AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html templates or craft a custom YAML file from scratch based on a https://docs.aws.amazon.com/config/latest/developerguide/custom-conformance-pack.html. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config https://aws.amazon.com/config/pricing/ for more details. To learn more about AWS Config conformance packs, see our https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html.

AWS Config conformance packs and organization-level management capabilities for conformance packs are now available in additional AWS Regions. Conformance packs allow you to bundle AWS Config rules into a single package, simplifying deployment at scale. You can deploy and manage these conformance packs throughout your AWS environment. Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational, or cost-optimization governance checks using managed or custom AWS Config rules. This allows you to monitor compliance scores based on your own groupings. With this launch, you can also manage the AWS Config conformance packs and individual AWS Config rules at the organization level which simplifies the compliance management across your AWS Organization. With this expansion, AWS Config Conformance Packs are now also available in the following AWS Regions: Asia Pacific (Malaysia), Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Taipei) and Mexico (Central). To get started, you can either use the provided sample conformance pack templates or craft a custom YAML file from scratch based on a custom conformance pack. Conformance pack deployment can be done through the AWS Config console, AWS CLI, or via AWS CloudFormation. You will be charged per conformance pack evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config conformance packs, see our documentation.

AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the https://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html. For description of each rule and the AWS Regions in which it is available, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html. To start using Config rules, please refer our https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_add-rules.html. New Rules Launched: AMPLIFY_APP_NO_ENVIRONMENT_VARIABLES AMPLIFY_BRANCH_DESCRIPTION APIGATEWAY_STAGE_DESCRIPTION APIGATEWAYV2_STAGE_DESCRIPTION API_GWV2_STAGE_DEFAULT_ROUTE_DETAILED_METRICS_ENABLED APIGATEWAY_STAGE_ACCESS_LOGS_ENABLED APPCONFIG_DEPLOYMENT_STRATEGY_MINIMUM_FINAL_BAKE_TIME APPCONFIG_DEPLOYMENT_STRATEGY_TAGGED APPFLOW_FLOW_TRIGGER_TYPE_CHECK APPMESH_VIRTUAL_NODE_CLOUD_MAP_IP_PREF_CHECK APPMESH_VIRTUAL_NODE_DNS_IP_PREF_CHECK APPRUNNER_SERVICE_IP_ADDRESS_TYPE_CHECK APPRUNNER_SERVICE_MAX_UNHEALTHY_THRESHOLD APS_RULE_GROUPS_NAMESPACE_TAGGED AUDITMANAGER_ASSESSMENT_TAGGED BATCH_MANAGED_COMPUTE_ENV_ALLOCATION_STRATEGY_CHECK BATCH_MANAGED_SPOT_COMPUTE_ENVIRONMENT_MAX_BID COGNITO_IDENTITY_POOL_UNAUTHENTICATED_LOGINS COGNITO_USER_POOL_PASSWORD_POLICY_CHECK CUSTOMERPROFILES_DOMAIN_TAGGED DEVICEFARM_PROJECT_TAGGED DEVICEFARM_TEST_GRID_PROJECT_TAGGED DMS_REPLICATION_INSTANCE_MULTI_AZ_ENABLED EC2_LAUNCH_TEMPLATES_EBS_VOLUME_ENCRYPTED EC2_NETWORK_INSIGHTS_ANALYSIS_TAGGED EKS_FARGATE_PROFILE_TAGGED GLUE_ML_TRANSFORM_TAGGED IOT_SCHEDULED_AUDIT_TAGGED IOT_PROVISIONING_TEMPLATE_DESCRIPTION IOT_PROVISIONING_TEMPLATE_JITP IOT_PROVISIONING_TEMPLATE_TAGGED KINESIS_VIDEO_STREAM_MINIMUM_DATA_RETENTION LAMBDA_FUNCTION_DESCRIPTION LIGHTSAIL_BUCKET_ALLOW_PUBLIC_OVERRIDES_DISABLED RDS_MYSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK RDS_PGSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_TAGGED ROUTE53_RESOLVER_RESOLVER_RULE_TAGGED RUM_APP_MONITOR_TAGGED RUM_APP_MONITOR_CLOUDWATCH_LOGS_ENABLED

