implementing-aws-config-rules-for-compliance
Installation
SKILL.md
Implementing AWS Config Rules for Compliance
When to Use
- When establishing continuous compliance monitoring for AWS resources against regulatory standards
- When implementing automated detection and remediation of configuration drift
- When building a compliance dashboard across multiple AWS accounts using AWS Organizations
- When audit teams require evidence of continuous compliance rather than point-in-time assessments
- When deploying guardrails that detect non-compliant resources within minutes of creation
Do not use for real-time threat detection (use GuardDuty), for application vulnerability scanning (use Inspector), or for one-time compliance assessments (use Prowler for faster ad-hoc audits).
Prerequisites
- AWS Config recording enabled in all target accounts and regions
- IAM role with
config:*,ssm:*, andlambda:*permissions for rule management - AWS Organizations with delegated administrator for Config aggregation
- S3 bucket for Config delivery channel and SNS topic for notifications
- CloudFormation StackSets or Terraform for multi-account rule deployment