Editing AWS Configuration Auditing Rules

Threat Stack is pleased to offer an easy-to-use WYSIWYG interface for editing AWS Configuration Auditing rules. This document provides an overview on how to modify existing Configuration Auditing rules as well as create brand new ones.


Rules are structured to match the syntax of the AWS API. The first row represents the AWS Service being evaluated. The second row represents the AWS Resource Type being evaluated. Beneath that is a series of properties and operators that match the structure of the AWS API.


Editing an Existing Rule

Navigate to the Rulesets Page, expand the Ruleset called Configuration Auditing Policies, and navigate to the rule you would like to edit. On the right-hand side you will find all editable details on the rule, including Rule Name, Rule Description, the Rule itself (Policy Definition) and any Suppressions that may have been added.

Supported Resource Types

Service Resource Type Documentation Link
EC2 Security Groups Summary This is a Threat Stack resource type. It returns a count of the number of Security Groups in an AWS account.
EC2 Default Security Group Click here
EC2 Security Group Click here 
EC2 Volume Click here
RDS DB Instance Click here
RDS DB Security Groups Click here
RDS DB EC2 Security Groups Click here
CloudTrail CloudTrail Bucket Policy Click here
CloudTrail CloudTrail Bucket ACL Click here
CloudTrail CloudTrail Bucket Logging Click here
CloudTrail Trail Click here
S3 Bucket Policy Click here
S3 Bucket ACL Click here
IAM Password Policy Click here
IAM User Click here
IAM User (Credential Report) Click here
IAM Account Summary Click here

Clone an Existing Rule


Create New Rule from Scratch

Have more questions? Submit a request


Article is closed for comments.