

84 students rated this lab!

Lab Overview

AWS Config is a powerful tool in your security and governance toolkit. AWS Config can record and track changes to the configuration of many types of resources in AWS. Config Rules can be used to monitor compliance with your security and governance policies. You can leverage AWS Config managed rules to quickly get started with compliance checking of common policies. You are also able to write custom rules to cover whatever policy you care to enforce. In this lab, you will get hands-on experience with managed and custom AWS Config rules.

Lab Objectives

Upon completion of this lab you will be able to:

  • Configure the configuration recorder to AWS resources
  • Track and audit security changes using AWS Config
  • Explore the integration between AWS Config and CloudTrail
  • Use managed and custom rules to check compliance
  • Analyze and correct non-compliant resources

Lab Prerequisites

You should be familiar with the following:

  • EC2 Security Groups basics
  • CloudTrail and AWS Lambda basics will be helpful but not required

Lab Environment

Before completing the lab instructions the environment will look as follows:

After completing the lab instructions the environment should look similar to:


Follow these steps to learn by building helpful cloud resources

Logging in to the Amazon Web Services Console

Your first step to start the Lab experience

Setting up the Configuration Recorder

Configure how and what the configuration recorder will record

Working with AWS Config Managed Rules

Use an AWS Config managed rule to check compliance

Analyzing and Remedying a Noncompliant Resource

Use the tools in Config and integration with CloudTrail to regain compliance

Working with AWS Config Custom Rules

Create and evaluate an AWS Config custom rule using AWS Lambda