0

I have EC2 Instances launching automatically from my AMI setup to a LB and ASG. I want to now configure a security service like AWS Config to monitor my EC2 Instance for any Configuration changes.

The issue I am having is knowing which rule in AWS Managed Rule monitors the configuration as I don't see any that specifically does. I see alb-http-to-https-redirection-check, cloudwatch-alarm-resource-check, desired-instance-tenancy, approved-amis-by-tag and ami-by-id.

Not sure what to do to as none of these suit my use case.

John Conde
  • 217,595
  • 99
  • 455
  • 496
Ronte
  • 27
  • 5

2 Answers2

0

Here is the information How you can create config rule

you can select specific AWS Resource like EC2 instance from the resource list and then on second step you will find list of managed rules you can select all rules for configuration changes that you want to record for your instance.

enter image description here

enter image description here

Deepak Gupta
  • 387
  • 2
  • 17
  • I don't have them rules when I search for ec2, I only get back 5 results from inputting 'ec2' and none are the ones you selected. Could I set up a Config on my Load Balancer instead to monitor the config? – Ronte Apr 19 '21 at 15:04
  • I am not sure why you can not find in your AWS account. List of managed rules https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html – Deepak Gupta Apr 19 '21 at 18:29
  • you can setup config on load balancer as well – Deepak Gupta Apr 20 '21 at 13:01
  • I have setup one in Config for my Load Balancer to if any Config is changed it will notify me but under 'Integrated Services' under the Load Balancer it tells me that Config has not been setup for the Load Balancer even though I created a Rule specifically for it? – Ronte Apr 20 '21 at 13:39
  • and I also have the Resource types within the Rule directed to the Elastic Load Balancer so I don't understand why it's not being picked up – Ronte Apr 20 '21 at 13:41
0

initially create config, without selecting any rules. Then later come back to the config, and click rules tab , and add rules. You should be able to see all the rules and select ones needed.

priya
  • 1