Information
AWS Config provides you with a detailed inventory of your AWS resources and their current configuration, and continuously records configuration changes to these resources.
You can evaluate these configurations and changes for compliance with ideal configurations as defined by AWS Config Rules.
Evaluation of Elastic Block Storage volume configuration to ensure encryption at rest is enabled which have been tagged as App-Tier
Solution
Using the Amazon unified command line interface:
* Create locally a json file (similar with the below sample) with the configuration of the Config Rule, and save it as /tmp/ConfigRule.json:
{
"Description": "Checks whether App Tier EBS volumes that are in an attached state are encrypted.",
"ConfigRuleName": "encrypted-volumes-app-tier",
"Source": {
"Owner": "AWS",
"SourceIdentifier": "ENCRYPTED_VOLUMES"
},
"InputParameters": "{\"kmsId\":\"<_app_tier_kms_key>_\"}",
"Scope": {
"TagKey": "_<app_tier_tag_>",
"TagValue": "_<app_tier_tag_value>_"
}
}
* Create a Config Rule using the configuration saved earlier:
aws configservice put-config-rule --config-rule file:///tmp/ConfigRule.json