Service-Linked Amazon Config Rules
A service-linked Amazon Config rule is a unique type of Amazon Config managed rules that supports other Amazon services to create Amazon Config rules in your account. The service-linked Amazon Config rules are predefined to include all the permissions required to call other Amazon services on your behalf. These rules are similar to standards that an Amazon service recommends in your Amazon Web Services account for compliance verification.
These service-linked Amazon Config rules are owned by Amazon service teams. The Amazon service team creates these rules in your Amazon Web Services account. You have read-only access to these rules. You cannot edit or delete these rules if you are subscribed to Amazon service that these rules are linked to.
In the Amazon Config console, the service-linked Amazon Config rules are visible in the Rules page. The edit button is greyed in the console thereby restricting you to edit the rule. You can view details of the rule by choosing the rule. On the rule details page, you can view the name of the service that created the rule. The Edit and Delete results is greyed thereby restricting you to edit and delete results of the rule. To edit or delete the rule, contact the Amazon service that created the rule.
While using the Amazon Command Line Interface, the PutConfigRule
, DeleteConfigRule
,
and DeleteEvaluationResults
APIs return access denied with the following error
message:
INSUFFICIENT_SLCR_PERMISSIONS = "An AWS service owns ServiceLinkedConfigRule. You do
not have permissions to take action on this rule."