This is a PoC for AWS Config remediation on one targeted account and region using predefined remediation runbook owned by AWS.
Ideally we would enable Config service as a part of AWS Orgnisation services to ensure config is enabled on all member accounts and regions.
In this poc we demonstrate deployment of managed AWS Config Rule and its predefined remediation action.
- S3_BUCKET_SERVER_SIDE_ENCRYPTION_ENABLED
- S3_BUCKET_VERSIONING_ENABLED
- AWS-EnableS3BucketEncryption
- AWS-ConfigureS3BucketVersioning
- Ensure AWS profile has necessary permissions on the target account
from the cli run:
export AWS_PROFILE=profilename
export AWS_REGION=eu-central-1
- Run Terraform
terraform init
terraform apply