CLOUD LABS
AWS Config: Custom Rules and Conformance Packs
In this Cloud Lab, we’ll learn to monitor resources and enforce compliance by using the custom rules and conformance packs of AWS Config.
advanced
Certificate of Completion
Learning Objectives
AWS Config is a management service that you can use to monitor the configurations of your AWS resources. It allows you to set up some rules based on which selected resources are continuously monitored for compliance against your desired configuration standards. AWS Config also flags resources that violate the set rules as noncompliant. This allows you to take proper actions to ensure your infrastructure is secure and compliant.
In this Cloud Lab, you’ll learn how to use AWS Config to monitor resources and enforce compliance. You’ll start by creating a custom rule using a Lambda function to check that no more than one instance is created in a region. After deploying the rule, you’ll test it by creating two EC2 instances and then checking the compliance status of the custom rule. You’ll then add a remediation action, re-evaluate the rule, and check whether the noncompliant resource has been remediated or not. After that, you’ll create another custom rule using the Guard Policy, a policy-as-code evaluation tool. This rule will check whether a specific security group is attached to your EC2 instance. Any EC2 instance that doesn’t have this security group attached to it will be marked as noncompliant. You’ll then check the compliance status of the EC2 security groups, which would be created along with the EC2 instances. Once you’ve created and deployed these custom rules, you’ll learn about the conformance pack. You will deploy additional rules using the conformance pack. After deploying the conformance pack, you’ll check its dashboard to see whether resources are continuously monitored and evaluated for compliance against the desired configurations.
After finishing this Cloud Lab, you’ll be well-equipped to use the AWS Config to monitor AWS resources. You’ll also be able to enforce compliance on the noncompliant resources, making sure that no AWS resource violates your organization’s policies.
The following is a high-level architecture diagram of the infrastructure you’ll set up in this Cloud Lab:
Before you start...
Try these optional labs before starting this lab.
Relevant Course
Use the following content to review prerequisites or explore specific concepts in detail.
Trusted by 1.4 million developers working at companies including
Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.
I highly recommend Educative. The courses are well organized and easy to understand.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
Your method is simple, straight to the point and I can practice with it everywhere, even from my phone, that's something I have never had in other learning platforms.
I highly recommend Educative. The courses are well organized and easy to understand.
I prefer Educative courses because they have a nice mix of text & images. I find that with full video courses, it can often be too easy to go into passive learning mode.
Get access to Educative Cloud Labs
