You are currently viewing How To Create Conformance Pack In AWS Config

How To Create Conformance Pack In AWS Config

How To Create Conformance Pack In AWS Config

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we discussed how to auto-remediate AWS config rules.

You can deploy a collection of config rule together using Conformance Pack. To deploy a conformance pack, first you need to define the rules that you want to include in your conformance pack and their respective remediation configuration in the form of YAML. You can use AWS provided sample conformation pack template or create your own custom conformation pack. In this blog post, we will create a conformation pack for S3 and best practices.

How To Create Conformance Pack In AWS Config:


  • AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.

Step 1: Create a S3 bucket to store configuration snapshots created by AWS config.

This bucket will serve dual purpose in this demo, to store the config configuration item snapshots and also the confirmation pack that we will create will be evaluated against this bucket.

Step 2: Create IAM role with proper policy for AWS config service.

Step 3: Enable AWS config service.

Warning: Additional cost is associated with AWS Config service.

Step 4: Create config delivery channel for AWS config

Step 5: Start AWS config recordings.

Step 6: Create and deploy conformance pack in AWS config.

Step 7: Get details on AWS config and conformance pack.

How To Create Conformance Pack In AWS Config

We have successfully deployed conformation pack in AWS config. Next, we will delete all the resources deployed in this demo.

Step 8: Clean up

Hope you have enjoyed this article. To know more about AWS Config, please refer below official documentation

AWS provided conformation pack

Leave a Reply