A compliance package is a scenario-specific collection of rules that you or Cloud Config assembles to evaluate the compliance of resources. You can create a compliance package based on a compliance package template, managed rules, and custom rules that you created. After you create a compliance package, you can view the compliance evaluation results of associated resources based on the specified account and rule.

Background information

Cloud Config provides nine compliance package templates. For more information, see Overview.

After you create a compliance package, the managed rules that are specified in the compliance package are automatically created on the Rules page. You can modify, delete, enable, or disable these managed rules.

When you use a compliance package, pay attention to the following limits:
  • If you use an ordinary account, you can create a maximum of five compliance packages.
  • If you use a management account, you can create a maximum of five compliance packages for the current account or each account group.

Use an ordinary account

If you use an ordinary account, you can create compliance packages for the current account.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, click Compliance Package.
  3. On the Compliance Package page, click Enable Compliance Package in the upper-right corner.
  4. In the Basic Information step, specify a name and a risk level for the compliance package. Then, click Next.
  5. In the Select a rule step, select Compliance Package Template, Rules, or Managed rule from the first drop-down list. If you select Compliance Package Template, select a compliance package template from the second drop-down list. After that, select one or more rules from the rule list that appears. Then, click Next.
  6. In the Rule Settings step, set the Rule Name, Risk Level, and Description parameters, specify an expected value for each rule input parameter, and then click Finish.

Use a management account

If you use a management account, you can create compliance packages for the current account and all member accounts in the specified account group.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, click Compliance Package.
  3. On the Compliance Package page, click the tab of the account group for which you want to create a compliance package.
  4. On the account group tab, click Enable Compliance Package in the upper-right corner.
  5. In the Basic Information step, specify a name and a risk level for the compliance package. Then, click Next.
  6. In the Select a rule step, select Compliance Package Template, Rules, or Managed rule from the first drop-down list. If you select Compliance Package Template, select a compliance package template from the second drop-down list. After that, select one or more rules from the rule list that appears. Then, click Next.
  7. In the Rule Settings step, set the Rule Name, Risk Level, and Description parameters, specify an expected value for each rule input parameter, and then click Finish.