# Document History
<a name="DocumentHistory"></a>

The following table describes the important changes to the documentation for AWS Config. For notification about updates to this documentation, you can subscribe to an RSS feed.
+ **API version**: 2014-11-12
+ **Latest documentation update**: April 3, 2026

| Change | Description | Date | 
| --- |--- |--- |
| [AWS Config deprecates managed rule](#DocumentHistory) | With this release, AWS Config is marking the managed rule [ecs-task-definition-memory-hard-limit](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-memory-hard-limit.html) as deprecated. | April 3, 2026 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [ec2-vpn-connection-ike-version-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-vpn-connection-ike-version-check.html)   [eks-nodegroup-supported-version-check](https://docs.aws.amazon.com/config/latest/developerguide/eks-nodegroup-supported-version-check.html)   [kendra-index-tagged](https://docs.aws.amazon.com/config/latest/developerguide/kendra-index-tagged.html)   [sagemaker-featuregroup-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.html)   [sagemaker-model-private-registry-required](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-private-registry-required.html)   | April 2, 2026 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [AI/ML Security & Governance Supporting Infrastructure Best Practices](https://docs.aws.amazon.com/config/latest/developerguide/AI-ML-security-governance-supporting-infrastructure-best-practices.html)   [Amazon Bedrock Security and Governance Best Practices](https://docs.aws.amazon.com/config/latest/developerguide/amazon-bedrock-security-and-governance-best-practices.html)   [Amazon SageMaker AI Security and Governance Best Practices](https://docs.aws.amazon.com/config/latest/developerguide/amazon-sagemaker-ai-security-and-governance-best-practices.html)   [Self-Hosted AI/ML Security & Governance Best Practices](https://docs.aws.amazon.com/config/latest/developerguide/self-hosted-AI-ML-security-governance-best-practices.html)   | March 20, 2026 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` and `AWS_ConfigRole` policies now grant additional permissions for auditmanager, bcm-dashboards, bedrock, bedrock-agentcore, chime, dms, emr-containers, gameliftstreams, globalaccelerator, glue, lambda, medialive, mediapackagev2, outposts, qbusiness, redshift, rtbfabric, s3express, s3vectors, sagemaker, servicecatalog, ssm-contacts, ssm-guiconnect, sso, textract, transfer, and wisdom services. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | March 10, 2026 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [acm-certificate-transparent-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-transparent-logging-enabled.html)   [amplify-app-build-spec-configured](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-build-spec-configured.html)   [amplify-app-platform-check](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-platform-check.html)   [amplify-branch-auto-build-enabled](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-auto-build-enabled.html)   [amplify-branch-build-spec-configured](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-build-spec-configured.html)   [amplify-branch-framework-configured](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-framework-configured.html)   [amplify-branch-pull-request-preview-enabled](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-pull-request-preview-enabled.html)   [apigateway-domain-name-tls-check](https://docs.aws.amazon.com/config/latest/developerguide/apigateway-domain-name-tls-check.html)   [apigatewayv2-integration-private-https-enabled](https://docs.aws.amazon.com/config/latest/developerguide/apigatewayv2-integration-private-https-enabled.html)   [appintegrations-application-approved-origins-check](https://docs.aws.amazon.com/config/latest/developerguide/appintegrations-application-approved-origins-check.html)   [appintegrations-application-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appintegrations-application-tagged.html)   [appmesh-mesh-ip-pref-check](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-mesh-ip-pref-check.html)   [appmesh-virtual-gateway-listeners-health-check-enabled](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-gateway-listeners-health-check-enabled.html)   [appmesh-virtual-node-listeners-health-check-enabled](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-listeners-health-check-enabled.html)   [appmesh-virtual-node-listeners-outlier-detect-enabled](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-listeners-outlier-detect-enabled.html)   [appmesh-virtual-node-service-backends-tls-enforced](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-service-backends-tls-enforced.html)   [cloudtrail-event-data-store-multi-region](https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-event-data-store-multi-region.html)   [cloudwatch-alarm-description](https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-description.html)   [codeartifact-repository-tagged](https://docs.aws.amazon.com/config/latest/developerguide/codeartifact-repository-tagged.html)   [codebuild-project-tagged](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-tagged.html)   [ec2-ipamscope-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-ipamscope-tagged.html)   [ec2-launchtemplate-ebs-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launchtemplate-ebs-encrypted.html)   [ecs-service-propagate-tags-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecs-service-propagate-tags-enabled.html)   [elbv2-targetgroup-healthcheck-protocol-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-targetgroup-healthcheck-protocol-encrypted.html)   [elbv2-targetgroup-protocol-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-targetgroup-protocol-encrypted.html)   [eventschemas-discoverer-tagged](https://docs.aws.amazon.com/config/latest/developerguide/eventschemas-discoverer-tagged.html)   [eventschemas-registry-tagged](https://docs.aws.amazon.com/config/latest/developerguide/eventschemas-registry-tagged.html)   [groundstation-config-tagged](https://docs.aws.amazon.com/config/latest/developerguide/groundstation-config-tagged.html)   [groundstation-dataflowendpointgroup-tagged](https://docs.aws.amazon.com/config/latest/developerguide/groundstation-dataflowendpointgroup-tagged.html)   [groundstation-missionprofile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/groundstation-missionprofile-tagged.html)   [healthlake-fhirdatastore-tagged](https://docs.aws.amazon.com/config/latest/developerguide/healthlake-fhirdatastore-tagged.html)   [iam-oidc-provider-client-id-list-check](https://docs.aws.amazon.com/config/latest/developerguide/iam-oidc-provider-client-id-list-check.html)   [iam-policy-description](https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-description.html)   [imagebuilder-distributionconfiguration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/imagebuilder-distributionconfiguration-tagged.html)   [imagebuilder-imagepipeline-tagged](https://docs.aws.amazon.com/config/latest/developerguide/imagebuilder-imagepipeline-tagged.html)   [imagebuilder-imagerecipe-ebs-volumes-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/imagebuilder-imagerecipe-ebs-volumes-encrypted.html)   [imagebuilder-imagerecipe-tagged](https://docs.aws.amazon.com/config/latest/developerguide/imagebuilder-imagerecipe-tagged.html)   [imagebuilder-infrastructureconfiguration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/imagebuilder-infrastructureconfiguration-tagged.html)   [kinesisvideo-signalingchannel-tagged](https://docs.aws.amazon.com/config/latest/developerguide/kinesisvideo-signalingchannel-tagged.html)   [kinesisvideo-stream-tagged](https://docs.aws.amazon.com/config/latest/developerguide/kinesisvideo-stream-tagged.html)   [lambda-function-application-log-level-check](https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-application-log-level-check.html)   [lambda-function-log-format-json](https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-log-format-json.html)   [lambda-function-system-log-level-check](https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-system-log-level-check.html)   [lightsail-bucket-object-versioning-enabled](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-bucket-object-versioning-enabled.html)   [mediapackage-packagingconfiguration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/mediapackage-packagingconfiguration-tagged.html)   [mediatailor-playbackconfiguration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/mediatailor-playbackconfiguration-tagged.html)   [memorydb-subnetgroup-tagged](https://docs.aws.amazon.com/config/latest/developerguide/memorydb-subnetgroup-tagged.html)   [neptune-cluster-snapshot-iam-database-auth-enabled](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-snapshot-iam-database-auth-enabled.html)   [opensearchserverless-collection-description](https://docs.aws.amazon.com/config/latest/developerguide/opensearchserverless-collection-description.html)   [opensearchserverless-collection-standbyreplicas-enabled](https://docs.aws.amazon.com/config/latest/developerguide/opensearchserverless-collection-standbyreplicas-enabled.html)   [panorama-package-tagged](https://docs.aws.amazon.com/config/latest/developerguide/panorama-package-tagged.html)   [rds-cluster-backup-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-backup-retention-check.html)   [rds-global-cluster-aurora-mysql-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/rds-global-cluster-aurora-mysql-supported-version.html)   [resiliencehub-app-tagged](https://docs.aws.amazon.com/config/latest/developerguide/resiliencehub-app-tagged.html)   [resiliencehub-resiliencypolicy-tagged](https://docs.aws.amazon.com/config/latest/developerguide/resiliencehub-resiliencypolicy-tagged.html)   [route53-recovery-control-cluster-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-recovery-control-cluster-tagged.html)   [route53-recovery-readiness-cell-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-recovery-readiness-cell-tagged.html)   [route53-recovery-readiness-readiness-check-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-recovery-readiness-readiness-check-tagged.html)   [route53-recovery-readiness-recovery-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-recovery-readiness-recovery-group-tagged.html)   [route53-recovery-readiness-resource-set-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-recovery-readiness-resource-set-tagged.html)   [route53-resolver-resolver-endpoint-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-resolver-resolver-endpoint-tagged.html)   [s3-directory-bucket-lifecycle-policy-rule-check](https://docs.aws.amazon.com/config/latest/developerguide/s3-directory-bucket-lifecycle-policy-rule-check.html)   [sagemaker-data-quality-job-encrypt-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-data-quality-job-encrypt-in-transit.html)   [sagemaker-data-quality-job-isolation](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-data-quality-job-isolation.html)   [sagemaker-featuregroup-description](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-featuregroup-description.html)   [sagemaker-inferenceexperiment-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-inferenceexperiment-tagged.html)   [sagemaker-model-bias-job-encrypt-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-bias-job-encrypt-in-transit.html)   [sagemaker-model-bias-job-isolation](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-bias-job-isolation.html)   [sagemaker-model-explainability-job-encrypt-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-explainability-job-encrypt-in-transit.html)   [sagemaker-model-quality-job-encrypt-transit](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-quality-job-encrypt-transit.html)   [sagemaker-monitoring-schedule-isolation](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-monitoring-schedule-isolation.html)   [signer-signingprofile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/signer-signingprofile-tagged.html)   [transfer-connector-as2-encryption-algorithm-check](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-as2-encryption-algorithm-check.html)   [transfer-connector-as2-mdn-signing-algorithm-check](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-as2-mdn-signing-algorithm-check.html)   [transfer-connector-as2-signing-algorithm-check](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-as2-signing-algorithm-check.html)   | March 4, 2026 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` and `AWS_ConfigRole` policies now grant additional permissions: application-autoscaling:DescribeScheduledActions, appsync:GetApiAssociation, cloudformation:DescribeStacks, cloudformation:GetStackPolicy, cloudformation:GetTemplate, cloudfront:GetKeyGroup, cloudfront:GetMonitoringSubscription, cloudfront:ListKeyGroups, connect:ListEvaluationFormVersions, cur:DescribeReportDefinitions, cur:ListTagsForResource, and permissions for datazone, docdb-elastic, ec2, fis, frauddetector, guardduty, iotfleetwise, iotsitewise, iotwireless, kendra, logs, mediaconnect, medialive, networkmanager, notifications, refactor-spaces, resource-explorer-2, route53resolver, securityhub, sms-voice, and workspaces-web services. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | February 17, 2026 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` and `AWS_ConfigRole` policies have been updated with comprehensive permissions for AWS resource configuration recording across over 100 AWS services. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | January 27, 2026 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cloudformation-stack-service-role-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-stack-service-role-check.html)   [cloudfront-distribution-key-group-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-distribution-key-group-enabled.html)   [ecs-capacity-provider-termination-check](https://docs.aws.amazon.com/config/latest/developerguide/ecs-capacity-provider-termination-check.html)   [ecs-task-definition-linux-user-non-root](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-linux-user-non-root.html)   [ecs-task-definition-windows-user-non-admin](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-windows-user-non-admin.html)   | January 9, 2026 | 
| [AWS Config supports new permissions required for S3 Tables](#DocumentHistory) | With this release, AWS Config added new required permissions to record S3 Tables resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | January 9, 2026 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [aurora-global-database-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/aurora-global-database-encryption-at-rest.html)   [cloudformation-termination-protection-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-termination-protection-check.html)   [cognito-userpool-cust-auth-threat-full-check](https://docs.aws.amazon.com/config/latest/developerguide/cognito-userpool-cust-auth-threat-full-check.html)   [cognito-user-pool-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-deletion-protection-enabled.html)   [cognito-user-pool-mfa-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-mfa-enabled.html)   [ebs-snapshot-block-public-access](https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-block-public-access.html)   [ecs-task-definition-efs-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-efs-encryption-enabled.html)   [ses-sending-tls-required](https://docs.aws.amazon.com/config/latest/developerguide/ses-sending-tls-required.html)   | December 8, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [aurora-global-database-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/aurora-global-database-encryption-at-rest.html)   [cloudformation-termination-protection-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudformation-termination-protection-check.html)   [cognito-userpool-cust-auth-threat-full-check](https://docs.aws.amazon.com/config/latest/developerguide/cognito-userpool-cust-auth-threat-full-check.html)   [cognito-user-pool-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-deletion-protection-enabled.html)   [cognito-user-pool-mfa-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-mfa-enabled.html)   [ebs-snapshot-block-public-access](https://docs.aws.amazon.com/config/latest/developerguide/ebs-snapshot-block-public-access.html)   [ecs-task-definition-efs-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-efs-encryption-enabled.html)   [ses-sending-tls-required](https://docs.aws.amazon.com/config/latest/developerguide/ses-sending-tls-required.html)   | December 8, 2025 | 
| [Document History](#DocumentHistory) | The example Cross-Account S3 Bucket Policy no longer includes the `config.amazonaws.com` Service Principal. For more information, see [required-permissions-cross-account](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html#required-permissions-cross-account). | December 3, 2025 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` and `AWS_ConfigRole` policies now grants additional permissions for Amazon Lightsail and Amazon Simple Storage Service (Amazon S3). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | November 20, 2025 | 
| [Security IAM update](#DocumentHistory) | AWS Config has updated the managed policy `AWSConfigServiceRolePolicy` with enhanced documentation of comprehensive permissions for AWS resource configuration recording across over 100 AWS services. For information, see [AWS Config updates to AWS managed policies](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-updates). | November 11, 2025 | 
| [Security IAM update](#DocumentHistory) | AWS Config has updated the managed policy `AWS_ConfigRole` with comprehensive permissions for AWS resource configuration recording across multiple services. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | November 10, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [amplify-app-no-environment-variables](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-no-environment-variables.html)   [amplify-branch-description](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-description.html)   [api-gwv2-stage-default-route-detailed-metrics-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-stage-default-route-detailed-metrics-enabled.html)   [apigateway-stage-description](https://docs.aws.amazon.com/config/latest/developerguide/apigateway-stage-description.html)   [apigatewayv2-stage-description](https://docs.aws.amazon.com/config/latest/developerguide/apigatewayv2-stage-description.html)   [appconfig-deployment-strategy-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-deployment-strategy-tagged.html)   [aps-rule-groups-namespace-tagged](https://docs.aws.amazon.com/config/latest/developerguide/aps-rule-groups-namespace-tagged.html)   [auditmanager-assessment-tagged](https://docs.aws.amazon.com/config/latest/developerguide/auditmanager-assessment-tagged.html)   [batch-managed-spot-compute-environment-max-bid](https://docs.aws.amazon.com/config/latest/developerguide/batch-managed-spot-compute-environment-max-bid.html)   [cognito-identity-pool-unauthenticated-logins](https://docs.aws.amazon.com/config/latest/developerguide/cognito-identity-pool-unauthenticated-logins.html)   [customerprofiles-domain-tagged](https://docs.aws.amazon.com/config/latest/developerguide/customerprofiles-domain-tagged.html)   [devicefarm-project-tagged](https://docs.aws.amazon.com/config/latest/developerguide/devicefarm-project-tagged.html)   [devicefarm-test-grid-project-tagged](https://docs.aws.amazon.com/config/latest/developerguide/devicefarm-test-grid-project-tagged.html)   [ec2-network-insights-analysis-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-network-insights-analysis-tagged.html)   [eks-fargate-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/eks-fargate-profile-tagged.html)   [glue-ml-transform-tagged](https://docs.aws.amazon.com/config/latest/developerguide/glue-ml-transform-tagged.html)   [iot-provisioning-template-description](https://docs.aws.amazon.com/config/latest/developerguide/iot-provisioning-template-description.html)   [iot-provisioning-template-jitp](https://docs.aws.amazon.com/config/latest/developerguide/iot-provisioning-template-jitp.html)   [iot-provisioning-template-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iot-provisioning-template-tagged.html)   [iot-scheduled-audit-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iot-scheduled-audit-tagged.html)   [kinesis-video-stream-minimum-data-retention](https://docs.aws.amazon.com/config/latest/developerguide/kinesis-video-stream-minimum-data-retention.html)   [lambda-function-description](https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-description.html)   [lightsail-bucket-allow-public-overrides-disabled](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-bucket-allow-public-overrides-disabled.html)   [route53-resolver-firewall-domain-list-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-resolver-firewall-domain-list-tagged.html)   [route53-resolver-firewall-rule-group-association-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-resolver-firewall-rule-group-association-tagged.html)   [route53-resolver-firewall-rule-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-resolver-firewall-rule-group-tagged.html)   [route53-resolver-resolver-rule-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-resolver-resolver-rule-tagged.html)   [rum-app-monitor-cloudwatch-logs-enabled](https://docs.aws.amazon.com/config/latest/developerguide/rum-app-monitor-cloudwatch-logs-enabled.html)   [rum-app-monitor-tagged](https://docs.aws.amazon.com/config/latest/developerguide/rum-app-monitor-tagged.html)   | October 27, 2025 | 
| [AWS Config supports new resource types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon API Gateway, AWS CloudTrail, and AWS Config resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | October 10, 2025 | 
| [AWS Config supports new conformance pack](#DocumentHistory) | With this release, AWS Config supports the following conformance pack: [Cyber Resilience Best Practices for Amazon S3, Amazon EBS, and Amazon DynamoDB](https://docs.aws.amazon.com/config/latest/developerguide/cyber-resilience-best-practices-for-s3-ebs-dynamoDB.html) | October 3, 2025 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` and `AWS_ConfigRole` policies now grants additional permissions for AWS Amplify, AWS AppSync, Amazon Bedrock, AWS CloudTrail, CloudFormation, AWS CodeArtifact, AWS CodePipeline, Amazon Connect, AWS Deadline Cloud, Amazon EC2, AWS Entity Resolution, AWS IoT SiteWise, Amazon IVS, AWS Lambda, Amazon EventBridge, Amazon Quick, Amazon Redshift, Amazon Redshift Serverless, AWS Identity and Access Management Roles Anywhere, Amazon SageMaker, AWS Secrets Manager, Amazon Security Lake, AWS Service Catalog, AWS Shield, Amazon EC2 Systems Manager, and AWS WAFV2. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | October 1, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cognito-user-pool-password-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-password-policy-check.html)   [dms-replication-instance-multi-az-enabled](https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-instance-multi-az-enabled.html)   [ec2-launch-templates-ebs-volume-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launch-templates-ebs-volume-encrypted.html)   [rds-mysql-cluster-copy-tags-to-snapshot-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-mysql-cluster-copy-tags-to-snapshot-check.html)   [rds-pgsql-cluster-copy-tags-to-snapshot-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-pgsql-cluster-copy-tags-to-snapshot-check.html)   | October 1, 2025 | 
| [AWS Config supports new resource types in the Asia Pacific (Taipei) Region region](#DocumentHistory) | With this release, AWS Config now supports the following AWS WAFV2 resource types in the Asia Pacific (Taipei) Region region: AWS::WAFv2::IPSet AWS::WAFv2::ManagedRuleSet AWS::WAFv2::RegexPatternSet AWS::WAFv2::RuleGroup AWS::WAFv2::WebACL For more information, see [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html#asia-pacific-regions). | September 23, 2025 | 
