Edit the AWS Configuration Auditing Rules

Follow

 

Overview

Configuration Auditing Policies is a special rule set associated with the Configuration Auditing feature.

Important

This policy cannot be assigned to any servers.

This rule set contains the policies that your AWS resources are checked against when you perform a Configuration Auditing assessment. You can edit certain aspects of policies and add suppressions for specific resources to make them more meaningful to your organization.

Threat Stack provides a guided interface for editing AWS Configuration Auditing rules.

This article shows you how to:

  • Edit an existing Configuration Auditing rule
  • Clone and modify an existing Configuration Auditing rule
  • Add a suppression to a Configuration Auditing rule

Config_Ruleset_Page.png

Configuration Auditing Rule Overview

Configuration Auditing rules are structured to match the syntax of the AWS API:

  1. The first row represents the AWS service being evaluated.
  2. The second row represents the AWS resource type being evaluated.
  3. The third row is a series of properties and operators that match the structure of the AWS API.

Policy_Definition.png

See the Supported Resource Types section at the end of this article for additional information and links to Amazon documentation.

Edit a Configuration Auditing Rule

You can edit a configuration audit rule by navigating to the Rules page.

  1. Click the expand / collapse icon for Configuration Auditing Policies.
  2. Select the rule to edit. The Rule Details dialog displays on the right side.


    Edit_Config_Rule_Details.png

  3. In the Details pane, you can edit the following fields:
    1. Rule Name
    2. Description

    Config_Details.png

  4. In the Policy Definition pane, you can change the following criteria:
    1. AWS service
    2. AWS resource type
    3. Properties and operators

    Policy_Definition_CloudTrail.png

  5. To save your changes, click the Update button in the Details and/or Policy Definition panes.

Note

In the left navigation pane, click Config Audit to edit or add suppressions. See the Add a Suppression to a Configuration Auditing Rule section below for additional information.

Clone and Modify a Configuration Auditing Rule

Clone a Rule

You can clone an existing configuration auditing rule by navigating to the Rules page.

  1. Click the expand / collapse icon for the Configuration Auditing Policies rule.


    Config_Ruleset_Page.png

  2. Click the + New Rule button.


    New_Rule.png

  3. The + Add Rule dialog displays.


    Add_Rule.png

  4. Select Clone Existing Rule and click the Next: Details button.


    Clone_Existing_Rules.png

  5. In the Select existing rules to clone field, search and select the rule to clone.


    Clone_Existing_Rule.png

  6. After making your selection, click the Clone 1 Rule button.
  7. The cloned rule displays in the Configuration Auditing Policies rule list.


    Cloned_Ruleset.png

Note

Multiple rules can be selected simultaneously to be cloned.

Modify a Cloned Rule

To modify a cloned rule, select it from the list of rules.

  1. The Rule Details dialog displays on the right side.


    Cloned_Rule_Details.png

  2. In the Details pane, you can edit the following fields:
    1. Rule Name
    2. Description

    Config_Details.png

  3. In the Policy Definition pane, you can change the following criteria:
    1. AWS service
    2. AWS resource type
    3. Properties and operators

    Policy_Definition_CloudTrail.png

  4. To save your changes, click the Update button in the Details and/or Policy Definition panes.


    Update_Rule_Details.png

Note

In the left navigation pane, click Config Audit to edit or add suppressions. See the Add a Suppression to a Configuration Auditing Rule section below for additional information.

Add a Suppression to a Configuration Auditing Rule

You can add a suppression to an existing configuration auditing rule by navigating to the Config Audit page.

  1. Click the AWS Service name to access the resource section.
  2. Select a rule from the available list. The Rule Overview pane displays.
  3. Click the Go to Resource Details button. The Resource Details page displays.


    Config_Audit_Resource_Details.png

  4. Click the Suppress icon for the violation you want to suppress.


    Suppress.png

  5. The Add New Configuration Auditing Policy Suppression page displays. Review the violation and select your Reason for suppressing.


    Suppression_Reason.png

  6. Click the Add New Suppression button.


    Add_New_Suppression.png

  7. The page closes and a confirmation message displays confirming your suppression.


    Suppression_Confirmation.png

Supported Resource Types

Service Resource Type Documentation Link
EC2 Security Groups Summary This is a Threat Stack resource type. It returns a count of the number of Security Groups in an AWS account.
EC2 Default Security Group Click here
EC2 Security Group Click here
EC2 Volume Click here
RDS DB Instance Click here
RDS DB Security Groups Click here
RDS DB EC2 Security Groups Click here
CloudTrail CloudTrail Bucket Policy Click here
CloudTrail CloudTrail Bucket ACL Click here
CloudTrail CloudTrail Bucket Logging Click here
CloudTrail Trail Click here
S3 Bucket Policy Click here
S3 Bucket ACL Click here
IAM Password Policy Click here
IAM User Click here
IAM User (Credential Report) Click here
IAM Account Summary Click here

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.