awslabs / aws-config-rules

[Node, Python, Java] Repository of sample Custom Rules for AWS Config.
http://aws.amazon.com/config/
Creative Commons Zero v1.0 Universal
1.61k stars 854 forks source link

Conformance Pack CFN to include framework control id(s) in resource properties #380

Open kmkale opened 2 years ago

kmkale commented 2 years ago

An enterprise customer have asked for Conformance Pack CloudFormation template to include standard/framework rule id(s) in resource properties. Their purpose is to programattically identify which Config rule maps to which framework AND also to create conformance pack comparison so to identify industry standard/framework coverage with control id granularity. They are leveraging Conformance pack template yaml files for scripting this task.

Conformance packs map to a industry standard or framework. E.g. APRA-CPG-234. The AWS documentation for Conformance packs shows the framework control id mapping to each Config rule in a tabular format e.g. https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-apra_cpg_234.html. However the CloudFormation template for the Conformance pack does not include this information e.g https://github.com/awslabs/aws-config-rules/blob/master/aws-config-conformance-packs/Operational-Best-Practices-for-APRA-CPG-234.yaml.

This feature request is for the control ids to be included in properties section of the Config rule resource. We understand a single Config rule may apply for several standards/frameworks multiple control ids. Request all control ids to be included as framework:control id KV pair and such pairs be comma delimited.