| [AWS Config updates conformance packs](#DocumentHistory) | With this release, AWS Config has updated the following conformance packs:  [Operational Best Practices for ACSC Essential 8](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc_essential_8.html)   [Operational Best Practices for ACSC ISM - Part 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc-ism-part-2.html)   | September 9, 2025 | 
| [AWS Config supports new resource types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS CodeArtifact, AWS Config, AWS Glue, AWS Network Manager, and AWS Identity and Access Management resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | September 3, 2025 | 
| [AWS Config supports new resource types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Backup, Amazon OpenSearch Service, Amazon EC2, Amazon Managed Streaming for Apache Kafka, Amazon Redshift, Route 53 Profiles, AWS Systems Manager Incident Manager, AWS Transfer Family, and Amazon CloudFront resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | August 15, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cloudfront-origin-lambda-url-oac-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-origin-lambda-url-oac-enabled.html)   [sqs-queue-policy-full-access-check](https://docs.aws.amazon.com/config/latest/developerguide/sqs-queue-policy-full-access-check.html)   [sqs-queue-dlq-check](https://docs.aws.amazon.com/config/latest/developerguide/sqs-queue-dlq-check.html)   | August 14, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [alb-tagged](https://docs.aws.amazon.com/config/latest/developerguide/alb-tagged.html)   [api-gw-rest-api-tagged](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-rest-api-tagged.html)   [api-gw-stage-tagged](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-stage-tagged.html)   [appsync-graphql-api-xray-enabled](https://docs.aws.amazon.com/config/latest/developerguide/appsync-graphql-api-xray-enabled.html)   [cloudwatch-metric-stream-tagged](https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-metric-stream-tagged.html)   [codebuild-report-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-report-group-tagged.html)   [datasync-location-object-storage-using-https](https://docs.aws.amazon.com/config/latest/developerguide/datasync-location-object-storage-using-https.html)   [ec2-vpn-connection-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-vpn-connection-tagged.html)   [ecs-capacity-provider-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ecs-capacity-provider-tagged.html)   [efs-file-system-tagged](https://docs.aws.amazon.com/config/latest/developerguide/efs-file-system-tagged.html)   [eks-addon-tagged](https://docs.aws.amazon.com/config/latest/developerguide/eks-addon-tagged.html)   [elb-internal-scheme-check](https://docs.aws.amazon.com/config/latest/developerguide/elb-internal-scheme-check.html)   [elb-tagged](https://docs.aws.amazon.com/config/latest/developerguide/elb-tagged.html)   [glb-tagged](https://docs.aws.amazon.com/config/latest/developerguide/glb-tagged.html)   [iot-job-template-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iot-job-template-tagged.html)   [iotdevicedefender-custom-metric-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotdevicedefender-custom-metric-tagged.html)   [kms-key-tagged](https://docs.aws.amazon.com/config/latest/developerguide/kms-key-tagged.html)   [msk-cluster-tagged](https://docs.aws.amazon.com/config/latest/developerguide/msk-cluster-tagged.html)   [nlb-tagged](https://docs.aws.amazon.com/config/latest/developerguide/nlb-tagged.html)   [rds-event-subscription-tagged](https://docs.aws.amazon.com/config/latest/developerguide/rds-event-subscription-tagged.html)   [rds-option-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/rds-option-group-tagged.html)   [route53-health-check-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-health-check-tagged.html)   [route53-hosted-zone-tagged](https://docs.aws.amazon.com/config/latest/developerguide/route53-hosted-zone-tagged.html)   [service-catalog-portfolio-tagged](https://docs.aws.amazon.com/config/latest/developerguide/service-catalog-portfolio-tagged.html)   [stepfunctions-state-machine-tagged](https://docs.aws.amazon.com/config/latest/developerguide/stepfunctions-state-machine-tagged.html)   [workspaces-connection-alias-tagged](https://docs.aws.amazon.com/config/latest/developerguide/workspaces-connection-alias-tagged.html)   [workspaces-workspace-tagged](https://docs.aws.amazon.com/config/latest/developerguide/workspaces-workspace-tagged.html)   | August 13, 2025 | 
| [Security IAM updates](#DocumentHistory) | The `AWS_ConfigRole` policy now grants additional permissions for AWS ARC - Zonal Shift, Amazon Bedrock, AWS CloudTrail, AWS CodeArtifact, AWS Deadline Cloud, AWS Database Migration Service, AWS Glue, AWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka, AWS Lake Formation, Amazon CloudWatch Logs, AWS Elemental MediaLive, AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service, AWS Secrets Manager, Amazon Security Lake, AWS Service Catalog, Amazon Simple Email Service, and AWS X-Ray. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 28, 2025 | 
| [Security IAM updates](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy now grants additional permissions for AWS ARC - Zonal Shift, Amazon Bedrock, AWS CloudTrail, AWS CodeArtifact, AWS Deadline Cloud, AWS Database Migration Service, AWS Glue, AWS Identity and Access Management, Amazon Managed Streaming for Apache Kafka, AWS Lake Formation, Amazon CloudWatch Logs, AWS Elemental MediaLive, AWS Elemental MediaPackage, Amazon Relational Database Service, Amazon Simple Storage Service, AWS Secrets Manager, Amazon Security Lake, AWS Service Catalog, Amazon Simple Email Service, AWS X-Ray, and Amazon API Gateway. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 28, 2025 | 
| [AWS Config supports new resource types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Backup, AWS Billing and Cost Management, CloudFormation, Amazon CloudFront, AWS Entity Resolution, AWS IoT, AWS Private Certificate Authority, Amazon Relational Database Service, and Amazon S3 resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonbedrock). | July 15, 2025 | 
| [Security IAM updates](#DocumentHistory) | The `AWS_ConfigRole` policy and `AWSConfigServiceRolePolicy` policy now grants additional permissions for AWS Backup gateway, AWS Billing and Cost Management, Amazon Bedrock, AWS CloudFormation, Amazon CloudFront, AWS Entity Resolution, AWS IoT Core Device Advisor, AWS Lambda, AWS Network Manager, AWS Private Certificate Authority, Amazon Redshift, Amazon S3 Tables, AWS Systems Manager Quick Setup. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | June 18, 2025 | 
| [AWS Config supports new resource types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Bedrock resource types. For more information, see [Supported resource types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonbedrock). | June 17, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cloudfront-ssl-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-ssl-policy-check.html)   [cognito-identity-pool-unauth-access-check](https://docs.aws.amazon.com/config/latest/developerguide/cognito-identity-pool-unauth-access-check.html)   [ec2-enis-source-destination-check-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ec2-enis-source-destination-check-enabled.html)   [elbv2-listener-encryption-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-listener-encryption-in-transit.html)   [lambda-function-xray-enabled](https://docs.aws.amazon.com/config/latest/developerguide/lambda-function-xray-enabled.html)   [msk-cluster-public-access-disabled](https://docs.aws.amazon.com/config/latest/developerguide/msk-cluster-public-access-disabled.html)   [msk-connect-connector-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/msk-connect-connector-logging-enabled.html)   [msk-unrestricted-access-check](https://docs.aws.amazon.com/config/latest/developerguide/msk-unrestricted-access-check.html)   [aurora-mysql-cluster-audit-logging](https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-cluster-audit-logging.html)   [redshift-cluster-multi-az-enabled](https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-multi-az-enabled.html)   [s3express-dir-bucket-lifecycle-rules-check](https://docs.aws.amazon.com/config/latest/developerguide/s3express-dir-bucket-lifecycle-rules-check.html)   [ssm-automation-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ssm-automation-logging-enabled.html)   [ssm-automation-block-public-sharing](https://docs.aws.amazon.com/config/latest/developerguide/ssm-automation-block-public-sharing.html)   | June 13, 2025 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Bedrock. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | May 27, 2025 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon App Integrations, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Inspector, Amazon Macie, Amazon Route 53 Profiles, Amazon OpenSearch Serverless, Amazon Simple Storage Service (Amazon S3), AWS Security Hub CSPM, and Amazon SageMaker AI resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | April 30, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [redshift-serverless-default-db-name-check](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-default-db-name-check.html) | April 22, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [redshift-serverless-default-admin-check](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-default-admin-check.html) | April 17, 2025 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS B2B Data Interchange, Amazon Bedrock, AWS Clean Rooms, AWS CodeConnections, AWS Direct Connect, AWS Database Migration Service (AWS DMS), Amazon CloudWatch Logs, Amazon Macie, Amazon Managed Blockchain, Amazon Q Business, Route 53 Profiles, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI, AWS Security Hub CSPM, and AWS Systems Manager Incident Manager, AWS Systems Manager Incident Manager Contacts, and AWS Systems Manager. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | April 8, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [s3-bucket-tagged](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-tagged.html)   [ecr-repository-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ecr-repository-tagged.html)   [sagemaker-feature-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-feature-group-tagged.html)   [sagemaker-domain-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-domain-tagged.html)   [cognito-user-pool-tagged](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-tagged.html)   | April 1, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [nlb-cross-zone-load-balancing-enabled](https://docs.aws.amazon.com/config/latest/developerguide/nlb-cross-zone-load-balancing-enabled.html)   [redshift-serverless-publish-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-publish-logs-to-cloudwatch.html)   [rds-instance-subnet-igw-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-subnet-igw-check.html)   [ec2-spot-fleet-request-ct-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/ec2-spot-fleet-request-ct-encryption-at-rest.html)   [redshift-serverless-workgroup-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-workgroup-encrypted-in-transit.html)   [redshift-serverless-workgroup-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-workgroup-no-public-access.html)   [redshift-serverless-namespace-cmk-encryption](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-namespace-cmk-encryption.html)   [event-data-store-cmk-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/event-data-store-cmk-encryption-enabled.html)   [ecs-task-definition-network-mode-not-host](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-network-mode-not-host.html)   [rds-proxy-tls-encryption](https://docs.aws.amazon.com/config/latest/developerguide/rds-proxy-tls-encryption.html)   [nlb-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/nlb-logging-enabled.html)   [redshift-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/redshift-audit-logging-enabled.html)   [s3-lifecycle-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/s3-lifecycle-policy-check.html)   [sagemaker-image-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-image-tagged.html)   [redshift-cluster-parameter-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-parameter-group-tagged.html)   [ec2-dhcp-options-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-dhcp-options-tagged.html)   [sagemaker-app-image-config-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-app-image-config-tagged.html)   [mariadb-publish-logs-to-cloudwatch-logs](https://docs.aws.amazon.com/config/latest/developerguide/mariadb-publish-logs-to-cloudwatch-logs.html)   [docdb-cluster-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-encrypted-in-transit.html)   [rds-sqlserver-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.html)   [ec2-traffic-mirror-session-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-session-tagged.html)   [ec2-launch-template-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launch-template-tagged.html)   [ec2-traffic-mirror-target-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-target-tagged.html)   [transfer-certificate-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-certificate-tagged.html)   [batch-managed-compute-env-compute-resources-tagged](https://docs.aws.amazon.com/config/latest/developerguide/batch-managed-compute-env-compute-resources-tagged.html)   [lightsail-disk-tagged](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-disk-tagged.html)   [transfer-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-profile-tagged.html)   [amplify-app-tagged](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-tagged.html)   [ec2-prefix-list-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-prefix-list-tagged.html)   [amplify-branch-tagged](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-tagged.html)   [transfer-agreement-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-agreement-tagged.html)   [datasync-task-tagged](https://docs.aws.amazon.com/config/latest/developerguide/datasync-task-tagged.html)   [transfer-workflow-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-workflow-tagged.html)   [sagemaker\$1notebook\$1instance\$1platform\$1version](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker_notebook_instance_platform_version.html)   [ec2-traffic-mirror-filter-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-filter-tagged.html)   [aurora-mysql-cluster-audit-logging](https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-cluster-audit-logging.html)   [ssm-document-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ssm-document-tagged.html)   [transfer-connector-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-tagged.html)   [rds-mariadb-instance-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-mariadb-instance-encrypted-in-transit.html)   [iam-saml-provider-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iam-saml-provider-tagged.html)   [ec2-fleet-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-fleet-tagged.html)   [iam-server-certificate-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iam-server-certificate-tagged.html)   [iam-oidc-provider-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iam-oidc-provider-tagged.html)   [alb-listener-tagged](https://docs.aws.amazon.com/config/latest/developerguide/alb-listener-tagged.html)   [glb-listener-tagged](https://docs.aws.amazon.com/config/latest/developerguide/glb-listener-tagged.html)   [ec2-network-insights-access-scope-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-network-insights-access-scope-tagged.html)   [lightsail-certificate-tagged](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-certificate-tagged.html)   [ec2-capacity-reservation-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-capacity-reservation-tagged.html)   [ec2-transit-gateway-multicast-domain-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-transit-gateway-multicast-domain-tagged.html)   [dms-endpoint-tagged](https://docs.aws.amazon.com/config/latest/developerguide/dms-endpoint-tagged.html)   [ec2-carrier-gateway-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-carrier-gateway-tagged.html)   [dms-replication-task-tagged](https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-task-tagged.html)   [ec2-client-vpn-endpoint-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-client-vpn-endpoint-tagged.html)   [lightsail-bucket-tagged](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-bucket-tagged.html)   [ec2-network-insights-access-scope-analysis-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-network-insights-access-scope-analysis-tagged.html)   [nlb-listener-tagged](https://docs.aws.amazon.com/config/latest/developerguide/nlb-listener-tagged.html)   [ec2-network-insights-path-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-network-insights-path-tagged.html)   | March 22, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [docdb-cluster-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-encrypted-in-transit.html)   [mariadb-publish-logs-to-cloudwatch-logs](https://docs.aws.amazon.com/config/latest/developerguide/mariadb-publish-logs-to-cloudwatch-logs.html)   [aurora-mysql-cluster-audit-logging](https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-cluster-audit-logging.html)   [rds-mariadb-instance-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-mariadb-instance-encrypted-in-transit.html)   [rds-sqlserver-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-sqlserver-encrypted-in-transit.html)   [sagemaker-notebook-instance-platform-version](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-platform-version.html)   [appstream-fleet-multi-az](https://docs.aws.amazon.com/config/latest/developerguide/appstream-fleet-multi-az.html)   [apprunner-vpc-connector-multi-az](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-vpc-connector-multi-az.html)   [mq-broker-general-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-broker-general-logging-enabled.html)   [mq-active-single-instance-broker-storage-type-efs](https://docs.aws.amazon.com/config/latest/developerguide/mq-active-single-instance-broker-storage-type-efs.html)   [mq-active-broker-ldap-authentication](https://docs.aws.amazon.com/config/latest/developerguide/mq-active-broker-ldap-authentication.html)   [iottwinmaker-component-type-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iottwinmaker-component-type-tagged.html)   | March 19, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [fsx-openzfs-deployment-type-check](https://docs.aws.amazon.com/config/latest/developerguide/fsx-openzfs-deployment-type-check.html)   [fsx-ontap-deployment-type-check](https://docs.aws.amazon.com/config/latest/developerguide/fsx-ontap-deployment-type-check.html)   [fsx-windows-deployment-type-check](https://docs.aws.amazon.com/config/latest/developerguide/fsx-windows-deployment-type-check.html)   [redshift-serverless-workgroup-routes-within-vpc](https://docs.aws.amazon.com/config/latest/developerguide/redshift-serverless-workgroup-routes-within-vpc.html)   | March 18, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules: [ec2-instance-launched-with-allowed-ami](https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-launched-with-allowed-ami.html) | March 11, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [connect-instance-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/connect-instance-logging-enabled.html)   [ecr-repository-cmk-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecr-repository-cmk-encryption-enabled.html)   [elbv2-predefined-security-policy-ssl-check](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-predefined-security-policy-ssl-check.html)   [glue-spark-job-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/glue-spark-job-supported-version.html)   [guardduty-runtime-monitoring-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-runtime-monitoring-enabled.html)   [guardduty-ecs-protection-runtime-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-ecs-protection-runtime-enabled.html)   [guardduty-ec2-protection-runtime-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-ec2-protection-runtime-enabled.html)   [netfw-subnet-change-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/netfw-subnet-change-protection-enabled.html)   [rds-sql-server-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/rds-sql-server-logs-to-cloudwatch.html)   [sqs-queue-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/sqs-queue-no-public-access.html)   [transfer-connector-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-logging-enabled.html)   | March 7, 2025 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Elastic Compute Cloud (Amazon EC2). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | March 4, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [athena-workgroup-description](https://docs.aws.amazon.com/config/latest/developerguide/athena-workgroup-description.html)   [amplify-app-tagged](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-tagged.html)   [sagemaker-app-image-config-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-app-image-config-tagged.html)   [elasticbeanstalk-application-version-description](https://docs.aws.amazon.com/config/latest/developerguide/elasticbeanstalk-application-version-description.html)   [amplify-branch-performance-mode-enabled](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-performance-mode-enabled.html)   [athena-workgroup-engine-version-auto-upgrade](https://docs.aws.amazon.com/config/latest/developerguide/athena-workgroup-engine-version-auto-upgrade.html)   [sagemaker-image-description](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-image-description.html)   [devicefarm-instance-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/devicefarm-instance-profile-tagged.html)   [transfer-workflow-description](https://docs.aws.amazon.com/config/latest/developerguide/transfer-workflow-description.html)   [ec2-traffic-mirror-session-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-session-tagged.html)   [appstream-fleet-in-vpc](https://docs.aws.amazon.com/config/latest/developerguide/appstream-fleet-in-vpc.html)   [transfer-agreement-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-agreement-tagged.html)   [ec2-traffic-mirror-target-description](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-target-description.html)   [transfer-agreement-description](https://docs.aws.amazon.com/config/latest/developerguide/transfer-agreement-description.html)   [athena-prepared-statement-description](https://docs.aws.amazon.com/config/latest/developerguide/athena-prepared-statement-description.html)   [batch-managed-compute-env-compute-resources-tagged](https://docs.aws.amazon.com/config/latest/developerguide/batch-managed-compute-env-compute-resources-tagged.html)   [codedeploy-deployment-group-auto-rollback-enabled](https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-deployment-group-auto-rollback-enabled.html)   [batch-managed-compute-environment-using-launch-template](https://docs.aws.amazon.com/config/latest/developerguide/batch-managed-compute-environment-using-launch-template.html)   [ec2-prefix-list-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-prefix-list-tagged.html)   [ec2-traffic-mirror-filter-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-filter-tagged.html)   [athena-workgroup-enforce-workgroup-configuration](https://docs.aws.amazon.com/config/latest/developerguide/athena-workgroup-enforce-workgroup-configuration.html)   [transfer-certificate-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-certificate-tagged.html)   [batch-compute-environment-managed](https://docs.aws.amazon.com/config/latest/developerguide/batch-compute-environment-managed.html)   [lightsail-disk-tagged](https://docs.aws.amazon.com/config/latest/developerguide/lightsail-disk-tagged.html)   [transfer-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-profile-tagged.html)   [ec2-traffic-mirror-target-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-target-tagged.html)   [appintegrations-event-integration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appintegrations-event-integration-tagged.html)   [datasync-task-tagged](https://docs.aws.amazon.com/config/latest/developerguide/datasync-task-tagged.html)   [batch-compute-environment-enabled](https://docs.aws.amazon.com/config/latest/developerguide/batch-compute-environment-enabled.html)   [appconfig-configuration-profile-validators-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-configuration-profile-validators-not-empty.html)   [elasticbeanstalk-application-description](https://docs.aws.amazon.com/config/latest/developerguide/elasticbeanstalk-application-description.html)   [codedeploy-deployment-group-outdated-instances-update](https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-deployment-group-outdated-instances-update.html)   [ec2-launch-template-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launch-template-tagged.html)   [fis-experiment-template-tagged](https://docs.aws.amazon.com/config/latest/developerguide/fis-experiment-template-tagged.html)   [ivs-channel-playback-authorization-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ivs-channel-playback-authorization-enabled.html)   [redshift-cluster-parameter-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-parameter-group-tagged.html)   [ec2-traffic-mirror-filter-description](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-filter-description.html)   [appintegrations-event-integration-description](https://docs.aws.amazon.com/config/latest/developerguide/appintegrations-event-integration-description.html)   [athena-data-catalog-description](https://docs.aws.amazon.com/config/latest/developerguide/athena-data-catalog-description.html)   [fis-experiment-template-log-configuration-exists](https://docs.aws.amazon.com/config/latest/developerguide/fis-experiment-template-log-configuration-exists.html)   [amplify-app-description](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-description.html)   [amplify-branch-tagged](https://docs.aws.amazon.com/config/latest/developerguide/amplify-branch-tagged.html)   [batch-job-queue-enabled](https://docs.aws.amazon.com/config/latest/developerguide/batch-job-queue-enabled.html)   [elasticbeanstalk-environment-description](https://docs.aws.amazon.com/config/latest/developerguide/elasticbeanstalk-environment-description.html)   [amplify-app-branch-auto-deletion-enabled](https://docs.aws.amazon.com/config/latest/developerguide/amplify-app-branch-auto-deletion-enabled.html)   [appconfig-hosted-configuration-version-description](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-hosted-configuration-version-description.html)   [appconfig-freeform-profile-config-storage](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-freeform-profile-config-storage.html)   [datasync-task-data-verification-enabled](https://docs.aws.amazon.com/config/latest/developerguide/datasync-task-data-verification-enabled.html)   [apprunner-service-observability-enabled](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-service-observability-enabled.html)   [transfer-certificate-description](https://docs.aws.amazon.com/config/latest/developerguide/transfer-certificate-description.html)   [appconfig-deployment-strategy-replicate-to-ssm](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-deployment-strategy-replicate-to-ssm.html)   [transfer-workflow-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-workflow-tagged.html)   [transfer-connector-tagged](https://docs.aws.amazon.com/config/latest/developerguide/transfer-connector-tagged.html)   [ec2-traffic-mirror-session-description](https://docs.aws.amazon.com/config/latest/developerguide/ec2-traffic-mirror-session-description.html)   [customerprofiles-object-type-allow-profile-creation](https://docs.aws.amazon.com/config/latest/developerguide/customerprofiles-object-type-allow-profile-creation.html)   [sagemaker-image-tagged](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-image-tagged.html)   | February 8, 2025 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Simple Storage Service (Amazon S3) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | February 6, 2025 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Simple Storage Service (Amazon S3) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | January 29, 2025 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS Clean Rooms, Amazon Comprehend, Amazon Elastic Compute Cloud (Amazon EC2), AWS HealthOmics, Amazon Simple Storage Service (Amazon S3), and Amazon Simple Email Service (Amazon SES). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | January 16, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [appmesh-mesh-deny-tcp-forwarding](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-mesh-deny-tcp-forwarding.html)   [sagemaker-model-isolation-enabled](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-isolation-enabled.html)   [evidently-project-description](https://docs.aws.amazon.com/config/latest/developerguide/evidently-project-description.html)   [alb-internal-scheme-check](https://docs.aws.amazon.com/config/latest/developerguide/alb-internal-scheme-check.html)   [evidently-segment-description](https://docs.aws.amazon.com/config/latest/developerguide/evidently-segment-description.html)   [appconfig-environment-description](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-environment-description.html)   [apprunner-service-in-vpc](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-service-in-vpc.html)   [sagemaker-domain-in-vpc](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-domain-in-vpc.html)   [nlb-internal-scheme-check](https://docs.aws.amazon.com/config/latest/developerguide/nlb-internal-scheme-check.html)   [emr-security-configuration-encryption-rest](https://docs.aws.amazon.com/config/latest/developerguide/emr-security-configuration-encryption-rest.html)   [apprunner-service-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-service-no-public-access.html)   [sagemaker-model-in-vpc](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-in-vpc.html)   [appconfig-deployment-strategy-description](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-deployment-strategy-description.html)   [evidently-launch-description](https://docs.aws.amazon.com/config/latest/developerguide/evidently-launch-description.html)   [iot-authorizer-token-signing-enabled](https://docs.aws.amazon.com/config/latest/developerguide/iot-authorizer-token-signing-enabled.html)   | January 9, 2025 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud (Amazon EC2) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | January 9, 2025 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [batch-job-queue-tagged](https://docs.aws.amazon.com/config/latest/developerguide/batch-job-queue-tagged.html)   [iottwinmaker-sync-job-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iottwinmaker-sync-job-tagged.html)   [codeguruprofiler-profiling-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/codeguruprofiler-profiling-group-tagged.html)   [ivs-recording-configuration-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ivs-recording-configuration-tagged.html)   [iottwinmaker-entity-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iottwinmaker-entity-tagged.html)   [iottwinmaker-workspace-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iottwinmaker-workspace-tagged.html)   [iottwinmaker-scene-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iottwinmaker-scene-tagged.html)   [acmpca-certificate-authority-tagged](https://docs.aws.amazon.com/config/latest/developerguide/acmpca-certificate-authority-tagged.html)   [appflow-flow-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appflow-flow-tagged.html)   [iotevents-detector-model-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotevents-detector-model-tagged.html)   [appmesh-virtual-node-logging-file-path-exists](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-logging-file-path-exists.html)   [apprunner-vpc-connector-tagged](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-vpc-connector-tagged.html)   [apprunner-service-tagged](https://docs.aws.amazon.com/config/latest/developerguide/apprunner-service-tagged.html)   [iotwireless-fuota-task-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotwireless-fuota-task-tagged.html)   [appmesh-virtual-node-backend-defaults-tls-on](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-backend-defaults-tls-on.html)   [codegurureviewer-repository-association-tagged](https://docs.aws.amazon.com/config/latest/developerguide/codegurureviewer-repository-association-tagged.html)   [iotevents-input-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotevents-input-tagged.html)   [appmesh-virtual-gateway-logging-file-path-exists](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-gateway-logging-file-path-exists.html)   [batch-compute-environment-tagged](https://docs.aws.amazon.com/config/latest/developerguide/batch-compute-environment-tagged.html)   [batch-scheduling-policy-tagged](https://docs.aws.amazon.com/config/latest/developerguide/batch-scheduling-policy-tagged.html)   [customerprofiles-object-type-tagged](https://docs.aws.amazon.com/config/latest/developerguide/customerprofiles-object-type-tagged.html)   [emr-security-configuration-encryption-transit](https://docs.aws.amazon.com/config/latest/developerguide/emr-security-configuration-encryption-transit.html)   [iotwireless-service-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotwireless-service-profile-tagged.html)   [ivs-playback-key-pair-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ivs-playback-key-pair-tagged.html)   [cassandra-keyspace-tagged](https://docs.aws.amazon.com/config/latest/developerguide/cassandra-keyspace-tagged.html)   [iotevents-alarm-model-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotevents-alarm-model-tagged.html)   [appconfig-application-description](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-application-description.html)   [appmesh-virtual-gateway-backend-defaults-tls](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-gateway-backend-defaults-tls.html)   [ivs-channel-tagged](https://docs.aws.amazon.com/config/latest/developerguide/ivs-channel-tagged.html)   [iotwireless-multicast-group-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotwireless-multicast-group-tagged.html)   | January 8, 2025 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud (Amazon EC2), Amazon Cognito, AWS Elemental MediaConnect, and Amazon OpenSearch Service resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | December 19, 2024 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy now grants additional permissions for AWS Organizations. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | December 18, 2024 | 
| [AWS Config supports service-linked configuration recorders](#DocumentHistory) | With this release, AWS Config supports service-linked configuration recorders. You enable a service-linked configuration recorder in the supported service or using the AWS CLI, and the recorder records the resource types needed for the linked service on your behalf. You can view details of a service-linked configuration recorder using the AWS Config console or AWS CLI. For more information, see [Working with the configuration recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html). | November 27, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [appconfig-application-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-application-tagged.html)   [appconfig-configuration-profile-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-configuration-profile-tagged.html)   [appconfig-environment-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-environment-tagged.html)   [appconfig-extension-association-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appconfig-extension-association-tagged.html)   [appmesh-gateway-route-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-gateway-route-tagged.html)   [appmesh-mesh-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-mesh-tagged.html)   [appmesh-route-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-route-tagged.html)   [appmesh-virtual-gateway-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-gateway-tagged.html)   [appmesh-virtual-node-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-node-tagged.html)   [appmesh-virtual-router-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-router-tagged.html)   [appmesh-virtual-service-tagged](https://docs.aws.amazon.com/config/latest/developerguide/appmesh-virtual-service-tagged.html)   [evidently-launch-tagged](https://docs.aws.amazon.com/config/latest/developerguide/evidently-launch-tagged.html)   [evidently-project-tagged](https://docs.aws.amazon.com/config/latest/developerguide/evidently-project-tagged.html)   [evidently-segment-tagged](https://docs.aws.amazon.com/config/latest/developerguide/evidently-segment-tagged.html)   [frauddetector-entity-type-tagged](https://docs.aws.amazon.com/config/latest/developerguide/frauddetector-entity-type-tagged.html)   [frauddetector-label-tagged](https://docs.aws.amazon.com/config/latest/developerguide/frauddetector-label-tagged.html)   [frauddetector-outcome-tagged](https://docs.aws.amazon.com/config/latest/developerguide/frauddetector-outcome-tagged.html)   [frauddetector-variable-tagged](https://docs.aws.amazon.com/config/latest/developerguide/frauddetector-variable-tagged.html)   [iotsitewise-asset-model-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotsitewise-asset-model-tagged.html)   [iotsitewise-dashboard-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotsitewise-dashboard-tagged.html)   [iotsitewise-gateway-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotsitewise-gateway-tagged.html)   [iotsitewise-portal-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotsitewise-portal-tagged.html)   [iotsitewise-project-tagged](https://docs.aws.amazon.com/config/latest/developerguide/iotsitewise-project-tagged.html)   | November 12, 2024 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS AppConfig, AWS CloudTrail, Amazon Connect, Amazon DataZone, Amazon DevOps Guru, AWS Glue, Identity Store, AWS IoT, AWS IoT FleetWise, AWS IoT Wireless, Amazon Interactive Video Service (Amazon IVS), Amazon CloudWatch Logs, Amazon CloudWatch Observability Access Manager, AWS Payment Cryptography, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition, Amazon Simple Storage Service (Amazon S3), Amazon EventBridge Scheduler, AWS Systems Manager, and Amazon VPC Lattice. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | November 8, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [cognito-user-pool-advanced-security-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-advanced-security-enabled.html) | November 6, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [active-mq-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/active-mq-supported-version.html)   [rabbit-mq-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/rabbit-mq-supported-version.html)   [ec2-vpn-connection-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ec2-vpn-connection-logging-enabled.html)   [appsync-cache-ct-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/appsync-cache-ct-encryption-at-rest.html)   [appsync-cache-ct-encryption-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/appsync-cache-ct-encryption-in-transit.html)   [vpc-endpoint-enabled](https://docs.aws.amazon.com/config/latest/developerguide/vpc-endpoint-enabled.html)   [efs-filesystem-ct-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/efs-filesystem-ct-encrypted.html)   [redshift-cluster-subnet-group-multi-az](https://docs.aws.amazon.com/config/latest/developerguide/redshift-cluster-subnet-group-multi-az.html)   [sns-topic-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-no-public-access.html)   [rabbit-mq-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/rabbit-mq-supported-version.html)   [kms-key-policy-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/kms-key-policy-no-public-access.html)   [rds-mysql-instance-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-mysql-instance-encrypted-in-transit.html)   [rds-postgres-instance-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/rds-postgres-instance-encrypted-in-transit.html)   [rds-sql-server-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/rds-sql-server-logs-to-cloudwatch.html)   [ec2-launch-template-imdsv2-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launch-template-imdsv2-check.html)   | October 21, 2024 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for PCI DSS 4.0 (Excluding global resource types)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss-v4-excluding-global-resource-types.html)   [Operational Best Practices for PCI DSS 4.0 (Including global resource types)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss-v4-including-global-resource-types.html)   | September 23, 2024 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon OpenSearch Service Severless, Amazon AppStream, AWS Backup, AWS CloudTrail, AWS Glue, EC2 Image Builder, AWS IoT, Amazon Interactive Video Service (Amazon IVS), AWS Elemental MediaConnect, AWS Elemental MediaTailor, AWS HealthOmics, and Amazon EventBridge Scheduler. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | September 16, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [ec2-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/ec2-resources-in-logically-air-gapped-vault.html)   [ebs-resources-in-logically-air-gapped-vault ](https://docs.aws.amazon.com/config/latest/developerguide/ebs-resources-in-logically-air-gapped-vault.html)   [aurora-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-in-logically-air-gapped-vault.html)   [efs-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/efs-resources-in-logically-air-gapped-vault.html)   [s3-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/s3-resources-in-logically-air-gapped-vault.html)   [storagegateway-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/storagegateway-resources-in-logically-air-gapped-vault.html)   [virtualmachine-resources-in-logically-air-gapped-vault](https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-resources-in-logically-air-gapped-vault.html)   | September 3, 2024 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for FedRAMP (High Part 1)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-high-part-1.html)   [Operational Best Practices for FedRAMP (High Part 2)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-high-part-2.html)   | August 27, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [athena-workgroup-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/athena-workgroup-logging-enabled.html)   [codebuild-report-group-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-report-group-encrypted-at-rest.html)   [cognito-user-pool-advanced-security-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cognito-user-pool-advanced-security-enabled.html)   [datasync-task-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/datasync-task-logging-enabled.html)   [efs-automatic-backups-enabled](https://docs.aws.amazon.com/config/latest/developerguide/efs-automatic-backups-enabled.html)   [glue-job-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/glue-job-logging-enabled.html)   [glue-ml-transform-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/glue-ml-transform-encrypted-at-rest.html)   [kinesis-stream-backup-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/kinesis-stream-backup-retention-check.html)   [rds-aurora-postgresql-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/rds-aurora-postgresql-logs-to-cloudwatch.html)   [rds-postgresql-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/rds-postgresql-logs-to-cloudwatch.html)   [workspaces-root-volume-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/workspaces-root-volume-encryption-enabled.html)   [workspaces-user-volume-encryption-enabled](https://docs.aws.amazon.com/config/latest/developerguide/workspaces-user-volume-encryption-enabled.html)   | July 22, 2024 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Elastic File System (Amazon EFS), Amazon Redshift and AWS Systems Manager for SAP. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html).  | June 17, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cloudtrail-s3-bucket-public-access-prohibited](https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-bucket-public-access-prohibited.html)   [cloudtrail-s3-bucket-access-logging](https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-s3-bucket-access-logging.html)   | May 8, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [iam-external-access-analyzer-enabled](https://docs.aws.amazon.com/config/latest/developerguide/iam-external-access-analyzer-enabled.html) | May 2, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [guardduty-malware-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-malware-protection-enabled.html)   [guardduty-rds-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-rds-protection-enabled.html)   [guardduty-s3-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-s3-protection-enabled.html)   [inspector-lambda-standard-scan-enabled](https://docs.aws.amazon.com/config/latest/developerguide/inspector-lambda-standard-scan-enabled.html)   | April 26, 2024 | 
| [AWS Config simplifies usage analysis with Amazon CloudWatch](#DocumentHistory) | With this release, the Amazon CloudWatch metrics for monitoring AWS Config data usage will display only billable usage. This means, non-billable usage will no longer be displayed in both the Amazon CloudWatch metrics emitted to AWS Config and the AWS Config console. This allows you to validate AWS Config setup and usage using Amazon CloudWatch metrics and correlate billable usage with associated costs. For more information, see [AWS Config Usage and Success Metrics](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aws-config-dashboard.html#aws-config-dashboard-metrics). | April 26, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [iam-server-certificate-expiration-check](https://docs.aws.amazon.com/config/latest/developerguide/iam-server-certificate-expiration-check.html) | April 23, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [vpc-sg-port-restriction-check](https://docs.aws.amazon.com/config/latest/developerguide/vpc-sg-port-restriction-check.html)   [cloudtrail-all-write-s3-data-event-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-all-write-s3-data-event-check.html)   [cloudtrail-all-read-s3-data-event-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-all-read-s3-data-event-check.html)   | April 17, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [guardduty-eks-protection-audit-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-eks-protection-audit-enabled.html)   [guardduty-eks-protection-runtime-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-eks-protection-runtime-enabled.html)   [guardduty-lambda-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/guardduty-lambda-protection-enabled.html)   [inspector-ec2-scan-enabled](https://docs.aws.amazon.com/config/latest/developerguide/inspector-ec2-scan-enabled.html)   [inspector-ecr-scan-enabled](https://docs.aws.amazon.com/config/latest/developerguide/inspector-ecr-scan-enabled.html)   [inspector-lambda-code-scan-enabled](https://docs.aws.amazon.com/config/latest/developerguide/inspector-lambda-code-scan-enabled.html)   [redshift-unrestricted-port-access](https://docs.aws.amazon.com/config/latest/developerguide/redshift-unrestricted-port-access.html)   | April 16, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [efs-mount-target-public-accessible](https://docs.aws.amazon.com/config/latest/developerguide/efs-mount-target-public-accessible.html) | March 20, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [dms-neptune-iam-authorization-enabled](https://docs.aws.amazon.com/config/latest/developerguide/dms-neptune-iam-authorization-enabled.html)   [dms-mongo-db-authentication-enabled](https://docs.aws.amazon.com/config/latest/developerguide/dms-mongo-db-authentication-enabled.html)   [dms-redis-tls-enabled](https://docs.aws.amazon.com/config/latest/developerguide/dms-redis-tls-enabled.html)   [dax-tls-endpoint-encryption](https://docs.aws.amazon.com/config/latest/developerguide/dax-tls-endpoint-encryption.html)   [eks-cluster-secrets-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-secrets-encrypted.html)   [kinesis-firehose-delivery-stream-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/kinesis-firehose-delivery-stream-encrypted.html)   [mq-cloudwatch-audit-log-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-cloudwatch-audit-log-enabled.html)   [mq-cloudwatch-audit-log-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-cloudwatch-audit-log-enabled.html)   [opensearch-primary-node-fault-tolerance](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-primary-node-fault-tolerance.html)   [sagemaker-endpoint-config-prod-instance-count](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-endpoint-config-prod-instance-count.html)   [service-catalog-shared-within-organization](https://docs.aws.amazon.com/config/latest/developerguide/service-catalog-shared-within-organization.html)   [transfer-family-server-no-ftp](https://docs.aws.amazon.com/config/latest/developerguide/transfer-family-server-no-ftp.html)   | February 26, 2024 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Service for Prometheus, Amazon CloudWatch, Amazon Cognito, Amazon ElastiCache, Amazon FSx, AWS Glue, AWS Identity and Access Management (IAM), AWS Lambda, AWS RAM, Amazon Redshift Serverless, Amazon SageMaker AI, and Amazon Simple Notification Service (Amazon SNS). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | February 22, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [s3-bucket-cross-region-replication-enabled](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-cross-region-replication-enabled.html) | February 12, 2024 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS AppConfig, Amazon CloudWatch Evidently, AWS Identity and Access Management (IAM), Amazon MemoryDB (MemoryDB), Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Redshift, and AWS Transfer Family resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | February 6, 2024 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rule: [macie-auto-sensitive-data-discovery-check](https://docs.aws.amazon.com/config/latest/developerguide/macie-auto-sensitive-data-discovery-check.html) | January 29, 2024 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon AppStream, AWS Key Management Service (AWS KMS), Amazon Relational Database Service (Amazon RDS), Amazon Cognito, Amazon Elastic Compute Cloud (Amazon EC2), EC2 Image Builder, AWS Ground Station, AWS Mainframe Modernization, Amazon Quick, Amazon Redshift, and AWS Systems Manager resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | January 3, 2024 | 
