AWS Config
Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

List of AWS Config Managed Rules

AWS Config currently supports the following managed rules in the compute; management and governance; network and content delivery; security, identity, and compliance; and storage categories. This page also lists the rules that AWS Config does not currently support in the China (Beijing) and China (Ningxia) regions.




Management and Governance

Network and Content Delivery

Security, Identity & Compliance


*This rule uses automated reasoning tools (ART) to evaluate IAM permissions and resource policies for correctness.

Rules not Supported in China (Beijing) Region

AWS Config does not currently support the following rules in the Beijing region:

  • acm-certificate-expiration-check

  • cmk-backing-key-rotation-enabled

  • cloud-trail-encryption-enabled

  • cloud-trail-log-file-validation-enabled

  • cloudformation-stack-drift-detection-check

  • codebuild-project-envvar-awscred-check

  • codebuild-project-source-repo-url-check

  • codepipeline-deployment-count-check

  • codepipeline-region-fanout-check

  • elb-acm-certificate-required

  • encrypted-volumes

  • fms-webacl-resource-policy-check

  • fms-webacl-rulegroup-association-check

  • guardduty-enabled-centralized

  • lambda-function-public-access-prohibited

  • rds-storage-encrypted

  • root-account-hardware-mfa-enabled

  • root-account-mfa-enabled

  • s3-bucket-blacklisted-actions-prohibited

  • s3-bucket-policy-grantee-check

  • s3-bucket-policy-not-more-permissive

  • s3-bucket-public-read-prohibited

  • s3-bucket-public-write-prohibited

  • s3-bucket-server-side-encryption-enabled

  • s3-bucket-ssl-requests-only

Rules not Supported in China (Ningxia) Region

All the rules that are not available in the Beijing region are also not available in the Ningxia region. In addition to the above mentioned rules, AWS Config does not currently support the following rules in the Ningxia region:

  • lambda-function-settings-check

  • cloudformation-stack-notification-check

  • dynamodb-table-encryption-enable