Asset and Configuration Governance

Tagging is an essential way to accurately group assets in their appropriate business groups. Set notifications to identify assets that do not conform with the internal tagging standards defined by your organization.

Examples:

• If any asset is missing the tag Environment, send notification and execute a lambda function to tag the asset.
• If any asset is untagged, alert its owner and stop the instance

Sample Best Practice Policy: This Policy sends an email alert reporting any new AWS assets that are provisioned without being tagged.

In any organization, there are asset types and configurations that are not-preferred, or are outright not allowed. Whether is it certain instance types, regions, AMI types, OS, or network type, it’s critical that you can quickly identify these and take action to correct them.

Examples:

• When any resource is out of compliance with a specific AWS Config Rule
• When an instance has been running more than 1 hour this month. when VPC Enabled is VPC disabled
• When an instance has been running more than 1 hour this month. when Operating System is Red Hat Enterprise Linux

Sample Best Practice Policy: This policy identifies any running EC2 instances that do not comply with AWS Config Rules.