AWS Config announces launch of an additional 42 managed Config rules for various use cases such as security, cost, durability, and operations. You can now search, discover, enable and manage these additional rules directly from AWS Config and govern more use cases for your AWS environment. With this launch, you can now enable these controls across your account or across your organization. For example, you can evaluate your tagging strategies across Amazon EKS Fargate profiles, Amazon EC2 Network Insight Analyses, AWS Glue Machine learning transforms. Or you can assess your security posture across Amazon Cognito Identity pools, Amazon Lightsail buckets, AWS Amplify apps and more. Additionally, you can leverage Conformance Packs to group these new controls and deploy across an account or across organization, streamlining your multi-account governance. For the full list of recently released rules, visit the AWS Config developer guide. For description of each rule and the AWS Regions in which it is available, please refer our Config managed rules documentation. To start using Config rules, please refer our documentation. New Rules Launched: AMPLIFY_APP_NO_ENVIRONMENT_VARIABLES AMPLIFY_BRANCH_DESCRIPTION APIGATEWAY_STAGE_DESCRIPTION APIGATEWAYV2_STAGE_DESCRIPTION API_GWV2_STAGE_DEFAULT_ROUTE_DETAILED_METRICS_ENABLED APIGATEWAY_STAGE_ACCESS_LOGS_ENABLED APPCONFIG_DEPLOYMENT_STRATEGY_MINIMUM_FINAL_BAKE_TIME APPCONFIG_DEPLOYMENT_STRATEGY_TAGGED APPFLOW_FLOW_TRIGGER_TYPE_CHECK APPMESH_VIRTUAL_NODE_CLOUD_MAP_IP_PREF_CHECK APPMESH_VIRTUAL_NODE_DNS_IP_PREF_CHECK APPRUNNER_SERVICE_IP_ADDRESS_TYPE_CHECK APPRUNNER_SERVICE_MAX_UNHEALTHY_THRESHOLD APS_RULE_GROUPS_NAMESPACE_TAGGED AUDITMANAGER_ASSESSMENT_TAGGED BATCH_MANAGED_COMPUTE_ENV_ALLOCATION_STRATEGY_CHECK BATCH_MANAGED_SPOT_COMPUTE_ENVIRONMENT_MAX_BID COGNITO_IDENTITY_POOL_UNAUTHENTICATED_LOGINS COGNITO_USER_POOL_PASSWORD_POLICY_CHECK CUSTOMERPROFILES_DOMAIN_TAGGED DEVICEFARM_PROJECT_TAGGED DEVICEFARM_TEST_GRID_PROJECT_TAGGED DMS_REPLICATION_INSTANCE_MULTI_AZ_ENABLED EC2_LAUNCH_TEMPLATES_EBS_VOLUME_ENCRYPTED EC2_NETWORK_INSIGHTS_ANALYSIS_TAGGED EKS_FARGATE_PROFILE_TAGGED GLUE_ML_TRANSFORM_TAGGED IOT_SCHEDULED_AUDIT_TAGGED IOT_PROVISIONING_TEMPLATE_DESCRIPTION IOT_PROVISIONING_TEMPLATE_JITP IOT_PROVISIONING_TEMPLATE_TAGGED KINESIS_VIDEO_STREAM_MINIMUM_DATA_RETENTION LAMBDA_FUNCTION_DESCRIPTION LIGHTSAIL_BUCKET_ALLOW_PUBLIC_OVERRIDES_DISABLED RDS_MYSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK RDS_PGSQL_CLUSTER_COPY_TAGS_TO_SNAPSHOT_CHECK ROUTE53_RESOLVER_FIREWALL_DOMAIN_LIST_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_ASSOCIATION_TAGGED ROUTE53_RESOLVER_FIREWALL_RULE_GROUP_TAGGED ROUTE53_RESOLVER_RESOLVER_RULE_TAGGED RUM_APP_MONITOR_TAGGED RUM_APP_MONITOR_CLOUDWATCH_LOGS_ENABLED

AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

AWS Config now supports 52 additional AWS resource types across key services including Amazon EC2, Amazon Bedrock, and Amazon SageMaker. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types   AWS::ApiGateway::DomainName AWS::IAM::GroupPolicy AWS::ApiGateway::Method AWS::IAM::RolePolicy AWS::ApiGateway::UsagePlan AWS::IAM::UserPolicy AWS::AppConfig::Extension AWS::IoTCoreDeviceAdvisor::SuiteDefinition AWS::Bedrock::ApplicationInferenceProfile AWS::MediaPackageV2::Channel AWS::Bedrock::Prompt AWS::MediaPackageV2::ChannelGroup AWS::BedrockAgentCore::BrowserCustom AWS::MediaTailor::LiveSource AWS::BedrockAgentCore::CodeInterpreterCustom         AWS::MSK::ServerlessCluster AWS::BedrockAgentCore::Runtime AWS::PaymentCryptography::Alias AWS::CloudFormation::LambdaHook AWS::PaymentCryptography::Key AWS::CloudFormation::StackSet AWS::RolesAnywhere::CRL AWS::Comprehend::Flywheel AWS::RolesAnywhere::Profile AWS::Config::AggregationAuthorization AWS::S3::AccessGrant AWS::DataSync::Agent AWS::S3::AccessGrantsInstance AWS::Deadline::Fleet AWS::S3::AccessGrantsLocation AWS::Deadline::QueueFleetAssociation AWS::SageMaker::DataQualityJobDefinition AWS::EC2::IPAMPoolCidr AWS::SageMaker::MlflowTrackingServer AWS::EC2::SubnetNetworkAclAssociation AWS::SageMaker::ModelBiasJobDefinition AWS::EC2::VPCGatewayAttachment AWS::SageMaker::ModelExplainabilityJobDefinition AWS::ECR::RepositoryCreationTemplate AWS::SageMaker::ModelQualityJobDefinition AWS::ElasticLoadBalancingV2::TargetGroup AWS::SageMaker::MonitoringSchedule AWS::EMR::Studio AWS::SageMaker::StudioLifecycleConfig AWS::EMRContainers::VirtualCluster AWS::SecretsManager::RotationSchedule AWS::EMRServerless::Application AWS::SES::DedicatedIpPool AWS::EntityResolution::MatchingWorkflow AWS::SES::MailManagerTrafficPolicy AWS::Glue::Registry AWS::SSM::ResourceDataSync To view the complete list of AWS Config supported resource types, see the supported resource types page.

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

AWS Config now supports 3 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::ApiGatewayV2::Integration AWS::CloudTrail::EventDataStore AWS::Config::StoredQuery

AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state of your AWS resources. Aggregators enable centralized visibility and analysis by aggregating configuration and compliance data from multiple accounts and regions, or across an AWS Organization. Advanced queries provide a single query endpoint and a query language to get current resource configuration and compliance state without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. Advanced queries can be used from https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-console.html and https://docs.aws.amazon.com/config/latest/developerguide/query-using-sql-editor-cli.html. To learn more about aggregators, please refer to our https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html. With this expansion, AWS Config advanced queries and aggregators are now available in https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html#aggregation-regions.

AWS Config advanced queries and aggregators are now available in Asia Pacific (New Zealand) region. You can use advanced queries to query the current configuration and compliance state of your AWS resources. Aggregators enable centralized visibility and analysis by aggregating configuration and compliance data from multiple accounts and regions, or across an AWS Organization. Advanced queries provide a single query endpoint and a query language to get current resource configuration and compliance state without performing service-specific describe API calls. You can use configuration aggregators to run the same queries from a central account across multiple accounts and AWS Regions. Advanced queries can be used from AWS console and AWS CLI. To learn more about aggregators, please refer to our documentation. With this expansion, AWS Config advanced queries and aggregators are now available in all supported regions.

AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies. With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance. This feature is now available across all supported https://docs.aws.amazon.com/config/latest/developerguide/config-region-support.html#config-region-support-list at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our https://docs.aws.amazon.com/config/latest/developerguide/managing-recorder_console-start.html.

