Service-Linked Amazon Config Rules - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Service-Linked Amazon Config Rules

A service-linked Amazon Config rule is a unique type of managed config rule that supports other Amazon services to create Amazon Config rules in your account. The service-linked Amazon Config rules are predefined to include all the permissions required to call other Amazon services on your behalf. These rules are similar to standards that an Amazon service recommends in your Amazon Web Services account for compliance verification.

These service-linked Amazon Config rules are owned by Amazon service teams. The Amazon service team creates these rules in your Amazon Web Services account. You have read-only access to these rules. You cannot edit or delete these rules if you are subscribed to Amazon service that these rules are linked to.

In the Amazon Config console, the service-linked Amazon Config rules are visible in the Rules page. The edit button is greyed in the console thereby restricting you to edit the rule. You can view details of the rule by choosing the rule. On the rule details page, you can view the name of the service that created the rule. The Edit and Delete results is greyed thereby restricting you to edit and delete results of the rule. To edit or delete the rule, contact the Amazon service that created the rule.

While using the Amazon Command Line Interface, the PutConfigRule, DeleteConfigRule, and DeleteEvaluationResults APIs return access denied with the following error message:

INSUFFICIENT_SLCR_PERMISSIONS = "An AWS service owns ServiceLinkedConfigRule. You do not have permissions to take action on this rule."