Use AWS Config Rules to Automatically Remediate Non-compliant Resources

It’s easy to set up remediation actions through the AWS Config console or API. Choose the remediation action you want to associate from a pre-populated list, or create your own custom remediation actions using AWS Systems Manager Automation documents. You will have the option to choose manual or automatic remediation, and set additional parameters specific to the remediation action.  

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting. 

Automatic Remediation with AWS Config rules is available to customers in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), EU (Stockholm), South America (São Paulo) and in AWS GovCloud (US) Regions. Standard metering rates apply to record configuration items, AWS Config rules. Limits and charges for using AWS Systems Manager Automation documents also apply. For detailed pricing information, see AWS Config Pricing and AWS Systems Manager Pricing. Explore AWS blog for examples to use the automatic remediation feature.



https://aws.amazon.com/about-aws/whats-new/2019/09/use-aws-config-rules-to-automatically-remediate-non-compliant-resources/