# Creating Amazon Config Managed Rules With Amazon CloudFormation Templates **Important** You must first create and start the Amazon Config configuration recorder in order to create Amazon Config managed rules with Amazon CloudFormation. For more information, see [Managing the Configuration Recorder](https://docs.amazonaws.cn/config/latest/developerguide/stop-start-recorder.html). For supported Amazon Config managed rules, you can use the Amazon CloudFormation templates to create the rule for your account or update an existing Amazon CloudFormation stack. A stack is a collection of related resources that you provision and update as a single unit. When you launch a stack with a template, the Amazon Config managed rule is created for you. The templates create only the rule, and don't create additional Amazon resources. **Note** When Amazon Config managed rules are updated, the templates are updated for the latest changes. To save a specific version of a template for a rule, download the template, and upload it to your S3 bucket. For more information about working with Amazon CloudFormation templates, see [Getting Started with Amazon CloudFormation](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/GettingStarted.html) in the *Amazon CloudFormation User Guide*. **To launch an Amazon CloudFormation stack for an Amazon Config managed rule** 1. Go to the [CloudFormation console](https://console.amazonaws.cn/cloudformation) and create a new stack. 1. For **Specify template**: + If you downloaded the template, choose **Upload a template file**, and then **Choose file** to upload the template. + You can also choose **Amazon S3 URL**, and enter the template URL `http://s3.amazonaws.com/aws-configservice-us-east-1/cloudformation-templates-for-managed-rules/THE_RULE_IDENTIFIER.template`. **Note** The rule identifier should be written in ALL\$1CAPS\$1WITH\$1UNDERSCORES. For example, CLOUDWATCH\$1LOG\$1GROUP\$1ENCRYPTED instead of cloudwatch-log-group-encrypted. For some rules, the rule identifier is different from the rule name. Make sure to use the rule identifier. For example, the rule identifier for restricted-ssh is INCOMING\$1SSH\$1DISABLED. 1. Choose **Next**. 1. For **Specify stack details**, type a stack name and enter parameter values for the Amazon Config rule. For example, if you are using the `DESIRED_INSTANCE_TYPE` managed rule template, you can specify the instance type such as "m4.large". 1. Choose **Next**. 1. For **Options**, you can create tags or configure other advanced options. These are not required. 1. Choose **Next**. 1. For **Review**, verify that the template, parameters, and other options are correct. 1. Choose **Create**. The stack is created in a few minutes. You can view the created rule in the [Amazon Config console](https://console.amazonaws.cn/config). You can use the templates to create a single stack for Amazon Config managed rules or update an existing stack in your account. If you delete a stack, the managed rules created from that stack are also deleted. For more information, see [Working with Stacks](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/stacks.html) in the *Amazon CloudFormation User Guide*.