AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. In this hands-on lab, we will leverage AWS Config to monitor resources deployed from our AWS CodePipeline to ensure they meet our company’s compliance standards. If AWS Config finds any violations, it will notify us by email through Amazon Simple Notification Service.
Successfully complete this lab by achieving the following learning objectives:
- Create an AWS Config Rule
- Navigate to AWS Config.
- Create an AWS Config rule.
- Select the s3-bucket-server-side-encryption-enable rule.
- Create an AWS Simple Notification Service Subscription
- Navigate to Simple Notification Service.
- Create a subscription to existing topic.
- Confirm subscription.
- Create an AWS IAM Role
- Navigate to Identity and Access Management.
- Create an IAM role.
- Select AWS CloudFormation.
- Choose permissions.
- Name role.
- Create an AWS CodeCommit Repository
- Navigate to CodeCommit.
- Create an AWS CodeCommit repository.
- In a terminal session, run the command
git clone https://github.com/linuxacademy/content-aws-continous-complianceto clone the repo to your local workstation or laptop.
s3.jsonto AWS CodeCommit repository and commit changes.
- Create an AWS CodePipeline
- Navigate to CodePipeline.
- Create a pipeline.
- Name the pipeline.
- Select the AWS CodeCommit repository you previously created.
- Skip Build.
- Select AWS CloudFormation for deployment type.
- Create or update stack.
- Name the stack.
- Enter the service role name you previously created.