Config
AWS Config
Overview
AWS Config integration - regscale aws sync_config_compliance - syncs configuration compliance assessments from AWS Config rules and remediation actions into RegScale. This integration provides automated compliance monitoring for resource configurations.
Command Syntax
regscale aws sync_config_compliance [OPTIONS]
Basic Usage
# Sync all Config compliance assessments
regscale aws sync_config_compliance --regscale_id 123
# With tag filtering
regscale aws sync_config_compliance \
--regscale_id 123 \
--tags Environment=production
What Gets Created in RegScale
- Control Assessments: Pass/fail status based on Config rules
- Issues: Created for non-compliant resources
- Compliance Timeline: Historical compliance data
- Remediation History: Automatic and manual remediation tracking
Common Use Cases
Daily Compliance Monitoring
regscale aws sync_config_compliance \
--regscale_id 123 \
--tags Environment=production \
--create-issues
Multi-Account Compliance
regscale aws sync_config_compliance \
--regscale_id 123 \
--account-id 123456789012 \
--tags Compliance=Required
Command Options
| Option | Description | Example |
|---|---|---|
--regscale_id | Security Plan ID (required) | --regscale_id 123 |
--tags | Filter by tags | --tags Env=prod |
--account-id | Filter by account | --account-id 123456789012 |
--create-issues | Create issues for non-compliance | --create-issues |
--region | AWS region | --region us-east-1 |
Best Practices
- Enable AWS Config in all regions where resources exist
- Tag Config rules for compliance boundary identification
- Schedule daily syncs for continuous monitoring
- Use with Audit Manager for comprehensive compliance
Updated about 7 hours ago