AWS Config Rules supported by AWS Audit Manager - AWS Audit Manager

AWS Config Rules supported by AWS Audit Manager

You can use AWS Audit Manager to capture AWS Config evaluations as evidence for audits. When you create or edit a custom control, you can specify one or more AWS Config rules as a data source for evidence collection. AWS Config performs compliance checks based on these rules, and Audit Manager reports the results as compliance check evidence.

In addition to managed rules, you can also map your custom rules to a control data source.

Using AWS Config managed rules with AWS Audit Manager

263 AWS Config managed rules are currently supported by Audit Manager. You can use any of the following managed rule keywords when you set up a data source for a custom control. For more information about any of the managed rules listed below, choose an item from the list or see AWS Config Managed Rules in the AWS Config User Guide.

Supported AWS Config managed rule keywords

Using AWS Config custom rules with AWS Audit Manager

You can now use AWS Config custom rules as a data source for audit reporting. When a control has a data source that's mapped to an AWS Config rule, Audit Manager adds the evaluation that was created by the AWS Config rule.

The custom rules that you can use depend on the AWS account that you sign in to Audit Manager with. If you can access a custom rule in AWS Config, you can use it as a data source in Audit Manager.

  • For individual AWS accounts – You can use any of the custom rules that you created with your account.

  • For accounts that are part of an organization – Either, you can use any of your member-level custom rules. Or, you can use any of the organization-level custom rules that are available to you in AWS Config.

For instructions on how to create a control that uses custom rules as a data source, see Creating a new control from scratch and Customizing an existing control.

After you map your custom rules as a data source for a control, you can associate that control with a custom framework in Audit Manager. For instructions on how to create a custom framework that uses your custom control, see Creating a new framework from scratch and Customizing an existing framework. For instructions on how to add your control to an existing custom framework, see Editing an existing framework.

For information about creating a custom rule in AWS Config, see Developing a custom rule for AWS Config in the AWS Config Developer Guide.

Troubleshooting AWS Config integration with AWS Audit Manager

To find answers to common questions and issues, see AWS Config integration in the Troubleshooting section of this guide.