AWS Config should be enabled in all regions¶
Description¶
It is recommended that users enable AWS Config in all regions. The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking, and compliance auditing.
Console Remediation Steps¶
CLI Remediation Steps¶
Ensure there is an appropriate S3 bucket, SNS topic, and IAM role per the AWS Config Service prerequisites
Run this command to set up the configuration recorder:
aws configservice subscribe --s3-bucket my-config-bucket --sns-topic arn:aws:sns:us-east-1:012345xxxxxx:my-config-notice --iam-role arn:aws:iam::012345xxxxxx:role/myConfigRole
Run this command to start the configuration recorder:
aws configservice start-configuration-recorder --configuration-recorder-name <value>