Today, AWS announces that AWS Control Tower supports an additional 223 managed Config rules in Control Catalog for various use cases such as security, cost, durability, and operations. With this launch, you can now search, discover, enable and manage these additional rules directly from AWS Control Tower and govern more use cases for your multi-account environment.
To get started, in AWS Control Tower go to the Control Catalog and search for controls with the implementation filter AWS Config, you will then see all the AWS Config rules present in the Catalog. If you find rules that are relevant for you, you can then directly enable them from the AWS Control Tower console. You can also use ListControls, GetControl and EnableControl APIs. With this launch we’ve updated ListControls and GetControl APIs to support three new fields: Create Time, Severity and Implementation, that you can use when searching for a control in Control Catalog. For example, you can now programmatically find high severity Config rules which were created after your previous evaluation.
You can search the new AWS Config rules in all AWS Regions where AWS Control Tower is available, including AWS GovCloud (US). When you want to deploy a rule, reference the list of supported regions for that rule to see where it can be enabled. To learn more, visit the AWS Control Tower User Guide .