Ensure that Amazon Config service is referencing an active S3 bucket in order to save configuration information (history files and snapshots) for auditing purposes.
This rule can help you with the following compliance standards:
- APRA
- MAS
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
excellence
Amazon Config tracks changes within the configuration of your AWS resources and it regularly sends updated configuration details to an S3 bucket that you specify. When AWS Config is not referencing an active S3 bucket, the service is unable to send the recorded information to the designated bucket, therefore you lose the ability to audit later the configuration changes made within your AWS account.
Audit
To determine if AWS Config service is missing the ability to save configuration information (history files and configuration snapshots) due to inactive S3 bucket, perform the following actions:
Remediation / Resolution
To update Amazon Config service configurations that reference missing S3 buckets, perform the following:
References
- AWS Documentation
- How Does AWS Config Work?
- Permissions for the Amazon S3 Bucket
- Managing the Delivery Channel
- AWS Command Line Interface (CLI) Documentation
- configservice
- describe-delivery-channels
- put-delivery-channel
- s3api
- head-bucket
- create-bucket
- put-bucket-policy
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
AWS Config Referencing Missing S3 Bucket
Risk level: High