A SysOps Administrator has been tasked with verifying that new and existing buckets are properly configured with server-side encryption to meet company compliance standards. Any misconfigured buckets should be identified and automatically remediated. The SysOps Admin wants to leverage AWS Config to accomplish this task.
Successfully complete this lab by achieving the following learning objectives:
- Create an S3 Bucket without Server-Side Encryption Enabled
Select Create bucket within Amazon S3 Services.
Enter a unique name under Bucket name.
Ensure Disable is selected for Server-side encryption.
- Create an AWS Config Rule
After configuring AWS Config, create an AWS Config Rule named
bucketencryptionusing the AWS Managed Rule named
- Configure Automatic Remediation
Configure automatic remediation using the
For Parameters, configure BucketName to the name of your bucket. Configure AutomationAssumeRole to the Amazon Resource Name (ARN) of the IAM Role