AWS Config launched 8 new managed rules that automatically evaluate the configuration of important AWS resources:
- IAM Password Policy: Checks whether the password policy for IAM Users meets the specified criteria. This rule codifies best practices, and you can further strengthen the policy.
- RDS encryption: Checks whether storage encryption is enabled for your RDS DB Instances. Optionally, you can specify the KMS Key ID that should be used.
- RDS Multi-AZ: Checks whether high availability is enabled for your RDS DB Instances.
- RDS Backup: Checks whether RDS DB Instances have backups enabled. You can also check for expected backup windows and retention policies.
- EBS Optimized EC2 Instances: Checks whether EBS optimization is enabled for EC2 Instance types that can be EBS optimized. This rule ensures best I/O performance for EBS volumes attached to these instances.
- EC2 Instance Type: Checks whether EC2 Instances are of the specified set of types. For example, all EC2 Instances must be of type t2.small or m4.large.
- Approved AMIs by ID: Checks whether running EC2 Instances are using the approved set of AMI IDs.
- Approved AMIs by Tag: Checks whether running EC2 Instances are using the set of AMIs specified by Tag key/value on these AMIs.