Reputation: 472
What is the advantage of using AWS Config Conformance Pack?
Recently in December 2019, AWS introduced a new service feature called Conformance Pack,
A conformance pack is a collection of AWS Config rules and remediation actions in a cloudformation templete that can be easily deployed in an account and a region.
My question is if we can deploy a cloud-formation template of Config rules and remediation action with awscli command of "create-stack" then why AWS introduced Conformance Pack feature ? What is the advantage of using conformance pack over creating a stack from awscli command?
Thanks!
Upvotes: 0
Views: 437
Answers (1)
Reputation: 53545
The main advantage IMO is that Conformance Pack brings sets of best-practices: https://docs.aws.amazon.com/config/latest/developerguide/conformancepack-sample-templates.html
as templates of rules which can be used "as is" or edited and costumed to your needs.
Yes, you can write the rules by yourself but why not start with a baseline of best-practices?
An additional benefit of Conformance Packs is when your organization has multiple AWS accounts:
This is particularly useful if you need to quickly establish a common baseline for resource configuration policies and best practices across multiple accounts in your organization in a scalable and efficient way.
Upvotes: 2
Related Questions
- What's the purpose of the Metadata section in a CloudFormation Template?
- What is the purpose of aws-cdk-lib vs @aws-cdk/core, @aws-cdk/aws-iam, ...?
- What is the basic difference between AWS Inspector & AWS Config Rules
- What is the purpose of creating "Mappings" in CloudFormation?
- What is the difference between AWS App Config and Code Deploy, and when to use each one
- Benefits of using AWS::CloudFormation::Init
- Building configuration files with Amazon Cloudformation
- What is the idea behind AWS-Specific Parameter Types?
- What are the benefits of cfn-init over userdata?
- AWS CLI config file vs. credentials file