Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “AWS Config Should Include Global Resources” for AWS using the AWS console, follow these steps:
- Sign in to the AWS Management Console.
- Navigate to the AWS Config console at AWS Config Console.
- In the main navigation panel, under AWS Config, choose Settings.
- Choose Edit to access the configuration settings available for AWS Config in the selected AWS region.
- In the General settings section, ensure that Record all resources supported in this region option is selected, select the Include global resources (e.g., AWS IAM resources) checkbox, and choose Save to apply the changes. This will enable you to keep track of configuration changes made to global AWS resources such as IAM resources.
- Change the AWS cloud region from the navigation bar and repeat the remediation process for other regions.
Using CLI
Using CLI
To remediate the misconfiguration “AWS Config should include global resources” using the AWS CLI, follow these steps:
- Run the following command to describe the role ARN of the IAM role set for the AWS Config recorder:
- The command output should return the ARN of the requested IAM role:
- Use the role ARN returned in the previous step to create a new configuration recorder for AWS Config to track configuration changes made to global AWS resources:
- If you need to enable AWS Config for other regions, change the AWS cloud region from the navigation bar and repeat the above steps.
Using Python
Using Python
- To remediate the misconfiguration “AWS Config Should Include Global Resources” using Python, you can use the AWS SDK for Python (Boto3) to create a Lambda function that enables AWS Config in all regions and ensures that global resources are included.
- Once you run this code, AWS Config will be enabled for all regions in your AWS account, and the misconfiguration “AWS Config Should Include Global Resources” will be remediated.