| [Service limits increase for the maximum number of AWS Config Rules per Region per account](#DocumentHistory) | With this release, AWS Config supports 1000 AWS Config rules per AWS Region per account. This increase applies to the total of all deployed rules including AWS Config managed rules, AWS Config custom rules, AWS Config conformance packs, AWS Security Hub CSPM controls, AWS Firewall Manager policies, and AWS Backup backup plans per Region per account. For more information, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html). | December 19, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [s3-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/s3-meets-restore-time-target.html)   [ebs-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/ebs-meets-restore-time-target.html)   [ec2-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/ec2-meets-restore-time-target.html)   [rds-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/rds-meets-restore-time-target.html)   [efs-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/efs-meets-restore-time-target.html)   [fsx-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/fsx-meets-restore-time-target.html)   [aurora-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/aurora-meets-restore-time-target.html)   [dynamodb-meets-restore-time-target](https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-meets-restore-time-target.html)   | December 19, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS AppConfig, Amazon Managed Service for Prometheus, AWS Database Migration Service (AWS DMS), (AWS Identity and Access Management) IAM, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon CloudWatch Logs, AWS Organizations, and Amazon Simple Storage Service (Amazon S3). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | December 5, 2023 | 
| [Preview release: Natural language query processor for advanced queries](#DocumentHistory) | With this release, you can use the natural language query processor for advanced queries, which uses generative artificial intelligence (generative AI) capabilities that allow you to ask questions in plain English and convert them into a ready-to-use query format. With the natural language query processor, you can query your AWS account or across an AWS organization. For more information, see [Natural language query processor for advanced queries](https://docs.aws.amazon.com/config/latest/developerguide/query-assistant.html). | November 26, 2023 | 
| [Periodic recording](#DocumentHistory) | With this release, AWS Config supports periodic recording. Periodic recording provides you with the ability to capture the latest configuration changes for your resources over a fixed period of time. You can now set the default frequency for the configuration recorder to Daily, allowing you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded. The AWS Config console also introduces a new recording strategy experience, where you can also override the recording frequency for specific resource types or exclude specific resource types from recording. This can help make your settings fit your granular requirements.The following data types are added:  [RecordingMode](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingMode.html)   [RecordingModeOverride](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingModeOverride.html)  The following data types are updated:  [PutConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConfigurationRecorder.html)   [ConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationRecorder.html)   [BaseConfigurationItem](https://docs.aws.amazon.com/config/latest/APIReference/API_BaseConfigurationItem.html)   [ConfigurationItem](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationItem.html)  The following pages in the developer guide are updated:  [Recoding AWS Resources](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html)   [Setting up AWS Config with the AWS Config Console \$1 1-click setup](https://docs.aws.amazon.com/config/latest/developerguide/1-click-setup.html)   [Setting up AWS Config with the AWS Config Console \$1 Manual setup](https://docs.aws.amazon.com/config/latest/developerguide/manual-setup.title.html)   [Setting up AWS Config with the AWS CLI](https://docs.aws.amazon.com/config/latest/developerguide/gs-cli-subscribe.html)   | November 26, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Cognito, Amazon Connect, Amazon EMR, AWS Ground Station, AWS Mainframe Modernization, Amazon MemoryDB, AWS Organizations, Amazon Quick, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, Amazon Route 53, AWS Service Catalog, and AWS Transfer Family.The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy also now add security identifiers (SID) for `AWSConfigServiceRolePolicyStatementID`, `AWSConfigSLRLogStatementID`, `AWSConfigSLRLogEventStatementID`, `AWSConfigSLRApiGatewayStatementID`, and `AWSConfigServiceRolePolicy` policy.For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | November 17, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [acm-pca-root-ca-disabled](https://docs.aws.amazon.com/config/latest/developerguide/acm-pca-root-ca-disabled.html)   [dynamodb-table-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-table-deletion-protection-enabled.html)   [ec2-client-vpn-connection-log-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ec2-client-vpn-connection-log-enabled.html)   [eks-cluster-log-enabled](https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-log-enabled.html)   [emr-block-public-access](https://docs.aws.amazon.com/config/latest/developerguide/emr-block-public-access.html)   [fsx-windows-audit-log-configured](https://docs.aws.amazon.com/config/latest/developerguide/fsx-windows-audit-log-configured.html)   [fsx-openzfs-copy-tags-enabled](https://docs.aws.amazon.com/config/latest/developerguide/fsx-openzfs-copy-tags-enabled.html)   [fsx-lustre-copy-tags-to-backups](https://docs.aws.amazon.com/config/latest/developerguide/fsx-lustre-copy-tags-to-backups.html)   [msk-enhanced-monitoring-enabled](https://docs.aws.amazon.com/config/latest/developerguide/msk-enhanced-monitoring-enabled.html)   [mq-auto-minor-version-upgrade-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-auto-minor-version-upgrade-enabled.html)   [neptune-cluster-multi-az-enabled](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-multi-az-enabled.html)   [opensearch-update-check](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-update-check.html)   [s3-access-point-in-vpc-only](https://docs.aws.amazon.com/config/latest/developerguide/s3-access-point-in-vpc-only.html)   [s3-access-point-public-access-blocks](https://docs.aws.amazon.com/config/latest/developerguide/s3-access-point-public-access-blocks.html)   [s3-bucket-mfa-delete-enabled](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-mfa-delete-enabled.html)   | November 9, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Identity and Access Management (IAM), AWS Network Manager, AWS Private Certificate Authority (AWS Private CA), AWS App Mesh, Amazon Connect, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), AWS IoT, AWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka Connect (Amazon MSK Connect), AWS Lambda, and AWS Resource Explorer resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | November 3, 2023 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance pack: [Operational Best Practices for BNM RMiT](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-bnm-rmit.html) | October 26, 2023 | 
| [Compliance and Inventory Dashboards for Aggregators](#DocumentHistory) | With this release, AWS Config adds a compliance dashboard page and an inventory dashboard page to the aggregated view in the AWS Config console. For the compliance dashboard page, you can view automated dashboards with widgets that summarize insights on resource compliance within your aggregator, such as Top 10 resource types by noncompliant resources, Top 10 account level conformance packs by noncompliant rules, and more.For the inventory dashboard page, you can view automated dashboard with widgets that summarize insights on resource configuration data within your aggregator, such as Top 10 resource types by resource count, Top 10 accounts by resource count, and more.For information on the graph and charts, see [Compliance dashboard](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aggregate-dashboard.html#aggregate-compliance-dashboard) and [Inventory dashboard](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aggregate-dashboard.html#aggregate-resource-dashboard). | October 23, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS Private CA, AWS App Mesh, Amazon Connect, Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Evidently, Amazon Managed Grafana, Amazon GuardDuty, Amazon Inspector, AWS IoT, AWS IoT TwinMaker, Amazon Managed Streaming for Apache Kafka (Amazon MSK), AWS Lambda, AWS Network Manager, AWS Organizations, and Amazon SageMaker AI. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | October 4, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS IoT, AWS IoT TwinMaker, AWS IoT Wireless, Amazon Personalize Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon SageMaker AI, AWS CodeBuild, Amazon AppStream, and Amazon Inspector resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | October 4, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [docdb-cluster-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-deletion-protection-enabled.html)   [docdb-cluster-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-audit-logging-enabled.html)   [docdb-cluster-snapshot-public-prohibited](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-snapshot-public-prohibited.html)   [mq-active-deployment-mode](https://docs.aws.amazon.com/config/latest/developerguide/mq-active-deployment-mode.html)   [mq-rabbit-deployment-mode](https://docs.aws.amazon.com/config/latest/developerguide/mq-rabbit-deployment-mode.html)   [dms-auto-minor-version-upgrade-check](https://docs.aws.amazon.com/config/latest/developerguide/dms-auto-minor-version-upgrade-check.html)   [dms-replication-task-targetdb-logging](https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-task-targetdb-logging.html)   [dms-replication-task-sourcedb-logging](https://docs.aws.amazon.com/config/latest/developerguide/dms-replication-task-sourcedb-logging.html)   [dms-endpoint-ssl-configured](https://docs.aws.amazon.com/config/latest/developerguide/dms-endpoint-ssl-configured.html)   [custom-eventbus-policy-attached](https://docs.aws.amazon.com/config/latest/developerguide/custom-eventbus-policy-attached.html)   [global-endpoint-event-replication-enabled](https://docs.aws.amazon.com/config/latest/developerguide/global-endpoint-event-replication-enabled.html)   [route53-query-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/route53-query-logging-enabled.html)   [rds-aurora-mysql-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/rds-aurora-mysql-audit-logging-enabled.html)   [rds-cluster-auto-minor-version-upgrade-enable](https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-auto-minor-version-upgrade-enable.html)   [appsync-authorization-check](https://docs.aws.amazon.com/config/latest/developerguide/appsync-authorization-check.html)   [netfw-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/netfw-deletion-protection-enabled.html)   [wafv2-rulegroup-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/wafv2-rulegroup-logging-enabled.html)   [msk-in-cluster-node-require-tls](https://docs.aws.amazon.com/config/latest/developerguide/msk-in-cluster-node-require-tls.html)   | September 21, 2023 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for Amazon S3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-amazon-s3.html)   [Operational Best Practices for EC2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-EC2.html.html)   | September 8, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy now removes permissions for AWS Systems Manager (Systems Manager). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | September 6, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon CodeGuru Profiler, AWS Elemental MediaConnect, AWS Transfer Family, Amazon Managed Service for Prometheus, AWS Batch, AWS Cloud Map, and Amazon Route 53 Resolver resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | September 6, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [athena-workgroup-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/athena-workgroup-encrypted-at-rest.html)   [neptune-cluster-iam-database-authentication](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-iam-database-authentication.html)   [neptune-cluster-copy-tags-to-snapshot-enabled](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-copy-tags-to-snapshot-enabled.html)   [neptune-cluster-cloudwatch-log-export-enabled](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-cloudwatch-log-export-enabled.html)   [neptune-cluster-deletion-protection-enabled](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-deletion-protection-enabled.html)   [neptune-cluster-snapshot-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-snapshot-encrypted.html)   [neptune-cluster-backup-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-backup-retention-check.html)   [neptune-cluster-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-encrypted.html)   [neptune-cluster-snapshot-public-prohibited](https://docs.aws.amazon.com/config/latest/developerguide/neptune-cluster-snapshot-public-prohibited.html)   [docdb-cluster-backup-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-backup-retention-check.html)   [docdb-cluster-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/docdb-cluster-encrypted.html)   [rds-cluster-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-encrypted-at-rest.html)   | August 10, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Amplify, Amazon AppIntegrations, AWS App Mesh, Amazon Athena, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast, AWS IoT Greengrass Version 2, AWS Ground Station, AWS Elemental MediaConvert, AWS Elemental MediaTailor, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Personalize, Amazon Pinpoint, and AWS Resilience Hub resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | August 3, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Workflows for AWS App Mesh, Amazon WorkSpaces Applications, AWS CloudFormation, Amazon CloudFront AWS CodeArtifact, AWS CodeBuild, Amazon Connect, AWS Glue, Amazon GuardDuty, AWS Identity and Access Management (IAM), Amazon Inspector, AWS IoT, AWS IoT TwinMaker, AWS IoT Wireless, Amazon Managed Streaming for Apache Kafka, Amazon Macie, AWS Elemental MediaConnect, AWS Network Manager, AWS Organizations, AWS Resource Explorer, Amazon Route 53, Amazon Simple Storage Service (Amazon S3), Amazon Simple Notification Service (Amazon SNS), and Amazon EC2 Systems Manager (SSM). For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 28, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Kinesis, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint, Amazon Simple Storage Service (Amazon S3), Amazon Virtual Private Cloud (Amazon VPC), Amazon Kendra, Amazon Connect, AWS CloudFormation, AWS AppConfig, AWS App Mesh, AWS App Runner, and AWS Database Migration Service (AWS DMS) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | July 10, 2023 | 
| [Service limits increase for organization conformance packs](#DocumentHistory) | With this release, AWS Config supports 350 AWS Config rules per region per account across all conformance packs and 350 organizational AWS Config rules per organization. For more information, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html). | June 13, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Workflows for AWS Amplify, Amazon Connect, AWS App Mesh, Amazon Managed Service for Prometheus, Amazon Athena, AWS Batch, AWS CloudFormation, AWS CloudTrail, AWS CodeArtifact, Amazon CodeGuru, AWS Directory Service, Amazon DynamoDB, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast, AWS Organizations, AWS IoT Greengrass, AWS Ground Station, AWS Identity and Access Management (IAM), Amazon Managed Streaming for Apache Kafka(Amazon MSK), Amazon Lightsail, Amazon CloudWatch Logs, AWS Elemental MediaConnect, AWS Elemental MediaTailor, Amazon Pinpoint, Amazon Virtual Private Cloud (Amazon VPC), Amazon Personalize, Amazon Quick, AWS Migration Hub Refactor Spaces, Amazon Simple Storage Service (Amazon S3), Amazon SageMaker AI, and AWS Transfer Family. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | June 13, 2023 | 
| [AWS Config Recording Exclusions by Resource Type](#DocumentHistory) | With this release, AWS Config allows you to exclude specific types of AWS resources from inventory tracking and compliance monitoring while still tracking all other supported resource types currently available in AWS Config, including those that will be added in the future. You can use this feature to concentrate on critical resources that are subject to your compliance and governance standards.The updates to the API for the configuration recorder and recording group are backward compatible, meaning that they work with previous versions of the [PutConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConfigurationRecorder.html) API. You can continue to manage which resource types are recorded in the exact same way as before without using the updated or new APIs.The following data types are added:  [RecordingStrategy](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html)   [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html)  The following data types are updated:  [PutConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConfigurationRecorder.html)   [ConfigurationRecorder](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigurationRecorder.html)   [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html)  The following page in the developer guide is updated:  [Selecting Which Resources are Recorded](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html)   | June 9, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Container Service (Amazon ECS), Amazon Keyspaces (for Apache Cassandra) (Amazon Keyspaces), AWS Signer, AWS Amplify, AWS App Mesh, AWS App Runner, Amazon WorkSpaces Applications, AWS CodeArtifact, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast, AWS Identity and Access Management (IAM), Amazon Pinpoint, Amazon SageMaker AI, AWS Transfer Family, Amazon Data Firehose resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | June 5, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [cloudfront-s3-origin-access-control-enabled](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-s3-origin-access-control-enabled.html)   [custom-schema-registry-policy-attached](https://docs.aws.amazon.com/config/latest/developerguide/custom-schema-registry-policy-attached.html)   [ec2-client-vpn-not-authorize-all](https://docs.aws.amazon.com/config/latest/developerguide/ec2-client-vpn-not-authorize-all.html)   [elasticache-supported-engine-version](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-supported-engine-version.html)   [macie-status-check](https://docs.aws.amazon.com/config/latest/developerguide/macie-status-check.html)   [mq-automatic-minor-version-upgrade-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-automatic-minor-version-upgrade-enabled.html)   [mq-cloudwatch-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/mq-cloudwatch-audit-logging-enabled.html)   [netfw-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/netfw-logging-enabled.html)   [opensearch-encrypted-at-res](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-encrypted-at-res.html)   [step-functions-state-machine-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/step-functions-state-machine-logging-enabled.html)   | May 10, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Route 53 Resolver, Amazon Elastic Compute Cloud (Amazon EC2), AWS IoT Wireless, AWS Network Manager, AWS Device Farm, AWS Ground Station, Amazon AppFlow, Amazon Redshift, Amazon Pinpoint, AWS IoT, AWS AppConfig, EC2 Image Builder, Amazon CloudWatch, AWS Panorama, Amazon SageMaker Runtime, Amazon ECR, and AWS Audit Manager resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | May 5, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to `AWS::NetworkFirewall::TLSInspectionConfiguration`. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#awsnetworkfirewall). | May 1, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Workflows for AWS Amplify, AWS App Mesh, AWS App Runner, Amazon CloudFront, AWS CodeArtifact, Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI, AWS Transfer Family, Amazon Pinpoint, AWS Migration Hub, AWS Resilience Hub, Amazon CloudWatch, AWS Directory Service, and AWS WAF. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | April 13, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [elasticache-auto-minor-version-upgrade-check](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-auto-minor-version-upgrade-check.html)   [elasticache-repl-grp-auto-failover-enabled](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-repl-grp-auto-failover-enabled.html)   [elasticache-repl-grp-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-repl-grp-encrypted-at-rest.html)   [elasticache-repl-grp-encrypted-in-transit](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-repl-grp-encrypted-in-transit.html)   [elasticache-repl-grp-redis-auth-enabled](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-repl-grp-redis-auth-enabled.html)   [elasticache-subnet-group-check](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-subnet-group-check.html)   [cloudfront-s3-origin-non-existent-bucket](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-s3-origin-non-existent-bucket.html)   | April 10, 2023 | 
