AWS Control Tower offers the easiest way to set up and govern a secure, multi-account AWS environment. Control Tower make use for AWS Config to detect(reactive) or prevent (proactive) policy violations. If the environment is single AWS account, we can just make use of AWS Config. We can make use of AWS CloudFormation Guard in your deployment pipelines to check for compliance proactively and ensure that a consistent set of policies are applied both before and after resources are provisioned. For more details, refers to blog at: https://aws.amazon.com/blogs/aws/new-aws-config-rules-now-support-proactive-compliance/
- asked 5 months ago
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated a year ago
- Why is my AWS Config data not getting collected by the aggregator for my AWS account or AWS Organizations account?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- EXPERTpublished a month ago
there are any examples regarding the use of Cloudformation Guards with AWS Config rules in Proactive mode ?