Compliance Check Using AWS Config Rules (Managed & Custom)

The hands-on lab is part of these learning paths

DevOps Engineer – Professional Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 18 quiz-steps 2 description 3
Solutions Architect – Professional Certification Preparation for AWS
course-steps 48 certification 6 lab-steps 19 quiz-steps 4 description 2
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
Security - Specialty Certification Preparation for AWS
course-steps 22 certification 2 lab-steps 12 quiz-steps 5
GDPR: Using AWS Compliance Enabling Services
course-steps 7 certification 1 lab-steps 2 quiz-steps 2
AWS Security Services
course-steps 9 certification 2 lab-steps 4
AWS Cloud Management Tools
course-steps 5 certification 1 lab-steps 5 quiz-steps 2
AWS Services Monitoring & Auditing
course-steps 6 certification 1 lab-steps 3 quiz-steps 2
AWS Governance & Compliance
course-steps 5 certification 1 lab-steps 2 quiz-steps 3
more_horiz See 6 more

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Setting up the Configuration Recorder
lock
Working with AWS Config Managed Rules
lock
Analyzing and Remedying a Noncompliant Resource
lock
Working with AWS Config Custom Rules
lock
Validate AWS Lab

Ready for the real environment experience?

DifficultyIntermediate
Max Duration2h
Students698
Ratings
4.5/5
star star star star star-half

Description

Lab Overview

AWS Config is a powerful tool in your security and governance toolkit. AWS Config can record and track changes to the configuration of many types of resources in AWS. Config Rules can be used to monitor compliance with your security and governance policies. You can leverage AWS Config managed rules to quickly get started with compliance checking of common policies. You are also able to write custom rules to cover whatever policy you care to enforce. In this lab, you will get hands-on experience with managed and custom AWS Config rules.

Lab Objectives

Upon completion of this lab you will be able to:

  • Configure the configuration recorder to AWS resources
  • Track and audit security changes using AWS Config
  • Explore the integration between AWS Config and CloudTrail
  • Use managed and custom rules to check compliance
  • Analyze and correct non-compliant resources

Lab Prerequisites

You should be familiar with the following:

  • EC2 Security Groups basics
  • CloudTrail and AWS Lambda basics will be helpful but not required

Updates

July 2nd, 2019 - Refactored part of the provisioning script to improve Lab maintainability

March 13th, 2019 - Updated Lab IAM permissions to work with the new AWS Config integration with AWS Systems Manager Automation for automatic remediation. Updated instructions to explain how Systems Manager Automation can automatically remedy rule violations.

January 10th, 2019 - Added a validation Lab Step to check the work you perform in the Lab

September 6th, 2018 - Updated Lab IAM permissions to work with the new AWS Config requirements. Updated instructions and screenshots.

July 30th, 2018 - Updated all instructions and images to match the new AWS Console experience

Environment before
PREVIEW
arrow_forward
Environment after
PREVIEW

About the Author

Students38635
Labs101
Courses11
Learning paths9

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Linux Foundation Certified System Administrator (LFCS), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.