AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched: AMPLIFY_APP_NO_ENVIRONMENT_VARIABLES AMPLIFY_BRANCH_DESCRIPTION APIGATEWAY_STAGE_DESCRIPTION APIGATEWAYV2_STAGE_DESCRIPTION API_GWV2_STAGE_DEFAULT_ROUTE_DETAILED_METRICS_ENABLED APIGATEWAY_STAGE_ACCESS_LOGS_ENABLED APPCONFIG_DEPLOYMENT_STRATEGY_MINIMUM_FINAL_BAKE_TIME APPCONFIG_DEPLOYMENT_STRATEGY_TAGGED APPFLOW_FLOW_TRIGGER_TYPE_CHECK APPMESH_VIRTUAL_NODE_CLOUD_MAP_IP_PREF_CHECK APPMESH_VIRTUAL_NODE_DNS_IP_PREF_CHECK APPRUNNER_SERVICE_IP_ADDRESS_TYPE_CHECK APPRUNNER_SERVICE_MAX_UNHEALTHY_THRESHOLD APS_RULE_GROUPS_NAMESPACE_TAGGED AUDITMANAGER_ASSESSMENT_TAGGED BATCH_MANAGED_COMPUTE_ENV_ALLOCATION_STRATEGY_CHECK BATCH_MANAGED_SPOT_COMPUTE_ENVIRONMENT_MAX_BID COGNITO_IDENTITY_POOL_UNAUTHENTICATED_LOGINS COGNITO_USER_POOL_PASSWORD_POLICY_CHECK CUSTOMERPROFILES_DOMAIN_TAGGED DEVICEFARM_PROJECT_TAGGED DEVICEFARM_TEST_GRID_PROJECT_TAGGED DMS_REPLICATION_INSTANCE_MULTI_AZ_ENABLED EC2_LAUNCH_TEMPLATES_EBS_VOLUME_ENCRYPTED EC2_NETWORK_INSIGHTS_ANALYSIS_TAGGED EKS_FARGATE_PROFILE_TAGGED GLUE_ML_TRANSFORM_TAGGED IOT_SCHEDULED_AUDIT_TAGGED IOT_PROVISIONING_TEMPLATE_DESCRIPTION IOT_PROVISIONING_TEMPLATE_JITP IOT_PROVISIONING_TEMPLATE_TAGGED KINESIS_VIDEO_STREAM_MINIMUM_DATA_RETENTION LAMBDA_FUNCTION_DESCRIPTION LIGHTSAIL_BUCKET_ALLOW_PUBLIC_OVERRIDES_DISABLED RDS_MYSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK RDS_PGSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_TAGGED ROUTE53_RESOLVER_RESOLVER_RULE_TAGGED RUM_APP_MONITOR_TAGGED RUM_APP_MONITOR_CLOUDWATCH_LOGS_ENABLED

AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

Have you ever wondered about AWS Monitoring? What tools make up this monitoring suite? AWS provides...

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023. To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We've also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., "Data Protection"), an objective (e.g., "Data Encryption"), and a common control (e.g., "Encrypt data at rest"). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you're using AWS Config, now you'll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment. You can use Control Catalog with new mappings in all https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit https://docs.aws.amazon.com/controltower/latest/controlreference/config-controls.html.

AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit. By enabling the service-linked recorder in Amazon CloudWatch, you gain centralized visibility into critical AWS service telemetry configurations, such as Amazon VPC Flow Logs, Amazon EC2 Detailed Metrics, and AWS Lambda Traces. With service-linked recorders, an AWS service can deploy and manage an AWS Config recorder on your behalf to discover resources and utilize the configuration data to provide differentiated features. For example, an Amazon CloudWatch managed service-linked recorder helps you identify monitoring gaps within specific critical resources within your organization, providing a centralized, single-pane view of telemetry configuration status. Service-linked recorders are immutable to ensure consistency, prevention of configuration drift, and simplified experience. Service-linked recorders operate independently of any existing AWS Config recorder, if one is enabled. This allows you to independently manage your AWS Config recorder for your specific use cases while authorized AWS services can manage the service-linked recorder for feature specific requirements. Amazon CloudWatch managed service-linked recorder is now available in US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney) Europe (Frankfurt), Europe (Ireland), Europe (Stockholm) regions. The AWS Config service-linked recorder specific to Amazon CloudWatch telemetry configuration feature is available to customers at no additional cost. To learn more, please refer to our documentation.

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies. With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance. This feature is now available across all supported AWS Regions at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our documentation.

AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided sample conformance pack templates or craft a custom YAML file from scratch based on a custom conformance pack. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config conformance packs, see our documentation.

We are well settled into 2025 by now, but many people are still catching up with all the exciting new releases and announcements that came out of re:Invent last year. There have been hundreds of re:Invent recap events around the world since the beginning of the year, including in-person all-day official AWS events with multiple […]

はじめに私は普段CCoEとして当社で利用するパブリッククラウドの統制・運用を主な業務としていますCCoEの活動については昨年のAdventCalendarでも触れられていますので是非御覧

Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks. Control Catalog has classifications including Domain (such as "Data Protection"), Objective (such as "Data Encryption"), and common control (such as "Encrypt data at rest") to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule. If you're using AWS Config, you'll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture. AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available. To learn more about AWS Config rules and compliance frameworks, visit the AWS Config documentation.

AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit. By enabling the service-linked recorder in Amazon CloudWatch, you gain centralized visibility into critical AWS service telemetry configurations, such as Amazon VPC Flow Logs, Amazon EC2 Detailed Metrics, and AWS Lambda Traces. With service-linked recorders, an AWS service can deploy and manage an AWS Config recorder on your behalf to discover resources and utilize the configuration data to provide differentiated features. For example, an Amazon CloudWatch managed service-linked recorder helps you identify monitoring gaps within specific critical resources within your organization, providing a centralized, single-pane view of telemetry configuration status. Service-linked recorders are immutable to ensure consistency, prevention of configuration drift, and simplified experience. Service-linked recorders operate independently of any existing AWS Config recorder, if one is enabled. This allows you to independently manage your AWS Config recorder for your specific use cases while authorized AWS services can manage the service-linked recorder for feature specific requirements. Amazon CloudWatch managed service-linked recorder is now available in US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney) Europe (Frankfurt), Europe (Ireland), Europe (Stockholm) regions. The AWS Config service-linked recorder specific to Amazon CloudWatch telemetry configuration feature is available to customers at no additional cost. To learn more, please refer to our https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html.  

AWSConfigに生成AIを活用した自然言語クエリによる検索機能が導入されましたこれまでもAWSConfigでは高度なクエリ機能を使うことで組織内またはアカウント内のリソースやルールの準拠状況を検索

はじめにAWSのセキュリティグループの設定不備対策としてAWSConfigを使って検出・自動修復する方法と修復できない条件すべてのトラフィックすべてのTCPについてSSMドキュメント

こんにちはサービス開発室の武田ですAWSTrustedAdvisorはAWS環境を継続的に評価しベストプラクティスを維持するための推奨事項を提示します独自に収集するデータだけでなく情報ソースとしてSecu

Amazon CloudWatch now offers centralized visibility into critical AWS service telemetry configurations, such as Amazon VPC Flow Logs, Amazon EC2 Detailed Metrics, and AWS Lambda Traces. This enhanced visibility enables central DevOps teams, system administrators, and service teams to identify potential gaps in their infrastructure monitoring setup. The telemetry configuration auditing experience seamlessly integrates with AWS Config to discover AWS resources, and can be turned on for the entire organization using the new AWS Organizations integration with Amazon CloudWatch. With visibility into telemetry configurations, you can identify monitoring gaps that might have been missed in your current setup. For example, this helps you identify gaps in your EC2 detailed metrics so that you can address them and easily detect short-lived performance spikes and build responsive auto-scaling policies. You can audit telemetry configuration coverage at both resource type and individual resource levels, refining the view by filtering across specific accounts, resource types, or resource tags to focus on critical resources. The telemetry configurations auditing experience is available in US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm) regions. There is no additional cost to turn on the new experience, including for AWS Config. You can get started with auditing your telemetry configurations using the Amazon CloudWatch Console, by clicking on Telemetry config in the navigation panel, or programmatically using the API/CLI. To learn more, visit our documentation.

AWS Config now supports 13 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::AppIntegrations::Application AWS::EC2::EIPAssociation AWS::EC2::InstanceConnectEndpoint AWS::EC2::SnapshotBlockPublicAccess AWS::EC2::VPCEndpointConnectionNotification AWS::ElastiCache::UserGroup AWS::InspectorV2:Activation AWS::Macie::Session AWS::Route53Profiles::Profile AWS::OpenSearchServerless::Collection AWS::S3::StorageLensGroup AWS::SecurityHub::Standard AWS::SageMaker::InferenceExperiment To view the complete list of AWS Config supported resource types, see https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the supported resource types page.

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

Amazon CloudWatch now offers centralized visibility into critical AWS service telemetry configurations, such as Amazon VPC Flow Logs, Amazon EC2 Detailed Metrics, and AWS Lambda Traces. This enhanced visibility enables central DevOps teams, system administrators, and service teams to identify potential gaps in their infrastructure monitoring setup. The telemetry configuration auditing experience seamlessly integrates with AWS Config to discover AWS resources, and can be turned on for the entire organization using the new AWS Organizations integration with Amazon CloudWatch. With visibility into telemetry configurations, you can identify monitoring gaps that might have been missed in your current setup. For example, this helps you identify gaps in your EC2 detailed metrics so that you can address them and easily detect short-lived performance spikes and build responsive auto-scaling policies. You can audit telemetry configuration coverage at both resource type and individual resource levels, refining the view by filtering across specific accounts, resource types, or resource tags to focus on critical resources. The telemetry configurations auditing experience is available in US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Ireland), and Europe (Stockholm) regions. There is no additional cost to turn on the new experience, including for AWS Config. You can get started with auditing your telemetry configurations using the https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#, by clicking on Telemetry config in the navigation panel, or programmatically using the API/CLI. To learn more, https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/telemetry-config-cloudwatch.html.

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available across the AWS Config feature set, including Config rules, Config aggregators, and Config advanced queries. You can now use AWS Config to monitor the following newly supported resource types in all https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ where the supported services are available: AWS::Cognito::IdentityPool AWS::MediaConnect::Gateway AWS::OpenSearchServerless::VpcEndpoint To view the complete list of AWS Config supported resource types, see https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state of your AWS resources. Aggregators enable centralized visibility and analysis by aggregating configuration and compliance data from multiple accounts and regions, or across an AWS Organization. Advanced queries provide a single query endpoint and a query language to get current resource configuration and compliance state without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. Advanced queries can be used from AWS console and AWS CLI. To learn more about aggregators, please refer to our documentation. With this expansion, AWS Config advanced queries and aggregators are now available in all supported regions.

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available across the AWS Config feature set, including Config rules, Config aggregators, and Config advanced queries. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported services are available: AWS::Cognito::IdentityPool AWS::MediaConnect::Gateway AWS::OpenSearchServerless::VpcEndpoint To view the complete list of AWS Config supported resource types, see supported resource types page.

こんにちはAWS事業本部のおつまみですAWSreInventが始まってますねAWSConfigでアップデート情報があったのでお届けします行まとめAWSConfigのルール設定時に記