Threat Stack is pleased to offer an easy-to-use WYSIWYG interface for editing AWS Configuration Auditing rules. This document provides an overview on how to modify existing Configuration Auditing rules as well as create brand new ones.
Rules are structured to match the syntax of the AWS API. The first row represents the AWS Service being evaluated. The second row represents the AWS Resource Type being evaluated. Beneath that is a series of properties and operators that match the structure of the AWS API.
Editing an Existing Rule
Navigate to the Rulesets Page, expand the Ruleset called Configuration Auditing Policies, and navigate to the rule you would like to edit. On the right-hand side you will find all editable details on the rule, including Rule Name, Rule Description, the Rule itself (Policy Definition) and any Suppressions that may have been added.
Supported Resource Types
|Service||Resource Type||Documentation Link|
|EC2||Security Groups Summary||This is a Threat Stack resource type. It returns a count of the number of Security Groups in an AWS account.|
|EC2||Default Security Group||Click here|
|EC2||Security Group||Click here|
|RDS||DB Instance||Click here|
|RDS||DB Security Groups||Click here|
|RDS||DB EC2 Security Groups||Click here|
|CloudTrail||CloudTrail Bucket Policy||Click here|
|CloudTrail||CloudTrail Bucket ACL||Click here|
|CloudTrail||CloudTrail Bucket Logging||Click here|
|S3||Bucket Policy||Click here|
|S3||Bucket ACL||Click here|
|IAM||Password Policy||Click here|
|IAM||User (Credential Report)||Click here|
|IAM||Account Summary||Click here|
Clone an Existing Rule
Create New Rule from Scratch