| [Service limits increase for organization conformance packs](#DocumentHistory) | With this release, AWS Config supports 350 AWS Config rules per account across all organization conformance packs. For more information, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html). | April 3, 2023 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [acm-certificate-rsa-check](https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-rsa-check.html)   [appsync-associated-with-waf](https://docs.aws.amazon.com/config/latest/developerguide/appsync-associated-with-waf.html)   [appsync-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/appsync-logging-enabled.html)   [elasticache-rbac-auth-enabled](https://docs.aws.amazon.com/config/latest/developerguide/elasticache-rbac-auth-enabled.html)   [mq-no-public-access](https://docs.aws.amazon.com/config/latest/developerguide/mq-no-public-access.html)   [netfw-multi-az-enabled](https://docs.aws.amazon.com/config/latest/developerguide/netfw-multi-az-enabled.html)   [ses-malware-scanning-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ses-malware-scanning-enabled.html)   [eks-cluster-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-logging-enabled.html)   [appsync-cache-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/appsync-cache-encryption-at-rest.html)   | April 3, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon WorkSpaces Applications, AWS Auto Scaling, Amazon Connect Amazon Elastic Compute Cloud, Amazon EventBridge, HealthLake, Kinesis video stream, AWS IoT TwinMaker, Lookout for Vision, Network Manager, Amazon Pinpoint, Amazon Application Recovery Controller (ARC), and AWS RoboMaker resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | April 3, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Workflows for Amazon AppFlow, AWS App Runner, Amazon WorkSpaces Applications, AWS CloudFormation, Amazon CloudFront, Amazon CloudWatch, AWS CodeArtifact, AWS CodeCommit, AWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast, AWS Ground Station, AWS Identity and Access Management (IAM), AWS IoT, Amazon MemoryDB, Amazon Pinpoint, AWS Network Manager, AWS Panorama, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, and Amazon SageMaker AI. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | March 30, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS Audit Manager. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | March 3, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Elemental MediaPackage, Amazon EventBridge, AWS IoT, (Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Lookout for Metrics, Amazon Lex, AWS Budgets, AWS Device Farm, Amazon CodeGuru Reviewer, Amazon Route 53 Resolver, and AWS RoboMaker resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | March 2, 2023 | 
| [Security IAM update](#DocumentHistory) | AWS Config now tracks changes to the `AWSConfigMultiAccountSetupPolicy` policy. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AWSConfigMultiAccountSetupPolicy). | February 27, 2023 | 
| [AWS Config Resource Coverage by Region Availability](#DocumentHistory) | With this release, AWS Config provides Region information for each supported resource type. For information on which resource types are supported in which Regions, see [Resource Coverage by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html). | February 20, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Interactive Video Service (Amazon IVS), Amazon Simple Storage Service (Amazon S3), AWS Glue, Amazon Elastic Kubernetes Service (Amazon EKS), AWS IoT, Amazon Relational Database Service (Amazon RDS), and Managed Service for Apache Flink resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | February 7, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Workflows for Apache Airflow, AWS IoT, Amazon WorkSpaces Applications, Amazon CodeGuru Reviewer, AWS HealthLake, Amazon Kinesis Video Streams, Amazon Application Recovery Controller (ARC), AWS Device Farm, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Pinpoint, AWS Identity and Access Management (IAM), Amazon GuardDuty, and Amazon CloudWatch Logs. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | February 1, 2023 | 
| [Security IAM update](#DocumentHistory) | As a security best practice, the `ConfigConformsServiceRolePolicy` policy now removes broad resource-level permission for `config:DescribeConfigRules`. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | January 12, 2023 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Managed Service for Prometheus, AWS Audit Manager, AWS Device Farm, AWS Database Migration Service (AWS DMS), AWS Directory Service, Amazon Elastic Compute Cloud (Amazon EC2), AWS Glue, AWS IoT, Amazon Lightsail, AWS Elemental MediaPackage, AWS Network Manager, Amazon Quick, AWS Resource Access Manager, Amazon Application Recovery Controller (ARC), Amazon Simple Storage Service (Amazon S3), and Amazon Timestream. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | January 10, 2023 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon MQ, AWS AppConfig, AWS Cloud9, Amazon EventBridge schemas, Amazon Fraud Detector, AWS IoT, AWS IoT Analytics, Amazon Lightsail, AWS Elemental MediaPackage (MediaPackage), Amazon Application Recovery Controller (ARC), AWS Resilience Hub, and AWS Transfer Family resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | January 5, 2023 | 
| [AWS Config rule resource coverage](#DocumentHistory) | With this release, AWS Config displays the resource type coverage for an increased number of AWS Config managed rules. | December 21, 2022 | 
| [AWS Config rule discoverability](#DocumentHistory) | With this release, AWS Config supports pages for [List of AWS Config Managed Rules by Evaluation Mode](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-evaluation-mode.html), [List of AWS Config Managed Rules by Trigger Type](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-trigger-type.html), and [List of AWS Config Managed Rules by Region Availability](https://docs.aws.amazon.com/config/latest/developerguide/managing-rules-by-region-availability.html). | December 21, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for K-ISMS](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-k-isms.html)   [Operational Best Practices for NIST 800 171](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-171.html)   [Operational Best Practices for PCI DSS 3.2.1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss.html)   [ Operational Best Practices for Esquema Nacional de Seguridad (ENS) High](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens_high.html)   [ Operational Best Practices for Esquema Nacional de Seguridad (ENS) Medium](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-medium.html)   [ Operational Best Practices for Esquema Nacional de Seguridad (ENS) Low](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-low.html)   [Operational Best Practices for NZISM](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nzism.html)   [Operational Best Practices for NIST 800-53 rev 5](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_5.html)   | December 19, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [api-gwv2-access-logs-enabled](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-access-logs-enabled.html)   [api-gwv2-authorization-type-configured](https://docs.aws.amazon.com/config/latest/developerguide/api-gwv2-authorization-type-configured.html)   [cloudfront-security-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-security-policy-check.html)   [ec2-launch-template-public-ip-disabled](https://docs.aws.amazon.com/config/latest/developerguide/ec2-launch-template-public-ip-disabled.html)   [elastic-beanstalk-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/elastic-beanstalk-logs-to-cloudwatch.html)   [sagemaker-notebook-instance-inside-vpc](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-inside-vpc.html)   [sagemaker-notebook-instance-root-access-check](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-root-access-check.html)   [security-account-information-provided](https://docs.aws.amazon.com/config/latest/developerguide/security-account-information-provided.html)   [storagegateway-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/storagegateway-resources-protected-by-backup-plan.html)   [wafv2-rulegroup-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/wafv2-rulegroup-not-empty.html)   [wafv2-webacl-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/wafv2-webacl-not-empty.html)   | December 9, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon CloudWatch RUM, Amazon EventBridge, Amazon GuardDuty, Amazon Simple Email Service (Amazon SES), AWS Backup, AWS DataSync, and AWS Fault Injection Service (AWS FIS) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | December 9, 2022 | 
| [AWS Config Proactive Compliance](#DocumentHistory) | With this release, AWS Config supports the ability to proactively check for compliance with AWS Config rules before resource provisioning. This allows you to evaluate the configuration settings of your resources before they are created or updated. Use AWS Config to track the configuration changes made to your resources, either pre-provisioning or post-provisioning, and check if your resources match your desired configurations.The following data types are added:  [GetResourceEvaluationSummary](https://docs.aws.amazon.com/config/latest/APIReference/API_GetResourceEvaluationSummary.html)   [StartResourceEvaluation](https://docs.aws.amazon.com/config/latest/APIReference/API_StartResourceEvaluation.html)   [ListResourceEvaluations](https://docs.aws.amazon.com/config/latest/APIReference/API_ListResourceEvaluations.html)  The following data types are updated:  [DescribeConfigRulesFilters](https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigRulesFilters.html)   [GetComplianceDetailsByResource](https://docs.aws.amazon.com/config/latest/APIReference/API_GetComplianceDetailsByResource.html#config-GetComplianceDetailsByResource-request-ResourceEvaluationId)   [EvaluationResultQualifier](https://docs.aws.amazon.com/config/latest/APIReference/API_EvaluationResultQualifier.html)   [EvaluationModeConfiguration](https://docs.aws.amazon.com/config/latest/APIReference/API_EvaluationModeConfiguration.html)  The following pages in the developer guide are updated:  [Components of an AWS Config Rule](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_components.html)   [Evaluation Mode and Trigger Types for AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_components.html#evaluate-config_use-managed-rules-proactive-detective)   [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html)   [AWS Config Custom Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)   [Managing Your AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html)   | November 28, 2022 | 
| [Drift Detection as Configuration Item (CI) for the AWS Config Configuration Recorder](#DocumentHistory) | With this release, AWS Config tracks all changes to the configuration recorder to indicate if the state of the configuration recorder differs, or has *drifted*, from its previous state; for example, if there are updates to resource types that you have enabled AWS Config to track, if you have stopped or started the configuration recorder, or if you have deleted or uninstalled the configuration recorder. The `AWS::Config::ConfigurationRecorder` resource type is a system resource type of AWS Config and recording of this resource type is enabled by default in all supported Regions. Recording for the `AWS::Config::ConfigurationRecorder` resource type comes with no additional charge. For more information, see [Drift Detection for the Configuration Recorder](https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html#drift-detection). | November 18, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS IoT Events, AWS Cloud Map, EC2 Image Builder, AWS DataSync, AWS Glue, Amazon Application Recovery Controller (ARC), and Amazon Elastic Container Registry (Amazon ECR) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | November 8, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS CloudFormation. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | November 7, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for Criminal Justice Information Services (CJIS)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cjis.html)   [Security Best Practices for Amazon SageMaker AI](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-ECR.html)   [Security Best Practices for Amazon Elastic Container Registry](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-SageMaker.html)  The following conformance packs are updated:  [Operational Best Practices for MAS TRMG](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-mas-trmg.html)   [Operational Best Practices for NCSC Cyber Assesment Framework](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ncsc_cafv3.html)   [Operational Best Practices for NCSC Cloud Security Principles](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ncsc.html)   | October 27, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS Certificate Manager, Amazon Managed Workflows for Apache Airflow, AWS Amplify, AWS AppConfig, Amazon Keyspaces, Amazon CloudWatch, Amazon Connect, AWS Glue DataBrew, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Kubernetes Service (Amazon EKS), Amazon EventBridge, AWS Fault Injection Service, Amazon Fraud Detector, Amazon FSx, Amazon GameLift Servers, Amazon Location Service, AWS IoT, Amazon Lex, Amazon Lightsail, Amazon Pinpoint, OpsWorks, AWS Panorama, AWS Resource Access Manager, Amazon Quick, Amazon Relational Database Service (Amazon RDS), Amazon Rekognition, AWS RoboMaker, AWS Resource Groups, Amazon Route 53, Amazon Simple Storage Service (Amazon S3), AWS Cloud Map, and AWS Security Token Service. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | October 19, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Email Service (Amazon SES), AWS AppConfig, AWS Cloud Map, and AWS DataSync resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | October 6, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon GuardDuty, Amazon SageMaker AI, AWS AppSync, AWS Cloud Map, and AWS DataSync resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | October 4, 2022 | 
| [AWS Config supports new conformance pack](#DocumentHistory) | With this release, AWS Config updates the [Operational Best Practices for SWIFT CSP](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-swift-csp.html) conformance pack. | October 4, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for CMMC 2.0 Level 1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_2.0_level_1.html)   [Operational Best Practices for CMMC 2.0 Level 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_2.0_level_2.html)  The following conformance packs are updated:  [Operational Best Practices for Amazon API Gateway](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-amazon-API-gateway.html)   [Operational Best Practices for AWS Well-Architected Framework Reliability Pillar](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-wa-Reliability-Pillar.html)   [Operational Best Practices for AWS Well-Architected Framework Security Pillar](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-wa-Security-Pillar.html)   [Operational Best Practices for CMMC Level 1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_1.html)   [Operational Best Practices for CMMC Level 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_2.html)   [Operational Best Practices for CMMC Level 3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_3.html)   [Operational Best Practices for CMMC Level 4](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_4.html)   [Operational Best Practices for CMMC Level 5](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_5.html)   [Operational Best Practices for FFIEC](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ffiec.html)   [Operational Best Practices for FedRAMP(Low)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-low.html)   [Operational Best Practices for MAS Notice 655](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-mas_notice_655.html)   [Operational Best Practices for NBC TRMG](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nbc-trmg.html)   [Operational Best Practices for NIST 800 172](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-172.html)   | September 30, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS Glue. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | September 14, 2022 | 
| [AWS Config supports new conformance pack](#DocumentHistory) | With this release, AWS Config supports the [Operational Best Practices for SWIFT CSP](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-swift-csp.html) conformance pack. | September 9, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon AppFlow, Amazon CloudWatch, Amazon CloudWatch RUM, Amazon CloudWatch Synthetics, Amazon Connect Customer Profiles, Amazon Connect Voice ID, Amazon DevOps Guru, Amazon Elastic Compute Cloud (Amazon EC2), Amazon EC2 Auto Scaling, Amazon EMR, Amazon EventBridge, Amazon EventBridge Schemas, Amazon FinSpace, Amazon Fraud Detector, Amazon GameLift Servers, Amazon Interactive Video Service (Amazon IVS), Amazon Managed Service for Apache Flink, EC2 Image Builder, Amazon Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon Nimble StudioAmazon Pinpoint, Amazon Quick, Amazon Application Recovery Controller (ARC), Amazon Route 53 Resolver, Amazon Simple Storage Service (Amazon S3), Amazon SimpleDB, Amazon Simple Email Service (Amazon SES), Amazon Timestream, AWS AppConfig, AWS AppSync, AWS Auto Scaling, AWS Backup, AWS Budgets, AWS Cost Explorer, AWS Cloud9, AWS Directory Service, AWS DataSync, AWS Elemental MediaPackage, AWS Glue, AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, and AWS Transfer Family. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | September 7, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for Amazon CloudWatch](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-amazon-cloudwatch.html)   [Operational Best Practices for Germany Cloud Computing Compliance Controls Catalog (C5)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-germany-c5.html)   [Operational Best Practices for IRS 1075](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-irs-1075.html)  The following conformance packs are updated:  [AWS Control Tower Detective Guardrails Conformance Pack](https://docs.aws.amazon.com/config/latest/developerguide/aws-control-tower-detective-guardrails.html)   [Operational Best Practices for CISA Cyber Essentials](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cisa-ce.html)   [Operational Best Practices for ENISA Cybersecurity guide for SMEs](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-enisa-cybersecurity-guide-for-smes.html)   [Operational Best Practices for FDA Title 21 CFR Part 11](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-FDA-21CFR-Part-11.html)   [Operational Best Practices for FedRAMP(Moderate)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-moderate.html)   [Operational Best Practices for HIPAA Security](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-hipaa_security.html)   [Operational Best Practices for NIST Privacy Framework v1.0](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_privacy_framework.html)   [Operational Best Practices for NYDFS 23](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-us_nydfs.html)   [Operational Best Practices for RBI Cyber Security Framework for UCBs](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-rbi-bcsf-ucb.html)   [Operational Best Practices for RBI MD-ITF](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-rbi-md-itf.html)   | August 31, 2022 | 
| [Getting Started with AWS Config and Custom Conformance Pack updates](#DocumentHistory) | With this release, AWS Config updates the [Getting Started with AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/getting-started.html) and [Setting Up AWS Config with the Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html) pages, introducing a [1-click setup](https://docs.aws.amazon.com/config/latest/developerguide/1-click-setup.html) and [Manual setup](https://docs.aws.amazon.com/config/latest/developerguide/manual-setup.title.html) page. AWS Config also updates the [Custom Conformance Pack](https://docs.aws.amazon.com/config/latest/developerguide/custom-conformance-pack.html) page with a walkthrough on how to create a conformance pack YAML file from scratch. | August 25, 2022 | 
| [AWS Systems Manager Document (SSM document) Integration with Conformance Packs](#DocumentHistory) | With this release, you can create a conformance pack template with an SSM document. For more information on SSM documents, see [AWS Systems Manager Documents](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html) in the AWS Systems Manager User Guide.The following data types are updated:  [PutConformancePack](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConformancePack.html)   [ConformancePackDetail](https://docs.aws.amazon.com/config/latest/APIReference/API_ConformancePackDetail.html)   [TemplateSSMDocumentDetails](https://docs.aws.amazon.com/config/latest/APIReference/API_TemplateSSMDocumentDetails.html)  The following pages in the developer guide are updated:  [Deploying a Conformance Pack Using the AWS Config Console](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-deploy.html)   [Deploying a Conformance Pack Using the AWS Command Line Interface](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-cli.html)   | August 24, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Simple Email Service (Amazon SES), AWS DataSync, and AWS Cloud Map. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | August 22, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Athena, Amazon Detective, Amazon SageMaker AI, Amazon Route 53, AWS Database Migration Service (AWS DMS), AWS Glue, AWS Key Management Service (AWS KMS), and Amazon Simple Email Service (Amazon SES) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | August 16, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for NIST 1800 25](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_1800_25.html)   [Operational Best Practices for NIST 800 181](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-181.html)   [Operational Best Practices for ABS CCIG 2.0 Standard Workloads](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ABS-CCIGv2-Standard.html)   [Operational Best Practices for ABS CCIG 2.0 Material Workloads](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ABS-CCIGv2-Material.html)   [Operational Best Practices for ACSC Essential 8](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc_essential_8.html)   [Operational Best Practices for ACSC ISM](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc-ism.html)   [Operational Best Practices for APRA CPG 234](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-apra_cpg_234.html)   [Operational Best Practices for CIS AWS Foundations Benchmark v1.4 Level 1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html)   [Operational Best Practices for CIS AWS Foundations Benchmark v1.4 Level 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_2.html)   [Operational Best Practices for BNM RMiT](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-bnm-rmit.html)   [Operational Best Practices for NIST CSF](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-csf.html)   | August 1, 2022 | 
| [Compliance score for conformance packs](#DocumentHistory) | With this release, AWS Config introduces compliance score for conformance packs, which provides you with a high-level view of the compliance state of your conformance packs. You can use it to identify, investigate, and understand the level of compliance in your conformance packs. A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack.The following data types are updated:  [ListConformancePackComplianceScores](https://docs.aws.amazon.com/config/latest/APIReference/API_ListConformancePackComplianceScores.html)   [ConformancePackComplianceScore](https://docs.aws.amazon.com/config/latest/APIReference/API_ConformancePackComplianceScore.html)  The following pages in the developer guide are updated:  [Viewing the AWS Config Dashboard](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aws-config-dashboard.html)   [Viewing Compliance Data in the Conformance Packs Dashboard](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-dashboard.html)   [Managing Conformance Packs (API)](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-apis.html)   | July 26, 2022 | 
