AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-06-16 · Security-related high

File: config/latest/developerguide/managed-rules-by-aws-config.md

Summary

Added multiple new managed rules including security-focused checks (SSL policies, Cognito access, encryption, logging, public access controls)

Security assessment

Introduces documentation for new security rules like 'cloudfront-ssl-policy-check', 'cognito-identity-pool-unauth-access-check', and 'msk-cluster-public-access-disabled', which directly address encryption, access control, and exposure risks.

Diff

diff --git a/config/latest/developerguide/managed-rules-by-aws-config.md b/config/latest/developerguide/managed-rules-by-aws-config.md
index 926250edb..b68091e64 100644
--- a//config/latest/developerguide/managed-rules-by-aws-config.md
+++ b//config/latest/developerguide/managed-rules-by-aws-config.md
@@ -246,0 +247,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [cloudfront-ssl-policy-check](./cloudfront-ssl-policy-check.html)
+
@@ -314,0 +317,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [cognito-identity-pool-unauth-access-check](./cognito-identity-pool-unauth-access-check.html)
+
@@ -426,0 +431,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [ec2-enis-source-destination-check-enabled](./ec2-enis-source-destination-check-enabled.html)
+
@@ -620,0 +627,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [elbv2-listener-encryption-in-transit](./elbv2-listener-encryption-in-transit.html)
+
@@ -846,0 +855,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [lambda-function-xray-enabled](./lambda-function-xray-enabled.html)
+
@@ -884,0 +895,4 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [msk-cluster-public-access-disabled](./msk-cluster-public-access-disabled.html)
+
+  * [msk-connect-connector-logging-enabled](./msk-connect-connector-logging-enabled.html)
+
@@ -888,0 +903,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [msk-unrestricted-access-check](./msk-unrestricted-access-check.html)
+
@@ -1032,0 +1049,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [redshift-cluster-multi-az-enabled](./redshift-cluster-multi-az-enabled.html)
+
@@ -1072,0 +1091,2 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [s3express-dir-bucket-lifecycle-rules-check](./s3express-dir-bucket-lifecycle-rules-check.html)
+
@@ -1190,0 +1211,4 @@ AWS Config currently supports the following managed rules. Before using these ru
+  * [ssm-automation-block-public-sharing](./ssm-automation-block-public-sharing.html)
+
+  * [ssm-automation-logging-enabled](./ssm-automation-logging-enabled.html)
+