AWS Config resources required for PCI DSS controls

The PCI DSS controls perform checks against the following resources. For AWS Security Hub to accurately report findings for all of the controls, you must enable recording for these resources in AWS Config.

AWS account
AWS::AutoScaling::AutoScalingGroup
AWS::CloudTrail::Trail
AWS::CodeBuild::Project
AWS::DMS::ReplicationInstance
AWS::EC2::EIP
AWS::EC2::Instance
AWS::EC2::SecurityGroup
AWS::EC2::Volume
AWS::EC2::VPC
AWS::ElasticLoadBalancingV2::LoadBalancer
AWS::Elasticsearch::Domain
AWS::IAM::Policy
AWS::IAM::User
AWS::KMS::Key
AWS::Lambda::Function
AWS::RDS::DBInstance
AWS::RDS::DBSnapshot
AWS::Redshift::Cluster
AWS::S3::Bucket
AWS::SageMaker::NotebookInstance
AWS::SSM::AssociationCompliance
AWS::SSM::PatchCompliance

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

PCI DSS

PCI DSS controls