AWS Config now tracks resource tags for IAM policy resource types, enhancing the granularity of metadata you can capture to assess, audit, and evaluate configurations of your IAM policies. With this enhancement, you can now track resource tags and their changes for IAM Policies directly in your Config recorder. This capability allows you to scope both Config-managed and custom rule evaluations based on resource tags, ensuring your IAM policies maintain desired configurations. Additionally, you can leverage Config aggregators to selectively aggregate IAM policies across multiple accounts using tags, streamlining your multi-account governance. This feature is now available across all supported AWS Regions at no additional cost. Resource tags are automatically populated in Config when you record IAM policy resource types. For recording IAM policy resource type in your Config recorder, please refer our documentation.

AWS Config now supports 5 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available. Resource Types: AWS::CodeArtifact::Domain AWS::Config::ConformancePack AWS::Glue::Database AWS::NetworkManager::TransitGatewayPeering AWS::RolesAnywhere::TrustAnchor

AWS Config now supports 5 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available. Resource Types: AWS::CodeArtifact::Domain AWS::Config::ConformancePack AWS::Glue::Database AWS::NetworkManager::TransitGatewayPeering AWS::RolesAnywhere::TrustAnchor

Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks. Control Catalog has classifications including Domain (such as "Data Protection"), Objective (such as "Data Encryption"), and common control (such as "Encrypt data at rest") to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule. If you're using AWS Config, you'll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture. AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available. To learn more about AWS Config rules and compliance frameworks, visit the AWS Config documentation.

Today, AWS Config rules adds classification information from AWS Control Tower Control Catalog to make it easier for you to identify how Config rules map to different compliance frameworks such as CIS-v8.0, FedRAMP-r4, and NIST-CSF-v1.1. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. Control Catalog is a feature of AWS Control Tower that enables you to search AWS managed controls and their associated compliance frameworks. Control Catalog has classifications including Domain (such as "Data Protection"), Objective (such as "Data Encryption"), and common control (such as "Encrypt data at rest") to help you better understand the purpose of a control. Today’s launch maps AWS Config rules to the specific compliance frameworks available in AWS Control Tower Control Catalog (CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023), adding classification information (Domain, Objective, common control) to each AWS Config rule. If you're using AWS Config, you'll now see the same classification information in the AWS Config Console and in the AWS Control Tower Control Catalog, ensuring a unified experience across your AWS environment. This alignment between AWS Control Tower and AWS Config allows for seamless integration and more efficient management of your compliance and security posture. AWS Config rules with classifications from AWS Control Tower Control Catalog are available in all AWS Commercial regions where AWS Config and AWS Control Tower are available. To learn more about AWS Config rules and compliance frameworks, visit the AWS Config https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html.

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023. To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We've also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., "Data Protection"), an objective (e.g., "Data Encryption"), and a common control (e.g., "Encrypt data at rest"). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you're using AWS Config, now you'll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment. You can use Control Catalog with new mappings in all https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit https://docs.aws.amazon.com/controltower/latest/controlreference/config-controls.html.

Today, AWS announces that AWS Control Tower supports seven new compliance frameworks in Control Catalog. Control Catalog is the central place in AWS for searching and enabling managed controls.In addition to existing frameworks, controls are now mapped to CIS-v8.0, FedRAMP-r4, ISO-IEC-27001:2013-Annex-A, NIST-CSF-v1.1, NIST-SP-800-171-r2, PCI-DSS-v4.0, SSAE-18-SOC-2-Oct-2023. To get started, navigate to the Control Catalog in AWS Control Tower and search for a framework like PCI-DSS-v4.0 to view related controls. This feature helps you meet your compliance requirements faster and with higher confidence. For programmatic access, utilize the new ListControlMappings API to search controls by frameworks, and take advantage of the updated ListControls and GetControl APIs, which now support GovernedResources, to understand the resource types governed by each control. We've also introduced a new classification system to help you better comprehend and manage controls. In addition to the new frameworks, controls in Control Catalog are now mapped to a domain (e.g., "Data Protection"), an objective (e.g., "Data Encryption"), and a common control (e.g., "Encrypt data at rest"). This clearer structure simplifies the process of understanding, searching, and deploying the controls you need. If you're using AWS Config, now you'll see the same comprehensive mapping of Config rules to compliance frameworks, domains, objectives, and common controls that you find in AWS Control Tower, ensuring a unified experience across your AWS environment. You can use Control Catalog with new mappings in all AWS Regions where AWS Control Tower is available, including AWS GovCloud (US). To learn more, visit AWS Control Tower User Guide.

