AWS-Config-Recording-is-disabled

Severity: Medium

Description: AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. AWS config uses configuration recorder to detect changes in your resource configurations and capture these changes as configuration items. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This policy generates alerts when AWS Config recorder is not enabled.

Remediation Steps:

Perform following to enable config recording for resources :

1. Login to the AWS Management Console at https://console.aws.amazon.com/config/.

2. Select the specific region from the top down, for which the alert is generated.

3. If AWS Config set up exists,

   1. Go to Settings.

   2. Click on Edit button and select Enable recording in Recorder section.

   3. Provide required information for bucket and role with proper permission. Save the changed settings.

4. If AWS Config set up doesn't exist

   1. Click on Get Started

   2. For Step 1, Tick the check box for Record all resources supported in this region under section Resource types to record.

   3. Under section Amazon S3 bucket, select bucket with permission to Config services.

   4. Under section AWS Config role, select a role with permission to Config services.

   5. Click on Next.

   6. For Step 2, Select required rule and click on 'Next' otherwise click on Skip.

   7. For Step 3, Review the created 'Settings' and click on Confirm.

Reference: