You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Again the CIS benchmark is not explicit enough. At says that AWS Config needs to be enabled in every region and:
Evaluate the output to ensure that there's at least one recorder for which recordingGroup object includes "allSupported": true AND "includeGlobalResourceTypes": true
The AWS docs says:
allSupported=true – AWS Config records configuration changes for every supported type of regional resource. When AWS Config adds support for a new type of regional resource, it automatically starts recording resources of that type.
includeGlobalResourceTypes=true – AWS Config includes supported types of global resources with the resources that it records. When AWS Config adds support for a new type of global resource, it automatically starts recording resources of that type.
While I understand that we need includeGlobalResourceTypes just once, from a security point of view I think allSupported should be included in every region. cis_v140_3_5 does currently fail for us as looking for allSupported=true + includeGlobalResourceTypes=true in the main region and allSupported=true +includeGlobalResourceTypes=false in every other region which does not match the at least one term from the benchmark
The text was updated successfully, but these errors were encountered:
Again the CIS benchmark is not explicit enough. At says that AWS Config needs to be enabled in every region and:
The AWS docs says:
While I understand that we need
includeGlobalResourceTypesjust once, from a security point of view I thinkallSupportedshould be included in every region.cis_v140_3_5does currently fail for us as looking forallSupported=true+includeGlobalResourceTypes=truein the main region andallSupported=true+includeGlobalResourceTypes=falsein every other region which does not match theat least oneterm from the benchmarkThe text was updated successfully, but these errors were encountered: