er
Table of Contents |
---|
...
Introduction
...
Note |
---|
At this point in a typical Config workflow, you would find the 251-MED-no-iam-users-except-whitelist Config Rule and trigger re-evaluation of the rule to confirm that your whitelisting had the desired effect (i.e. making the IAM user compliant for that rule). However, the Config API has a very, very threshold for the number of times that you can invoke revaluations. Therefore, the exercise leading leader will trigger re-evaluation just a few times during this hands-on session. |
...
- Click on Resources from the left-hand navigation panel in the Config console.
- In the Resource identifier search field, enter "your" S3 bucket name using this pattern my-bucketpublic-web-site-NETID, and hit "enter" on your keyboard.
- Config should show one search result, listing an S3 bucket user named like my-bucketpublic-web-site-NETID. That bucket will be labelled as non-compliant.
- Click on the bucket name to drill into the Config details for that resource.
- Review the Rules at the bottom of the page. They will show that the bucket is
- compliant with respect to the 003-CRIT-s3-bucket-public-write-prohibited rule, but
- non-compliant with respect to the 153-HIGH-s3-bucket-public-read-prohibited rule.
- In the top right of the details page, click on Manage Resource. This will take you to the S3 console for that bucket.
...
Info |
---|
If you wanted to force Config to evaluate a Rule within your own AWS account, you would use the Re-evaluate action, as shown below. |