Create an AWS Config Rule

2 hours
  • 3 Learning Objectives

About this Hands-on Lab

A SysOps Administrator has been tasked with verifying that new and existing buckets are properly configured with server-side encryption to meet company compliance standards. Any misconfigured buckets should be identified and automatically remediated. The SysOps Admin wants to leverage AWS Config to accomplish this task.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create an S3 Bucket without Server-Side Encryption Enabled

Select Create bucket within Amazon S3 Services.
Enter a unique name under Bucket name.
Ensure Disable is selected for Server-side encryption.

Create an AWS Config Rule

After configuring AWS Config, create an AWS Config Rule named bucketencryption using the AWS Managed Rule named s3-bucket-server-side-encryption-enabled.

Configure Automatic Remediation

Configure automatic remediation using the AWS-EnableS3BucketEncryption_ remediation action.

For Parameters, configure BucketName to the name of your bucket. Configure AutomationAssumeRole to the Amazon Resource Name (ARN) of the IAM Role LabRole.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?