| [Security IAM update](#DocumentHistory) | The `ConfigConformsServiceRolePolicy` policy now grants permission to publish metric data points to Amazon CloudWatch. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 25, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Elastic Container Service (Amazon ECS), Amazon ElastiCache, Amazon EventBridge, Amazon FSx, Amazon Managed Service for Apache Flink, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon Quick, Amazon Rekognition, AWS RoboMaker, Amazon Simple Storage Service (Amazon S3), Amazon Simple Email Service (Amazon SES), AWS Amplify, AWS AppConfig, AWS AppSync, AWS Billing Conductor, AWS DataSync, AWS Firewall Manager, AWS Glue, AWS IAM Identity Center (IAM Identity Center), EC2 Image Builder, and Elastic Load Balancing. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 15, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud (Amazon EC2) resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | July 8, 2022 | 
| [AWS Config supports new resources type](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new AWS Global Accelerator resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#awsglobalaccelerator). | July 5, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [autoscaling-launch-template](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-template.html)   [ecs-task-definition-log-configuration](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-log-configuration.html)   [ecs-awsvpc-networking-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecs-awsvpc-networking-enabled.html)   | July 1, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for Canadian Centre for Cyber Security (CCCS) Medium Cloud Control Profile](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cccs_medium.html)   [Operational Best Practices for Gramm Leach Bliley Act (GLBA)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-gramm-leach-bliley-act.html)   [Operational Best Practices for GxP EU Annex 11](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-gxp-eu-annex-11.html)   [Security Best Practices for Amazon Elastic Kubernetes Service (Amazon EKS)](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-EKS.html)   [Security Best Practices for Amazon Relational Database Service (Amazon RDS)](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-RDS)   [Security Best Practices for AWS Lambda](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-Lambda)  The following conformance packs are updated:  Operational Best Practices for AI and ML   [Operational Best Practices for Amazon DynamoDB](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-amazon-dynamodb.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig2.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig3.html)   [Operational Best Practices for HIPAA Security](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-hipaa_security.html)   [Operational Best Practices for NIST 800-53 rev 5](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_5.html)   [Operational Best Practices for NIST CSF](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-csf.html)   | June 30, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon SageMaker AI resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonsagemaker). | June 29, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Route 53, Amazon WorkSpaces, AWS Batch, AWS Identity and Access Management Access Analyzer (IAM Access Analyzer), AWS Database Migration Service (AWS DMS), AWS Step Functions, and Elastic Load Balancing resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | June 14, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [aurora-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/aurora-last-backup-recovery-point-created.html)   [dynamodb-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-last-backup-recovery-point-created.html)   [ebs-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/ebs-last-backup-recovery-point-created.html)   [ec2-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/ec2-last-backup-recovery-point-created.html)   [efs-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/efs-last-backup-recovery-point-created.html)   [fsx-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/fsx-last-backup-recovery-point-created.html)   [rds-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/rds-last-backup-recovery-point-created.html)   [s3-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/s3-last-backup-recovery-point-created.html)   [storagegateway-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/storagegateway-last-backup-recovery-point-created.html)   [virtualmachine-last-backup-recovery-point-created](https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-last-backup-recovery-point-created.html)   | June 13, 2022 | 
| [AWS Config Integration with AWS Security Hub CSPM](#DocumentHistory) | With this release, you can see the results of AWS Config managed and custom rule evaluations as findings in AWS Security Hub CSPM. Security Hub CSPM transforms rule evaluations into findings, which provide more information about the impacted resources, such as the Amazon Resource Name (ARN) and creation date. These findings can be viewed alongside other Security Hub CSPM findings, providing a comprehensive overview of your security posture. For more information, see [Sending Rule Evaluations to Security Hub CSPM](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html#setting-up-aws-config-rules-with-console-integration) | June 7, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for Amazon Athena, Amazon Detective, Amazon GuardDuty, Amazon Macie, Amazon Simple Email Service (Amazon SES), AWS Glue, AWS Resource Access Manager (AWS RAM), and AWS IAM Identity Center. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | May 31, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Security Best Practices for Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-ECS.html)   [Security Best Practices for Amazon Elastic File System (Amazon EFS)](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-EFS.html)   [Security Best Practices for Amazon CloudFront](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-CloudFront.html)   [Security Best Practices for AWS Auto Scaling](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-AutoScaling.html)   [Security Best Practices for AWS Network Firewall](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-Network-Firewall)   [Security Best Practices for AWS Secrets Manager](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-Secrets-Manager)   | May 31, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon SageMaker AI and AWS Step Functions resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | May 26, 2022 | 
| [AWS Config supports new conformance pack](#DocumentHistory) | With this release, AWS Config updates the [Operational Best Practices for NERC CIP BCSI](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nerc.html) conformance pack. | May 20, 2022 | 
| [Components of an AWS Config Rule](#DocumentHistory) | With this release, AWS Config introduces a [Components of an AWS Config Rule](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_components.html) page. The page discusses the structure of rule definitions, rule metadata, and best practices on how to write rules with Python using the AWS Config Rules Development Kit (RDK) and AWS Config Rules Development Kit Library (RDKlib). | May 9, 2022 | 
| [Service limits increase for organization conformance packs](#DocumentHistory) | With this release, AWS Config supports 180 AWS Config rules per account across all organization conformance packs. For more information, see [Service Limits](https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html). | May 6, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Security Best Practices for Amazon OpenSearch Service](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-OpenSearch.html)   [Security Best Practices for Amazon Redshift](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-redshift.html)   [Security Best Practices for AWS CloudTrail](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-CloudTrail.html)   [Security Best Practices for AWS CodeBuild](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-CodeBuild.html)   [Security Best Practices for AWS WAF](https://docs.aws.amazon.com/config/latest/developerguide/security-best-practices-for-aws-waf)   | April 29, 2022 | 
| [AWS Config updates managed rule](#DocumentHistory) | With this release, AWS Config supports the [s3-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/s3-resources-protected-by-backup-plan.html) managed rule. | April 11, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions to get information about all or a specified AWS CloudTrail event data store (EDS), get information about all or a specified AWS CloudFormation resource, get a list of a DynamoDB Accelerator (DAX) parameter group or subnet group, get information about AWS Database Migration Service (AWS DMS) replication tasks for your account in the current region being accessed, and get a list all policies in an AWS Organizations of a specified type. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | April 7, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [alb-desync-mode-check](https://docs.aws.amazon.com/config/latest/developerguide/alb-desync-mode-check.html)   [autoscaling-capacity-rebalancing](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-capacity-rebalancing.html)   [autoscaling-launchconfig-requires-imdsv2](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launchconfig-requires-imdsv2.html)   [autoscaling-launch-config-hop-limit](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-hop-limit.html)   [autoscaling-multiple-instance-types](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-instance-types.html)   [clb-desync-mode-check](https://docs.aws.amazon.com/config/latest/developerguide/clb-desync-mode-check.html)   [ecs-container-insights-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecs-container-insights-enabled.html)   [ecs-fargate-latest-platform-version](https://docs.aws.amazon.com/config/latest/developerguide/ecs-fargate-latest-platform-version.html)   [netfw-policy-default-action-fragment-packets](https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-fragment-packets.html)   [netfw-policy-default-action-full-packets](https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-default-action-full-packets.html)   [netfw-policy-rule-group-associated](https://docs.aws.amazon.com/config/latest/developerguide/netfw-policy-rule-group-associated.html)   [redshift-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/redshift-audit-logging-enabled.html)   [s3-lifecycle-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/s3-lifecycle-policy-check.html)   [waf-regional-rule-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rule-not-empty.html)   [waf-regional-rulegroup-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-rulegroup-not-empty.html)   [waf-regional-webacl-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-regional-webacl-not-empty.html)   [vpc-peering-dns-resolution-check](https://docs.aws.amazon.com/config/latest/developerguide/vpc-peering-dns-resolution-check)   | April 4, 2022 | 
| [AWS Config Custom Policy rules](#DocumentHistory) | With this release, AWS Config allows you to create AWS Config Custom Policy rules using AWS CloudFormation Guard ([guard](https://github.com/aws-cloudformation/cloudformation-guard)). Guard is a policy-as-code language that allows you to write policies that are enforced by AWS Config without the need to create Lambda functions to manage your custom rules. Rules written using Guard policy can be created from the AWS Config console or by using the AWS Config rule APIs.The following pages in the developer guide are updated:  [AWS Config Custom Rules ](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)   [Creating AWS Config Custom Rules with Guard](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_cfn-guard.html)  The following data types are updated:  [Source](https://docs.aws.amazon.com/config/latest/APIReference/API_Source.html)   [CustomPolicyDetails](https://docs.aws.amazon.com/config/latest/APIReference/API_CustomPolicyDetails.html)   [ConfigRuleEvaluationStatus](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigRuleEvaluationStatus.html)   [GetCustomRulePolicy](https://docs.aws.amazon.com/config/latest/APIReference/API_GetCustomRulePolicy.html)   [GetOrganizationCustomRulePolicy](https://docs.aws.amazon.com/config/latest/APIReference/API_GetOrganizationCustomRulePolicy.html)   [OrganizationCustomPolicyRuleMetadata](https://docs.aws.amazon.com/config/latest/APIReference/API_OrganizationCustomPolicyRuleMetadata.html)   | April 4, 2022 | 
| [AWS Config supports new resources type](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to the new Amazon EMR SecurityConfiguration resource type. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonemr). | March 31, 2022 | 
| [AWS Config updates managed rule](#DocumentHistory) | With this release, AWS Config supports the [virtualmachine-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/virtualmachine-resources-protected-by-backup-plan.html) managed rule. | March 29, 2022 | 
| [AWS Config Integration with Amazon CloudWatch Metrics](#DocumentHistory) | With this release, AWS Config now supports tracking of your AWS Config usage and success metrics with Amazon CloudWatch in the AWS Config Dashboard page. CloudWatch metrics is a monitoring service which provides data about the performance of your systems, including the ability to search, graph, and build alarms on metrics about AWS resources. From the AWS Config Dashboard, you can see what traffic is driving your AWS Config usage and key metrics for failures that have occured in your workflow.The following page is updated:  [Viewing the AWS Config Dashboard](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aws-config-dashboard)   | March 29, 2022 | 
| [AWS Config supports new resources type](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon GuardDuty Detector resource type. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonguardduty). | March 24, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [clb-multiple-az](https://docs.aws.amazon.com/config/latest/developerguide/clb-multiple-az.html)   [cloudfront-no-deprecated-ssl-protocols](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-no-deprecated-ssl-protocols.html)   [cloudfront-traffic-to-origin-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/cloudfront-traffic-to-origin-encrypted.html)   [cloudwatch-alarm-action-enabled-check](https://docs.aws.amazon.com/config/latest/developerguide/cloudwatch-alarm-action-enabled-check.html)   [ec2-no-amazon-key-pair](https://docs.aws.amazon.com/config/latest/developerguide/ec2-no-amazon-key-pair.html)   [ec2-paravirtual-instance-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-paravirtual-instance-check.html)   [ec2-token-hop-limit-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-token-hop-limit-check.html)   [ec2-transit-gateway-auto-vpc-attach-disabled](https://docs.aws.amazon.com/config/latest/developerguide/ec2-transit-gateway-auto-vpc-attach-disabled.html)   [ecr-private-lifecycle-policy-configured](https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-lifecycle-policy-configured.html)   [efs-access-point-enforce-root-directory](https://docs.aws.amazon.com/config/latest/developerguide/efs-access-point-enforce-root-directory.html)   [efs-access-point-enforce-user-identity](https://docs.aws.amazon.com/config/latest/developerguide/efs-access-point-enforce-user-identity.html)   [elbv2-multiple-az](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-multiple-az.html)   [kinesis-stream-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/kinesis-stream-encrypted.html)   [redshift-default-db-name-check](https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-db-name-check.html)   [s3-event-notifications-enabled](https://docs.aws.amazon.com/config/latest/developerguide/s3-event-notifications-enabled.html)   [sns-topic-message-delivery-notification-enabled](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-message-delivery-notification-enabled.html)   [waf-global-rulegroup-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rulegroup-not-empty.html)   [waf-global-rule-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-global-rule-not-empty.html)   | March 23, 2022 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for CIS Critical Security Controls v8 IG1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig2.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig3.html)   [Operational Best Practices for AWS Well-Architected Framework Security Pillar](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-wa-Security-Pillar.html)   [Operational Best Practices for Esquema Nacional de Seguridad (ENS) Low](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-low.html)   [Operational Best Practices for Esquema Nacional de Seguridad (ENS) Medium](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-medium.html)   [Operational Best Practices for Esquema Nacional de Seguridad (ENS) High](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens_high.html)   [Operational Best Practices for MAS Notice 655](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-mas_notice_655.html)   [Operational Best Practices for NIST 1800-25](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_1800_25.html)   | March 16, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant additional permissions for AWS CloudFormation. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | March 14, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config updates the following managed rules:  [aurora-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-protected-by-backup-plan.html)   [dynamodb-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-resources-protected-by-backup-plan.html)   [ebs-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/ebs-resources-protected-by-backup-plan.html)   [ec2-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/ec2-resources-protected-by-backup-plan.html)   [efs-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/efs-resources-protected-by-backup-plan.html)   [fsx-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/fsx-resources-protected-by-backup-plan.html)   [rds-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/rds-resources-protected-by-backup-plan.html)   | March 10, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Container Registry Public resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcontainerregistrypublic). | March 4, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | February 28, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [codedeploy-auto-rollback-monitor-enabled](https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-auto-rollback-monitor-enabled.html)   [codedeploy-ec2-minimum-healthy-hosts-configured](https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-ec2-minimum-healthy-hosts-configured.html)   [codedeploy-lambda-allatonce-traffic-shift-disabled](https://docs.aws.amazon.com/config/latest/developerguide/codedeploy-lambda-allatonce-traffic-shift-disabled.html)   | February 25, 2022 | 
| [Logging and Monitoring in AWS Config Update](#DocumentHistory) | With this release, AWS Config updates the [Monitoring AWS Config with Amazon EventBridge Events](https://docs.aws.amazon.com/config/latest/developerguide/security-logging-and-monitoring.html#monitor-config-with-cloudwatchevents) page to replace references to Amazon CloudWatch Events. Amazon EventBridge is the preferred way to manage your events. CloudWatch Events and EventBridge are the same underlying service and API, but EventBridge provides more features. Changes you make in either CloudWatch or EventBridge will appear in each console. For more informance, see [Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/index.html). | February 24, 2022 | 
| [AWS SDK Page for AWS Config](#DocumentHistory) | With this release, AWS Config introduces a [Using AWS Config with an AWS SDK](https://docs.aws.amazon.com/config/latest/developerguide/sdk-general-information-section.html) page. AWS software development kits (SDKs) are available for many popular programming languages. Each SDK provides an API, code examples, and documentation that make it easier for developers to build applications in their preferred language. | February 24, 2022 | 
| [Security IAM Role Trust policy update](#DocumentHistory) | With this release, AWS Config updates the IAM trust policy statement to include security protections in the trust policy that restrict access with `sourceARN` and/or `sourceAccountId` for the AWS Security Token Service (AWS STS) operation. This helps make sure that the IAM role trust policy is accessing your resources on behalf of expected users and scenarios only.The following page is updated:  [Adding an IAM Trust Policy to your Role](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html#iam-trust-policy)   | February 18, 2022 | 
