In the previous part of this series, we explored the key features of AWS Config and its role in maintaining compliance. [LINK TO PART 1]
Now, we'll walk through the practical setup of AWS Config. You'll learn how to enable it, configure managed and custom rules, use Conformance Packs, and leverage Aggregators to manage compliance across multiple AWS regions and accounts. By the end, you'll have a clear understanding of how to implement continuous compliance with AWS Config.
First things first - you need to have an AWS account to perform all the actions. Follow AWS’s step-by-step guide to set one up.
In AWS Console go to the AWS Config service and click on 1-click setup. By selecting this, AWS will automatically:
AWS offers a vast library of predefined AWS Config rules. Let’s set up one.
Now let’s dive deeper into custom AWS Config rules, which help address specific scenarios.. In my case, I will create a CF Guard policy to define the custom AWS Config rule.
rule S3BucketLogging
when configuration.name != /.*log.*/ {
supplementaryConfiguration.BucketLoggingConfiguration.destinationBucketName is_string
}
Organizations often need multiple AWS Config rules, and Conformance Packs provide a convenient way to group and manage them. These packs are essentially CloudFormation templates and stacks. If you're familiar with CloudFormation, setting up a template with all the necessary rules will be quick and straightforward. This also gives us two ways to create AWS Config rules in bulk:
Conformance packs will have more features in comparison to managing rules using AWS CloudFormation:
Drawbacks of Conformance Packs
One drawback is that AWS additionally charges for it. For detailed pricing, check the AWS Config Pricing page. So, if you don’t need the features described above you can feel free to manage everything directly using the CloudFormation stacks.
Also, AWS provides a large amount of Conformance pack templates, which can be a great starting point to create your own set of rules to fulfill the project requires. For example, if you open the template for HIPAA, you can see the list of rules and controls covered by these rules, as well as high-level guidance for each.
All templates are available in the official AWS repository.
Now let’s try to create a conformance pack using one of the ready-to-use templates - Operational Best Practices for HIPAA Security:
To delete the conformance pack, just to the Conformance packs page, choose the necessary pack, click on Actions and then Delete
AWS Config is a great tool for keeping an eye on your AWS resources and making sure everything stays compliant. In this guide, we covered most of the parts to get started with AWS Config:
By leveraging AWS Config, you can detect changes, enforce policies, and prevent compliance issues before they escalate - all without the need for additional custom tools. Whether you're working with a few rules or managing compliance across multiple AWS accounts, AWS Config helps keep your environment secure, auditable, and under control.
Conducting Technology Due Diligence: Avoid Costly Mistakes in Acquisitions
2024 Tech Recap & 2025 Trends: The Tools That Delivered and What’s Next
Building a Technology Roadmap for Your Software
We use cookies to bring best personalized experience for you. Check our Privacy Policy to learn more about how we process your personal data
Accept AllPrivacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. More information