Additional AWS Config rules are now available in 17 AWS Regions. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. When a resource violates a rule, an AWS Config rule evaluates it as non-compliant and can send you a notification through Amazon EventBridge. AWS Config provides managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices. With this expansion, AWS Config managed rules in the following AWS Regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Kuala Lumpur), Asia Pacific (Melbourne), Asia Pacific (Osaka), Canada (Calgary), Europe (Milan), Europe (Paris), Europe (Stockholm), Europe (Zaragoza), Europe (Zurich), Middle East (Bahrain), Middle East (Tel Aviv), Middle East (UAE), South America (São Paulo). You will be charged per rule evaluation in your AWS account per AWS Region. Visit the AWS Config https://aws.amazon.com/config/pricing/ for more details. To learn more about AWS Config rules, visit our https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html.

Additional AWS Config rules are now available in 17 AWS Regions. AWS Config rules help you automatically evaluate your AWS resource configurations for desired settings, enabling you to assess, audit, and evaluate configurations of your AWS resources. When a resource violates a rule, an AWS Config rule evaluates it as non-compliant and can send you a notification through Amazon EventBridge. AWS Config provides managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices. With this expansion, AWS Config managed rules in the following AWS Regions: Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Hyderabad), Asia Pacific (Jakarta), Asia Pacific (Kuala Lumpur), Asia Pacific (Melbourne), Asia Pacific (Osaka), Canada (Calgary), Europe (Milan), Europe (Paris), Europe (Stockholm), Europe (Zaragoza), Europe (Zurich), Middle East (Bahrain), Middle East (Tel Aviv), Middle East (UAE), South America (São Paulo). You will be charged per rule evaluation in your AWS account per AWS Region. Visit the AWS Config pricing page for more details. To learn more about AWS Config rules, visit our documentation.

AWS Config now supports 13 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html where the supported resources are available: Resource Types: AWS::AppIntegrations::Application AWS::EC2::EIPAssociation AWS::EC2::InstanceConnectEndpoint AWS::EC2::SnapshotBlockPublicAccess AWS::EC2::VPCEndpointConnectionNotification AWS::ElastiCache::UserGroup AWS::InspectorV2:Activation AWS::Macie::Session AWS::Route53Profiles::Profile AWS::OpenSearchServerless::Collection AWS::S3::StorageLensGroup AWS::SecurityHub::Standard AWS::SageMaker::InferenceExperiment To view the complete list of AWS Config supported resource types, see https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html page.

AWS Config now supports 13 additional AWS resource types. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources. With this launch, if you have enabled recording for all resource types, then AWS Config will automatically track these new additions. The newly supported resource types are also available in Config rules and Config aggregators. You can now use AWS Config to monitor the following newly supported resource types in all AWS Regions where the supported resources are available: Resource Types: AWS::AppIntegrations::Application AWS::EC2::EIPAssociation AWS::EC2::InstanceConnectEndpoint AWS::EC2::SnapshotBlockPublicAccess AWS::EC2::VPCEndpointConnectionNotification AWS::ElastiCache::UserGroup AWS::InspectorV2:Activation AWS::Macie::Session AWS::Route53Profiles::Profile AWS::OpenSearchServerless::Collection AWS::S3::StorageLensGroup AWS::SecurityHub::Standard AWS::SageMaker::InferenceExperiment To view the complete list of AWS Config supported resource types, see supported resource types page.

Last week, we had the AWS Summit Amsterdam, one of the global Amazon Web Services (AWS) events that offers you the opportunity to learn from technical and industry leaders, and meet AWS experts and like-minded professionals. In particular, most AWS Summits have Developer and Community Lounges in their exhibition halls. A photo taken by Thembile […]

We are well settled into 2025 by now, but many people are still catching up with all the exciting new releases and announcements that came out of re:Invent last year. There have been hundreds of re:Invent recap events around the world since the beginning of the year, including in-person all-day official AWS events with multiple […]