| [Changes to Global Resource Type Recording](#DocumentHistory) | AWS Config now changes how new global resource types are recorded in AWS Config Recording. Global resource types are AWS resources that do not require you to specify a region at creation. Before this change, you could enable the recording of global resource types in all supported regions in AWS Config. After this change, new global resource types onboarded to AWS Config recording can only be recorded in the service's home region for the commercial partition, and AWS GovCloud (US-West) for the AWS GovCloud (US) partition. You will now be able to view the configuration items for these new global resource types only in their home region and AWS GovCloud (US-West). For a list of home regions for global resource types onboarded after February 2022, see the table on the [Recording All Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all) page. | February 18, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to get details about Elastic Beanstalk environments and a description of the settings for the specified Elastic Beanstalk configuration set, get a map of OpenSearch or Elasticsearch versions, describe the available Amazon RDS option groups for a database, and get information about a CodeDeploy deployment configuration. This policy also now grants permission to retrieve the specified alternate contact attached to an AWS account, retrieve information about an AWS Organizations policy, retrieve an Amazon ECR repository policy, retrieve information about an archived AWS Config rule, retrieve a list of Amazon ECS task definition families, list the root or parent organizational units (OUs) of the specified child OU or account, and list the policies that are attached to the specified target root, organizational unit, or account. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | February 10, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [autoscaling-multiple-az](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-multiple-az.html)   [codebuild-project-artifact-encryption](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-artifact-encryption.html)   [codebuild-project-environment-privileged-check](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-environment-privileged-check.html)   [codebuild-project-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-logging-enabled.html)   [codebuild-project-s3-logs-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/codebuild-project-s3-logs-encrypted.html)   [ec2-security-group-attached-to-eni-periodic](https://docs.aws.amazon.com/config/latest/developerguide/ec2-security-group-attached-to-eni-periodic.html)   [ecr-private-image-scanning-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-image-scanning-enabled.html)   [ecr-private-tag-immutability-enabled](https://docs.aws.amazon.com/config/latest/developerguide/ecr-private-tag-immutability-enabled.html)   [ecs-containers-nonprivileged](https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-nonprivileged.html)   [ecs-containers-readonly-access](https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html)   [ecs-no-environment-secrets](https://docs.aws.amazon.com/config/latest/developerguide/ecs-no-environment-secrets.html)   [ecs-task-definition-memory-hard-limit](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-memory-hard-limit.html)   [ecs-task-definition-nonroot-user](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-nonroot-user.html)   [ecs-task-definition-pid-mode-check](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-pid-mode-check.html)   [eks-cluster-oldest-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-oldest-supported-version.html)   [eks-cluster-supported-version](https://docs.aws.amazon.com/config/latest/developerguide/eks-cluster-supported-version.html)   [lambda-vpc-multi-az-check](https://docs.aws.amazon.com/config/latest/developerguide/lambda-vpc-multi-az-check.html)   [nacl-no-unrestricted-ssh-rdp](https://docs.aws.amazon.com/config/latest/developerguide/nacl-no-unrestricted-ssh-rdp.html)   [netfw-stateless-rule-group-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/netfw-stateless-rule-group-not-empty.html)   [rds-cluster-default-admin-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-default-admin-check.html)   [rds-db-security-group-not-allowed](https://docs.aws.amazon.com/config/latest/developerguide/rds-db-security-group-not-allowed.html)   [rds-instance-default-admin-check](https://docs.aws.amazon.com/config/latest/developerguide/rds-instance-default-admin-check.html)   [redshift-default-admin-check](https://docs.aws.amazon.com/config/latest/developerguide/redshift-default-admin-check.html)   [s3-bucket-acl-prohibited](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html)   [s3-version-lifecycle-policy-check](https://docs.aws.amazon.com/config/latest/developerguide/s3-version-lifecycle-policy-check.html)   [waf-global-webacl-not-empty](https://docs.aws.amazon.com/config/latest/developerguide/waf-global-webacl-not-empty.html)   | February 10, 2022 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to create Amazon CloudWatch log groups and streams and to write logs to created log streams. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | February 2, 2022 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [opensearch-access-control-enabled](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-access-control-enabled.html)   [opensearch-audit-logging-enabled](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-audit-logging-enabled.html)   [opensearch-data-node-fault-tolerance](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-data-node-fault-tolerance.html)   [opensearch-encrypted-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-encrypted-at-rest.html)   [opensearch-https-required](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-https-required.html)   [opensearch-in-vpc-only](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-in-vpc-only.html)   [opensearch-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-logs-to-cloudwatch.html)   [opensearch-node-to-node-encryption-check](https://docs.aws.amazon.com/config/latest/developerguide/opensearch-node-to-node-encryption-check.html)   | January 31, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to AWS CodeDeploy resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#awscodedeploy). | January 5, 2022 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon SageMaker AI resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonsagemaker). | December 20, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for ENISA Cybersecurity guide for SMEs](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-enisa-cybersecurity-guide-for-smes.html)   | December 20, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for NIST 800 172](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-172.html)   [Operational Best Practices for NIST 800 181](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-181.html)  The following conformance pack is updated:  [Operational Best Practices for K-ISMS](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-k-isms.html)   | November 18, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for Amazon API Gateway](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-amazon-API-gateway.html)   [Operational Best Practices for AWS Backup](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-aws-backup.html)   [Operational Best Practices for CISA Cyber Essentials](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cisa-ce.html)   [Operational Best Practices for DevOps](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-DevOps.html)   [Operational Best Practices for NIST Privacy Framework v1.0](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_privacy_framework.html)  The following conformance packs are updated:  [Operational Best Practices for FedRAMP(Low)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-low.html)   [Operational Best Practices for FedRAMP(Moderate)](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-fedramp-moderate.html)   | October 29, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon OpenSearch Service resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonopensearchservice). | October 12, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance pack:  [Operational Best Practices for MAS TRMG](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-mas-trmg.html)   | October 12, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for ABS CCIG 2.0 Material Workloads](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ABS-CCIGv2-Material.html)   [Operational Best Practices for ABS CCIG 2.0 Standard Workloads](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ABS-CCIGv2-Standard.html)   [Operational Best Practices for ACSC Essential 8](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc_essential_8.html)   [Operational Best Practices for ACSC ISM](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-acsc-ism.html)   [Operational Best Practices for BNM RMiT](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-bnm-rmit.html)   [Operational Best Practices for CMMC Level 1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_1.html)   [Operational Best Practices for CMMC Level 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_2.html)   [Operational Best Practices for CMMC Level 3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_3.html)   [Operational Best Practices for CMMC Level 4](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_4.html)   [Operational Best Practices for CMMC Level 5](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cmmc_level_5.html)   [Operational Best Practices for FDA Title 21 CFR Part 11](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-FDA-21CFR-Part-11.html)   [Operational Best Practices for FFIEC](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ffiec.html)   [Operational Best Practices for MAS Notice 655](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-mas_notice_655.html)   [Operational Best Practices for NBC TRMG](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nbc-trmg.html)   [Operational Best Practices for NERC CIP](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nerc.html)   [Operational Best Practices for NIST 800-53 rev 5](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-800-53_rev_5.html)   | September 30, 2021 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to get details about an Amazon OpenSearch Service (OpenSearch Service) domain/domains and to get a detailed parameter list for a particular Amazon Relational Database Service (Amazon RDS) DB parameter group. This policy also grants permission to get details about Amazon ElastiCache snapshots. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | September 8, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticcomputecloud). | September 7, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config updates the following conformance packs:  [Operational Best Practices for APRA CPG 234](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-apra_cpg_234.html)   [Operational Best Practices for CIS AWS Foundations Benchmark v1.4 Level 1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html)   [Operational Best Practices for CIS AWS Foundations Benchmark v1.4 Level 2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_2.html)   [Operational Best Practices for NCSC Cloud Security Principles](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ncsc.html)   [Operational Best Practices for NCSC Cyber Assesment Framework](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ncsc_cafv3.html)   [Operational Best Practices for NIST 800 171](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_800-171.html)   [Operational Best Practices for NIST CSF](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist-csf.html)   [Operational Best Practices for RBI Cyber Security Framework for UCBs](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-rbi-bcsf-ucb.html)   [Operational Best Practices for RBI MD-ITF](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-rbi-md-itf.html)   [Operational Best Practices for NYDFS 23](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-us_nydfs.html)   [Operational Best Practices for PCI DSS 3.2.1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-pci-dss.html)   | August 30, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [aurora-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/aurora-resources-protected-by-backup-plan.html)   [backup-plan-min-frequency-and-min-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/backup-plan-min-frequency-and-min-retention-check.html)   [backup-recovery-point-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-encrypted.html)   [backup-recovery-point-manual-deletion-disabled](https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-manual-deletion-disabled.html)   [backup-recovery-point-minimum-retention-check](https://docs.aws.amazon.com/config/latest/developerguide/backup-recovery-point-minimum-retention-check.html)   [dynamodb-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/dynamodb-resources-protected-by-backup-plan.html)   [ebs-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/ebs-resources-protected-by-backup-plan.html)   [ec2-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/ec2-resources-protected-by-backup-plan.html)   [efs-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/efs-resources-protected-by-backup-plan.html)   [fsx-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/fsx-resources-protected-by-backup-plan.html)   [rds-resources-protected-by-backup-plan](https://docs.aws.amazon.com/config/latest/developerguide/rds-resources-protected-by-backup-plan.html)   | August 20, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance pack:  [Operational Best Practices for NZISM](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nzism.html)   | August 20, 2021 | 
| [Security Amazon SNS policy update](#DocumentHistory) | With this release, AWS Config updates the IAM policy statement for the Amazon SNS topic when using service-linked roles to include security protections that restrict access with `sourceARN` and/or `sourceAccountId` in the topic policy. This helps make sure Amazon SNS is accessing your resources on behalf of expected users and scenarios only.The following page is updated:  [Permissions for the Amazon SNS Topic](https://docs.aws.amazon.com/config/latest/developerguide/sns-topic-policy.html)   | August 17, 2021 | 
| [Security AWS Lambda policy update](#DocumentHistory) | With this release, AWS Config updates the AWS Lambda resource-based policy for AWS Config custom rules to include security protections that restrict access with `sourceARN` and/or `sourceAccountId` in the invoke request. This helps make sure AWS Lambda is accessing your resources on behalf of expected users and scenarios only.The following pages are updated:  [AWS::Config::ConfigRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-configrule.html)   [Developing a Custom Rule for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html)   | August 12, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to Amazon Kinesis resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonkinesis). | August 6, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance pack:  [Operational Best Practices for Esquema Nacional de Seguridad (ENS) High](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens_high.html)  The following conformance packs are updated:  [Operational Best Practices for AWS Well-Architected Framework Reliability Pillar](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-wa-Reliability-Pillar.html)   [Operational Best Practices for AWS Well-Architected Framework Security Pillar](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-wa-Security-Pillar.html)   [Operational Best Practices for Esquema Nacional de Seguridad (ENS) Low](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-low.html)   [Operational Best Practices for Esquema Nacional de Seguridad (ENS) Medium](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-ens-medium.html)   [Operational Best Practices for HIPAA Security](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-hipaa_security.html)   | July 30, 2021 | 
| [Example AWS Lambda Functions for AWS Config Custom Rules](#DocumentHistory) | With this release, AWS Config provides Python example functions in [Example AWS Lambda Functions for AWS Config Rules (Python)](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_python-sample.html). | July 29, 2021 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to list tags for a log group, list tags for a state machine, and list all state machines. These policies now grant permission to get details about a state machine. These policies also now support additional permission for Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon SageMaker AI, Amazon Simple Notification Service, AWS Database Migration Service, AWS Global Accelerator, and AWS Storage Gateway. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | July 28, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to AWS Backup resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#awsbackup). | July 14, 2021 | 
| [AWS Config supports new conformance packs](#DocumentHistory) | With this release, AWS Config supports the following conformance packs:  [Operational Best Practices for CIS Critical Security Controls v8 IG1](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG2](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig2.html)   [Operational Best Practices for CIS Critical Security Controls v8 IG3](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis-critical-security-controls-v8-ig3.html)   [Operational Best Practices for NIST 1800 25](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-nist_1800_25)   | July 9, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [ssm-document-not-public](https://docs.aws.amazon.com/config/latest/developerguide/ssm-document-not-public.html)   [s3-account-level-public-access-blocks-periodic](https://docs.aws.amazon.com/config/latest/developerguide/s3-account-level-public-access-blocks-periodic.html)   | June 25, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [ec2-instance-multiple-eni-check](https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-multiple-eni-check.html)   [elbv2-acm-certificate-required](https://docs.aws.amazon.com/config/latest/developerguide/elbv2-acm-certificate-required.html)   [autoscaling-launch-config-public-ip-disabled](https://docs.aws.amazon.com/config/latest/developerguide/autoscaling-launch-config-public-ip-disabled.html)   | June 10, 2021 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to view the permissions of AWS Systems Manager documents and information about IAM Access Analyzer. These policies now support additional AWS resource types for Amazon Kinesis, Amazon ElastiCache, Amazon EMR, AWS Network Firewall, Amazon Route 53, and Amazon Relational Database Service (Amazon RDS). These permission changes allow AWS Config to invoke the read-only APIs required to support these resource types. These policies also now support filtering Lambda@Edge functions for the [lambda-inside-vpc](https://docs.aws.amazon.com/config/latest/developerguide/lambda-inside-vpc.html) AWS Config managed rule. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | June 8, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [elasticsearch-logs-to-cloudwatch](https://docs.aws.amazon.com/config/latest/developerguide/elasticsearch-logs-to-cloudwatch.html)   [rds-cluster-multi-az-enabled](https://docs.aws.amazon.com/config/latest/developerguide/rds-cluster-multi-az-enabled.html)   [api-gw-associated-with-waf](https://docs.aws.amazon.com/config/latest/developerguide/api-gw-associated-with-waf.html)   [iam-policy-no-statements-with-full-access](https://docs.aws.amazon.com/config/latest/developerguide/iam-policy-no-statements-with-full-access.html)   | May 19, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to Amazon Elastic File System resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#amazonelasticfilesystem). | May 13, 2021 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grants permission that allow AWS Config to make read-only GET calls to API Gateway to support a Config Rule for API Gateway. These policies also adds permissions that allow AWS Config to invoke Amazon Simple Storage Service (Amazon S3) read-only APIs, which are required to support the new `AWS::S3::AccessPoint` resource type. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | May 10, 2021 | 
| [AWS Config Custom Rules](#DocumentHistory) | The following pages in the developer guide are updated:  [Getting Started with Custom Rules for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_getting-started.html)   [Developing a Custom Rule for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html.html)   | April 30, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [aurora-mysql-backtracking-enabled](https://docs.aws.amazon.com/config/latest/developerguide/aurora-mysql-backtracking-enabled.html)   [ec2-instance-profile-attached](https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-profile-attached.html)   [ecs-task-definition-user-for-host-mode-check](https://docs.aws.amazon.com/config/latest/developerguide/ecs-task-definition-user-for-host-mode-check.html)   [no-unrestricted-route-to-igw](https://docs.aws.amazon.com/config/latest/developerguide/no-unrestricted-route-to-igw.html)   [rds-automatic-minor-version-upgrade-enabled](https://docs.aws.amazon.com/config/latest/developerguide/rds-automatic-minor-version-upgrade-enabled.html)   [redshift-enhanced-vpc-routing-enabled](https://docs.aws.amazon.com/config/latest/developerguide/redshift-enhanced-vpc-routing-enabled.html)   | April 15, 2021 | 
| [Security IAM update](#DocumentHistory) | The `AWSConfigServiceRolePolicy` policy and `AWS_ConfigRole` policy now grant permission to view information about AWS Systems Manager specified documents. These policies also now support additional AWS resource types for AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis, Amazon SageMaker AI, AWS Database Migration Service, and Amazon Route 53. These permission changes allow AWS Config to invoke the read-only APIs required to support these resource types. For more information, see [AWS managed policies for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/security-iam-awsmanpol.html). | April 14, 2021 | 
| [Conformance Pack Compliance as Configuration Items (CIs)](#DocumentHistory) | With this release, AWS Config supports conformance pack compliance as configuration items. This enables you to:  View a timeline of changes to the compliance state of your conformance packs   Aggregate conformance packs compliance across multiple accounts and regions   Use advanced queries to check the compliance of your conformance packs  The following data types are updated:  [DescribeAggregateComplianceByConformancePacks](https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeAggregateComplianceByConformancePacks.html)   [GetAggregateConformancePackComplianceSummary](https://docs.aws.amazon.com/config/latest/APIReference/API_GetAggregateConformancePackComplianceSummary.html)  The following pages in the developer guide are updated:  [Viewing Compliance Data in the Conformance Packs Dashboard](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-dashboard.html)   [Viewing Compliance History Timeline for Conformance Packs](https://docs.aws.amazon.com/config/latest/developerguide/compliance-history-conformance-pack.html)   [Viewing Compliance Data in the Aggregator Dashboard](https://docs.aws.amazon.com/config/latest/developerguide/viewing-the-aggregate-dashboard.html)   [Querying the Current Configuration State of AWS Resources](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html)   [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#awsconfig)   | March 30, 2021 | 
| [Pagination update](#DocumentHistory) | With this release, AWS Config advanced queries feature now supports pagination for queries that contain aggregate functions, such as COUNT and SUM. You can now use advanced queries to get complete results for your aggregate queries through pagination, which were previously limited to 500 rows. For more information, see [Querying the Current Configuration State of AWS Resources](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html) | March 26, 2021 | 
| [Region support](#DocumentHistory) | With this release, AWS Config and AWS Config Rules is now supported in Asia Pacific (Osaka) Region. | March 4, 2021 | 
| [AWS Config supports new resources types](#DocumentHistory) | With this release, you can use AWS Config to record configuration changes to Amazon Elastic Container Registry, Amazon Elastic Container Service, and Amazon Elastic Kubernetes Service resource types. For more information, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html). | February 25, 2021 | 
| [KMS encryption support](#DocumentHistory) | With this release, AWS Config allows you to use KMS-based encryption on objects delivered by AWS Config for S3 bucket delivery.The following data types are updated:  [DeliveryChannel](https://docs.aws.amazon.com/config/latest/APIReference/API_DeliveryChannel.html)   [PutDeliveryChannel](https://docs.aws.amazon.com/config/latest/APIReference/API_PutDeliveryChannel.html)  The following pages in the developer guide are updated:   [Permissions for the KMS Key](https://docs.aws.amazon.com/config/latest/developerguide/s3-kms-key-policy.html)   [Permissions for the IAM Role Assigned to AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html)   | February 16, 2021 | 
| [AWS Config updates managed rules](#DocumentHistory) | With this release, AWS Config supports the following managed rules:  [secretsmanager-secret-periodic-rotation](https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-periodic-rotation.html)   [secretsmanager-secret-unused](https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-secret-unused.html)   [secretsmanager-using-cmk](https://docs.aws.amazon.com/config/latest/developerguide/secretsmanager-using-cmk.html)   | February 16, 2021 | 
| [Saved Query Region support](#DocumentHistory) | With this release, saved query is now supported in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. | February 15, 2021 | 
| [Multi-account multi-region data aggregation Region support](#DocumentHistory) | With this release, multi-account multi-region data aggregation is now supported in Africa (Cape Town) and Europe (Milan) Regions. For more information, see [Multi-Account Multi-Region Data Aggregation](https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html). | February 15, 2021 | 
| [Advanced queries Region support](#DocumentHistory) | With this release, advanced queries is now supported in Africa (Cape Town) and Europe (Milan) Regions. For more information, see [Querying the Current Configuration State of AWS Resources](https://docs.aws.amazon.com/config/latest/developerguide/querying-AWS-resources.html). | February 15, 2021 | 
| [AWS Config documentation history notification available through RSS feed](#DocumentHistory) | You can now receive notification about updates to the AWS Config documentation by subscribing to an RSS feed. | January 1, 2021 | 

## Earlier Updates
<a name="config-document-history-archive"></a>

The following table describes the documentation release history of AWS Config prior to Dec 31, 2020.


