Amazon Config Managed Rules
Amazon Config provides Amazon managed rules, which are predefined, customizable rules that Amazon Config uses to evaluate whether your Amazon resources comply with common best practices. For example, you could use a managed rule to quickly start assessing whether specific tags are applied to your resources.
The Amazon Config console guides you through the process of configuring and activating a managed rule. You can also use the Amazon Command Line Interface or Amazon Config API to pass the JSON code that defines your configuration of a managed rule.
You can customize the behavior of a managed rule to suit your needs. For example, you can define the rule's scope to constrain which resources trigger an evaluation for the rule, such as EC2 instances or volumes.
You can customize the rule's parameters to define attributes that your resources must have to comply with the rule. For example, you can customize a parameter to specify that your security group should block incoming traffic to a specific port number.
Before using managed rules, see Considerations.