The rules are divide into 3 group
- restricted-ssh
- Checks whether security groups in use do not allow restricted incoming SSH traffic.
- restricted-common-ports
- Checks whether security groups in use do not allow restricted incoming TCP traffic to the specified ports.
- ec2-volume-inuse-check
- Checks whether EBS volumes are attached to EC2 instances
- instances-in-vpc
- Ensure all EC2 instances run in a VPC
- eip-attached
- Checks whether all Elastic IP addresses that are allocated to a VPC are attached to EC2 instances or in-use elastic network interfaces (ENIs).
- cloudtrail-enabled
- Ensure CloudTrail is enabled
- require-tags
- Checks whether your resources have the tags that you specify. For example, you can check whether your EC2 instances have the 'CostCenter' tag. Separate multiple values with commas.
- iam-user-no-policies-check
- Ensure that none of your IAM users have policies attached. IAM users must inherit permissions from IAM groups or roles.
- iam-password-policy
- Ensure the account password policy for IAM users meets the specified requirements
- acm-certificate-expiration-check
- Ensures ACM Certificates in your account are marked for expiration within the specified number of days
- root-account-mfa-enabled
- Ensure root AWS account has MFA enabled
- Install AWS CLI
- Install Terraform
// AWS INFO (Insert your AWS INFO)
profile = "" -> insert the aws profile name
assume_role = "" -> insert the assume role' arn
region = "" -> insert the region
config_logs_bucket = "" -> insert the bucket name you want
// restricted_common_ports (Classified the port number, example as below)
blockedPort1 = "20"
blockedPort2 = "21"
blockedPort3 = "3389"
blockedPort4 = "3306"
blockedPort5 = "4433"
// require-tags (Classified the key for your resource,example as below)
tag1Key = "Project-Name"
tag2Key = "Server-Name"
tag3Key = "Owner"terraform init
terraform plan
terraform apply
Further rules for reference
- AWS Managed Config Rules
- AWS Config Rule Repository