Config Service Rules and Results

[paul-e-allen]

Describe the resource.

Currently, AWS Config Service Recorders (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configurationrecorder.html) and Conformance Packs (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-conformancepack.html) are supported by the CQ AWS provider.

However individual Config Rules (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html) and compliance status of target resources are not supported by the CQ AWS provider.

Use Case

• A team using Config rules to monitor compliance could more easily migrate to CQ. Sunk effort invested in configuring and using Config for compliance is not wasted when/if a team shifts to CQ.

Additional context

Obviously there is direct redundancy/mapping between CQ Policies (= AWS Config Rules) and CQ policy runs (= AWS Config compliance results).

If CQ supported Config Rules and compliance results, it could provide a migration path for teams using Config Rules to shift to CQ.

[bbernays]

The direct mappings would be possible in the future if #393 is implemented