****  

| Change | Description | Release Date | 
| --- | --- | --- | 
| Saved Query support | With this release, AWS Config allows you to save your queries. After you save the query, you can search it, copy it to the query editor, edit it, or delete it. For more information about how to save a query, see the [Query Using the SQL Query Editor for AWS Config (Console)](query-using-sql-editor-console.md) and [Query Using the SQL Query Editor for AWS Config (AWS CLI)](query-using-sql-editor-cli.md). For more information about APIs, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) Also see [Service Limits for AWS Config](configlimits.md). | December 21, 2020 | 
| Process checks support | With this release, AWS Config supports process checks that is a type of AWS Config rule that allows you to track your external and internal tasks that require verification as part of the conformance packs. With process checks, you can list the compliance of requirements and actions at a single location. For more information about process checks, see the [AWS Config Process Checks Within a Conformance Pack for AWS Config](process-checks.md) topic and the [PutExternalEvaluation](https://docs.aws.amazon.com/config/latest/APIReference/API_PutExternalEvaluation.html) API.  | December 17, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | December 17, 2020 | 
| AWS Config supports AWS Network Firewall |  With this release, you can use AWS Config to record configuration changes to your AWS Network Firewall FirewallPolicy, RuleGroup, and Firewall resource types. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | December 4, 2020 | 
| Documentation update |  AWS Config added support for organization-wide resource data aggregation in a delegated administrator account. You can now use a delegated administrator account to aggregate resource configuration and compliance data from all member accounts of an organization in AWS Organizations. For more information, see [PutConfigurationAggregator](https://docs.aws.amazon.com/config/latest/APIReference/API_PutConfigurationAggregator.html), [Creating Aggregators for AWS Config](aggregated-create.md) and [Registering a Delegated Administrator for AWS Config](aggregated-register-delegated-administrator.md). | December 4, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | October 30, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | October 22, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | October 15, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | October 8, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | October 26, 2020 | 
| AWS Config supports new conformance packs |  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | September 28, 2020 | 
| Documentation update | The following conformance pack topics are updated. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | September 28, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | September 17, 2020 | 
| AWS Config supports AWS WAFv2 |  With this release, you can use AWS Config to record configuration changes to your AWS WAFv2 WebACL, IPSet, RegexPatternSet, RuleGroup, and ManagedRuleSet resource types. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | September 1, 2020 | 
| Documentation update |  A note has been added to [Full access to AWS Config](security_iam_id-based-policy-examples.md#full-config-permission) about creating custom permissions that grant full access. The documentation has been updated for the following rules:  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | August 24, 2020 | 
| Documentation update |  [Operational Best Practices for PCI DSS 3.2.1](operational-best-practices-for-pci-dss.md) and [Operational Best Practices for NIST CSF](operational-best-practices-for-nist-csf.md) templates are updated.  | August 14, 2020 | 
| Documentation update | Example relationship queries are added. For more information, see [Example Relationship Queries for AWS Config](examplerelationshipqueries.md).  | July 30, 2020 | 
| Documentation update | The following data types are updated: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | July 23, 2020 | 
| AWS Config supports AWS Systems Manager resource type |  With this release, you can use AWS Config to record configuration changes to the AWS Systems Manager file data resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | July 9, 2020 | 
| Documentation update |  [Operational Best Practices for AWS Identity And Access Management](operational-best-practices-for-aws-identity-and-access-management.md) and [Operational Best Practices for PCI DSS 3.2.1](operational-best-practices-for-pci-dss.md) templates are updated.  | July 9, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | July 9, 2020 | 
| Multi-account multi-region data aggregation Region support | With this release, multi-account multi-region data aggregation is now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. For more information, see [Multi-Account Multi-Region Data Aggregation for AWS Config](aggregate-data.md) and [Troubleshooting for Multi-Account Multi-Region Data Aggregation for AWS Config](aggregate-data-troubleshooting.md).  | July 1, 2020 | 
| Advanced queries Region support | With this release, advanced queries is now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. For more information, see [Querying the Current Configuration State of AWS Resources with AWS Config](querying-AWS-resources.md).  | July 1, 2020 | 
| Documentation update |  The documentation has been updated for the following rules:  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | June 30, 2020 | 
| Documentation update |  The documentation has been updated with information about security for AWS Config. See [Security in AWS Config](security.md).  | June 24, 2020 | 
| Documentation update |  AWS Control Tower Detective Guardrails Conformance Pack template is updated. For more information, see [AWS Control Tower Detective Guardrails Conformance Pack](aws-control-tower-detective-guardrails.md).  | June 4, 2020 | 
| AWS Config supports a new conformance pack |  With this release, AWS Config supports Operational Best Practices for NIST CSF conformance pack. For more information, see [Operational Best Practices for NIST CSF](operational-best-practices-for-nist-csf.md). | May 29, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | May 28, 2020 | 
| Delegated administrator support | With this release, you can deploy AWS Config rules and conformance packs from any delegated member account in your organization, in addition to the management account.  For more information about APIs, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [Service Limits for AWS Config](configlimits.md). | May 27, 2020 | 
| AWS Config rules Region support | With this release, few AWS Config rules are supported in Africa (Cape Town) and Europe (Milan) regions. For a detailed list of rules and the regions they are supported in, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | April 28, 2020 | 
| AWS Config supports new conformance packs |  With this release, AWS Config supports two conformance packs. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [Conformance Pack Sample Templates for AWS Config](conformancepack-sample-templates.md). | April 22, 2020 | 
| AWS Config supports AWS Secrets Manager |  With this release, you can use AWS Config to record configuration changes to your Secrets Manager secret. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | April 20, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | April 16, 2020 | 
| Conformance pack Region support | With this release, conformance packs are now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain). For more information, see [Conformance Packs for AWS Config](conformance-packs.md).  | April 8, 2020 | 
| Documentation update |  AWS Config limits are available in this developer guide. For more information, see [Service Limits for AWS Config](configlimits.md).  | April 8, 2020 | 
| Documentation update |  Third-party resources that are managed (that is, created/updated/deleted) through CloudFormation registry are automatically tracked in AWS Config as configuration items. For more information, see [Recording Configurations with AWS Config for Third-Party Resources using the AWS CLIAdding Third-Party Resources to AWS Config](customresources.md).  | March 30, 2020 | 
| Documentation update |  The AWS Config Managed Rules are updated to include AWS Region information. For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | March 27, 2020 | 
| AWS Config supports Amazon SNS resource type |  With this release, you can use AWS Config to record configuration changes to your Amazon SNS topic. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | March 6, 2020 | 
| Multi-account multi-region data aggregation Region support | With this release, multi-account multi-region data aggregation is now supported in Europe (Stockholm) Region. For more information, see [Multi-Account Multi-Region Data Aggregation for AWS Config](aggregate-data.md).  | March 5, 2020 | 
| Advanced queries Region support | With this release, advanced queries is now supported in Europe (Stockholm) Region. For more information, see [Querying the Current Configuration State of AWS Resources with AWS Config](querying-AWS-resources.md).  | March 5, 2020 | 
| AWS Config allows you to run advanced queries with configuration aggregators | With this release, AWS Config adds support to run advanced queries based on resource configuration properties with configuration aggregators, enabling you to run the same queries across multiple accounts and Regions. For more information, see [Querying the Current Configuration State of AWS Resources with AWS Config](querying-AWS-resources.md). With this release, AWS Config adds `SelectAggregateResourceConfig` API. For more information, see [SelectAggregateResourceConfig](https://docs.aws.amazon.com/config/latest/APIReference/API_SelectAggregateResourceConfig.html) in the *AWS Config API Reference*:  | February 28, 2020 | 
| AWS Config supports Amazon SQS resource type |  With this release, you can use AWS Config to record configuration changes to your Amazon SQS queue. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | February 13, 2020 | 
| AWS CloudFormation support for Conformance packs | With this release, AWS CloudFormation support for the following resources was added: `AWS::Config::ConformancePack` and `OrganizationConformancePack`. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) | February 13, 2020 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | December 20, 2019 | 
| Record configurations for custom resource types | With this release, AWS Config introduces support to record configurations for custom resource types. You can publish the configuration data of third-party resources into AWS Config and view and monitor the resource inventory and configuration history using AWS Config console and APIs. For more information, see [Recording Configurations with AWS Config for Third-Party Resources using the AWS CLIAdding Third-Party Resources to AWS Config](customresources.md). For more information about APIs, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | November 20, 2019 | 
| Conformance packs | With this release, AWS Config introduces conformance packs. Conformance packs enable you to package a collection of AWS Config rules and remediation actions that can then be deployed together as a single entity across an entire AWS Organization. For more information, see [Conformance Packs for AWS Config](conformance-packs.md). For more information about APIs, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | November 19, 2019 | 
| AWS Config supports Amazon OpenSearch Service and AWS Key Management Service resource types |  With this release, you can use AWS Config to record configuration changes to your Amazon OpenSearch Service domain and AWS Key Management Service key. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | November 11, 2019 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | October 10, 2019 | 
| AWS Config supports Amazon RDS resource type |  With this release, you can use AWS Config to record configuration changes to your Amazon Relational Database Service (Amazon RDS) DBCluster and DBClusterSnapshot. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | September 17, 2019 | 
| AWS Config supports Amazon QLDB resource type |  With this release, you can use AWS Config to record configuration changes to Amazon Quantum Ledger Database (QLDB) ledger resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | September 10, 2019 | 
| AWS Config allows you to apply auto remediation on noncompliant resources as evaluated by AWS Config Rules | With this release, AWS Config introduces support to apply auto remediation using AWS Systems Manager automation documents on noncompliant resources as evaluated by AWS Config Rules. For more information, see [Remediating Noncompliant Resources with AWS Config](remediation.md). With this release, AWS Config adds the following new APIs. For more information, see the *AWS Config API Reference* : [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | September 5, 2019 | 
| AWS Config updates managed rules |  With this release, AWS Config supports the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | August 22, 2019 | 
| AWS Config updates managed rules |  With this release, AWS Config updates the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | July 31, 2019 | 
| AWS Config supports Amazon EC2 resource types |  With this release, you can use AWS Config to record configuration changes to the following Amazon EC2 resources; VPCEndpoint, VPCEndpointService, and VPCPeeringConnection. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | July 12, 2019 | 
| AWS Config allows you to manage AWS Config rules across all AWS accounts within an organization  | With this release, AWS Config introduces support for managing AWS Config rules across all AWS accounts within an organization. You can centrally create, update, and delete AWS Config rules across all accounts in your organization. For more information, see [Managing AWS Config Rules Across All Accounts in Your Organization](config-rule-multi-account-deployment.md). For more information about APIs, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | July 9, 2019 | 
| AWS Config supports Amazon S3 and Amazon EC2 resource types |  With this release, you can use AWS Config to record configuration changes to the Amazon S3 AccountPublicAccessBlock resource and the following Amazon EC2 resources; NatGateway, EgressOnlyInternetGateway, and FlowLog.  For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | May 17, 2019 | 
| AWS Config updates managed rules |  With this release, AWS Config updates the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | May 7, 2019 | 
| AWS Config allows you to delete a remediation action using AWS Management Console.  | With this release, AWS Config introduces support to delete a remediation action using AWS Management Console. For more information, see [Remediating Noncompliant Resources with AWS Config](remediation.md).  | April 24, 2019 | 
| AWS Config supports new managed rules |  This release supports a new managed rule: [fms-shield-resource-policy-check](fms-shield-resource-policy-check.md). For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | April 7, 2019 | 
| AWS Config supports Amazon API Gateway resource type |  With this release, you can use AWS Config to record configuration changes to the following Amazon API Gateway resources; Api (WebSocket API), RestApi (REST API), Stage (WebSocket API stage), and Stage (REST API stage).  For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | March 20, 2019 | 
| AWS Config allows you to run advanced queries | With this release, AWS Config adds support to run advanced queries based on resource configuration properties. For more information, see [Querying the Current Configuration State of AWS Resources with AWS Config](querying-AWS-resources.md). With this release, AWS Config adds `SelectResourceConfig` API. For more information, see [SelectResourceConfig](https://docs.aws.amazon.com/config/latest/APIReference/API_SelectResourceConfig.html) in the *AWS Config API Reference*:  | March 19, 2019 | 
| AWS Config allows you to assign tags your AWS Config resources | With this release, AWS Config introduces support for tag based access control for three AWS Config resources—`ConfigRule, ConfigurationAggregator,` and `AggregationAuthorization`. For more information, see [Tagging Your AWS Config Resources](tagging.md). With this release, you can add, remove or list tags from your AWS Config resources using the following data types. For more information, see the *AWS Config API Reference*: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | March 14, 2019 | 
| AWS Config allows you to apply remediation on noncompliant resources as evaluated by AWS Config Rules | With this release, AWS Config introduces support to apply remediation using AWS Systems Manager automation documents on noncompliant resources as evaluated by AWS Config Rules. For more information, see [Remediating Noncompliant Resources with AWS Config](remediation.md). With this release, AWS Config adds the following new APIs. For more information, see the *AWS Config API Reference* : [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | March 12, 2019 | 
| AWS Config supports AWS Config Rules in China (Ningxia) Region |  This release only supports 54 AWS Config Rules in the China (Ningxia) Region. For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md). However, AWS Config does not currently support the following rules in the China (Ningxia) Region: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | March 12, 2019 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | January 21, 2019 | 
| AWS Config supports Service Catalog resource type |  With this release, you can use AWS Config to record configuration changes to the following Service Catalog resources; CloudFromation product, provisioned product, and portfolio. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | January 11, 2019 | 
| Service-linked AWS Config rules support | With this release, AWS Config adds a new managed config rule that supports other AWS services to create AWS Config Rules in your account. For more information, see [Service-Linked AWS Config Rules](service-linked-awsconfig-rules.md).  | November 20, 2018 | 
| AWS Config allows you to aggregate configuration data of AWS resources | With this release, AWS Config introduces support for aggregating the configuration data of AWS resources. For more information, see [Viewing Compliance and Inventory Data in the Aggregator Dashboard for AWS Config](viewing-the-aggregate-dashboard.md). With this release, AWS Config adds the following new APIs. For more information, see the *AWS Config API Reference* : [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | November 19, 2018 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | November 19, 2018 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | November 12, 2018 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | October 24, 2018 | 
| Compliance history support | With this release, AWS Config now supports storing compliance history of resources as evaluated by AWS Config Rules. For more information, see [Viewing Compliance History Timeline for Resources and Rules](view-manage-resource-console.md#view-compliance-history).  | October 18, 2018 | 
| Multi-account multi-region Data Aggregation Region support | With this release, multi-account multi-region Data Aggregation is now supported in six new Regions. For more information, see [Multi-Account Multi-Region Data Aggregation for AWS Config](aggregate-data.md).  | October 4, 2018 | 
| AWS Config supports resource-level permissions for AWS Config Rules APIs actions |  With this release, AWS Config supports resource-level permissions for certain AWS Config Rules API actions. For more information about the supported APIs, see [Supported Resource-Level Permissions for AWS Config Rule API Actions](security_iam_id-based-policy-examples.md#supported-resource-level-permissions).  | October 1, 2018 | 
| AWS Config supports CodePipeline resource type |  With this release, you can use AWS Config to record configuration changes to the AWS CodePipeline resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | September 12, 2018 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | September 5, 2018 | 
| AWS Config supports AWS Systems Manager resource type |  With this release, you can use AWS Config to record configuration changes to the AWS Systems Manager patch compliance and association compliance resource types. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | August 9, 2018 | 
| AWS Config allows you to delete your AWS Config data using AWS Management Console | With this release, AWS Config introduces support for retention period using AWS Management Console. In the AWS Management Console, you can select a custom data retention period for your `ConfigurationItems` . For more information, see [Deleting AWS Config Data](delete-config-data-with-retention-period.md).  | August 7, 2018 | 
| AWS Config supports AWS Shield resource type |  With this release, you can use AWS Config to record configuration changes to the AWS Shield Protection resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | August 7, 2018 | 
| AWS Config supports AWS PrivateLink | With this release, AWS Config supports AWS PrivateLink, enabling you to route data between your Amazon Virtual Private Cloud (VPC) and AWS Config entirely within the AWS network. For more information, see [Using AWS Config with Interface Amazon VPC Endpoints](config-VPC-endpoints.md). | July 31, 2018 | 
| AWS Config allows you to delete your AWS Config data | With this release, AWS Config introduces support for retention period. AWS Config allows you to delete your data by specifying a retention period for your `ConfigurationItems` . For more information, see [Deleting AWS Config Data](delete-config-data-with-retention-period.md). With this release, AWS Config adds the following new APIs. For more information, see the *AWS Config API Reference* : [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | May 25, 2018 | 
| AWS Config supports new managed rules |  This release supports the following two new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | May 10, 2018 | 
| AWS Config supports AWS X-Ray resource type |  With this release, you can use AWS Config to record configuration changes to the AWS X-Ray EncryptionConfig resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | May 1, 2018 | 
| AWS Config supports AWS Lambda resource type and one new managed rule |  With this release, you can use AWS Config to record configuration changes to the AWS Lambda function resource type. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release also supports the [lambda-function-public-access-prohibited](lambda-function-public-access-prohibited.md) managed rule. For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | April 25, 2018 | 
| AWS Config supports AWS Elastic Beanstalk resource type |  With this release, you can use AWS Config to record configuration changes to the AWS Elastic Beanstalk Application, Application Version, and Environment resources. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | April 24, 2018 | 
| AWS Config supports new managed rules |  This release supports the following two new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | April 4, 2018 | 
| Multi-account multi-region data aggregation | With this release, AWS Config introduces multi-account multi-region data aggregation. This feature allows you to aggregate AWS Config data from multiple accounts or an organization and multiple regions into an aggregator account. For more information, see [Multi-Account Multi-Region Data Aggregation for AWS Config](aggregate-data.md). With this release, AWS Config adds the following new APIs. For more information, see the *AWS Config API Reference* : [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)  | April 4, 2018 | 
| Monitoring AWS Config with Amazon CloudWatch Events |  With this release, use Amazon CloudWatch Events to detect and react to changes in the status of AWS Config events. For more information, see [Monitoring AWS Config with Amazon EventBridge](monitor-config-with-cloudwatchevents.md).  | March 29, 2018 | 
| New API operation | With this release, AWS Config adds support for [BatchGetResourceConfig](https://docs.aws.amazon.com/config/latest/APIReference/API_BatchGetResourceConfig.html) API, allowing you to batch-retrieve the current state of one or more of your resources. | March 20, 2018 | 
| AWS Config supports AWS WAF RuleGroup resource type |  With this release, you can use AWS Config to record configuration changes to the AWS WAF RuleGroup and AWS WAF RuleGroup Regional resources. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | February 15, 2018 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | January 25, 2018 | 
| AWS Config supports Elastic Load Balancing resource type |  With this release, you can use AWS Config to record configuration changes to your Elastic Load Balancing classic load balancers. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | November 17, 2017 | 
| AWS Config supports the Amazon CloudFront and AWS WAF resource type |  With this release, you can use AWS Config to record configuration changes to your CloudFront distribution and streaming distribution. With this release, you can use AWS Config to record configuration changes to the following AWS WAF and AWS WAF Regional resources; rate based rule, rule, and Web ACL.  For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | November 15, 2017 | 
| AWS Config supports the AWS CodeBuild resource type |  With this release, you can use AWS Config to record configuration changes to your AWS CodeBuild projects. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | October 20, 2017 | 
| AWS Config supports Auto Scaling resources and one new managed rule |  With this release, you can use AWS Config to record configuration changes to the following Auto Scaling resources; groups, launch configuration, scheduled action, and scaling policy. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release also supports the following managed rule: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | September 18, 2017 | 
| AWS Config supports the AWS CodeBuild resource type |  With this release, you can use AWS Config to record configuration changes to your AWS CodeBuild projects. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md).  | October 20, 2017 | 
| AWS Config supports Auto Scaling resources and one new managed rule |  With this release, you can use AWS Config to record configuration changes to the following Auto Scaling resources; groups, launch configuration, scheduled action, and scaling policy. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release also supports the following managed rule: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | September 18, 2017 | 
| AWS Config supports the DynamoDB table resource type and one new managed rule | With this release, you can use AWS Config to record configuration changes to your DynamoDB tables. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release supports the following managed rule: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | September 8, 2017 | 
| AWS Config supports two new managed rules for Amazon S3 |  This release supports two new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | August 14, 2017 | 
| New page in the AWS Config console |  You can use the **Dashboard** in the AWS Config console to see the following: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [Viewing the AWS Config Dashboard](viewing-the-aws-config-dashboard.md).   |  July 17, 2017  | 
| New API operation | You can use the [GetDiscoveredResourceCounts](https://docs.aws.amazon.com/config/latest/APIReference/API_GetDiscoveredResourceCounts.html) operation to return the number of resource types, the number of each resource type, and the total number of resources that AWS Config is recording in a Region for your AWS account. |  July 17, 2017  | 
| AWS Config supports the CloudFormation stack resource type and one new managed rule | With this release, you can use AWS Config to record configuration changes to your CloudFormation stacks. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release supports the following managed rule: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | July 6, 2017 | 
| New and updated content |  This release adds support for AWS Config Rules in the Canada (Central) Region and South America (São Paulo) Region. For all regions that support AWS Config and Config Rules, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*. | July 5, 2017 | 
| New and updated content |  AWS Config Rules is available in the AWS GovCloud (US) Region. For more information, see the [AWS GovCloud (US) User Guide](https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/).  For regions that support AWS Config, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_rules_region) in the *AWS General Reference*.  | June 8, 2017 | 
| AWS Config supports the Amazon CloudWatch alarm resource type and three new managed rules |  With this release, you can use AWS Config to record configuration changes to your Amazon CloudWatch alarms. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release supports three new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | June 1, 2017 | 
| New and updated content |  This release supports specifying the application version number for the following managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | June 1, 2017 | 
| New and updated content |  This release adds support for AWS Config Rules in the Asia Pacific (Mumbai) Region. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_rules_region) in the *AWS General Reference*.  | April 27, 2017 | 
| New and updated content |  This release supports an updated console experience for adding AWS Config managed rules to your account for the first time. When you set up AWS Config Rules for the first time or in a new Region, you can search for AWS managed rules by name, description, or label. You can choose **Select all** to select all rules or choose **Clear all** to clear all rules. For more information, see [Add, View, Update and Delete Rules (Console)](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html#managing-aws-config-rules-with-the-console).  | April 5, 2017 | 
| AWS Config supports new managed rules |  This release supports the following new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | February 21, 2017 | 
| New and updated content |  This release adds support for AWS Config Rules in the Europe (London) Region. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_rules_region) in the *AWS General Reference*.  | February 21, 2017 | 
| New and updated content |  This release adds CloudFormation templates for AWS Config managed rules. You can use the templates to create managed rules for your account. For more information, see [Creating AWS Config Managed Rules With AWS CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).  | February 16, 2017 | 
| New and updated content |  This release adds support for a new test mode for the `PutEvaluations` API. Set the `TestMode` parameter to true in your custom rule to verify whether your AWS Lambda function will deliver evaluation results to AWS Config. No updates occur to your existing evaluations, and evaluation results are not sent to AWS Config. For more information, see [PutEvaluations](https://docs.aws.amazon.com/config/latest/APIReference/API_PutEvaluations.html) in the *AWS Config API Reference*.  | February 16, 2017 | 
| New and updated content |  This release adds support for AWS Config Rules in the Asia Pacific (Seoul), and US West (N. California) Regions. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*.  | December 21, 2016 | 
| New and updated content  |  This release adds support for AWS Config in the Europe (London) Region. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*.  | December 13, 2016  | 
| New and updated content  |  This release adds support for AWS Config in the Canada (Central) Region. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*.  | December 8, 2016  | 
| AWS Config supports Amazon Redshift resource types and two new managed rules |  With this release, you can use AWS Config to record configuration changes to your Amazon Redshift clusters, cluster parameter groups, cluster security groups, cluster snapshots, cluster subnet groups, and event subscriptions.  For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release supports two new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | December 7, 2016 | 
| New and updated content |  This release adds support for a new managed rule: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | December 7, 2016 | 
| New and updated content | This release adds support for creating up to 50 rules per Region in an account. For more information, see [AWS Config Limits](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_config) in the AWS General Reference. | December 7, 2016 | 
| AWS Config supports the managed instance inventory resource type for Amazon EC2 Systems Manager and three new managed rules |  With this release, you can use AWS Config to record software configuration changes on your managed instances with support for managed instance inventory. For more information, see [Recording Software Configuration for Managed Instances with AWS Config](recording-managed-instance-inventory.md). This release supports three new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md).  | December 1, 2016 | 
| New and updated content | AWS Config is available in the China (Beijing) Region. | October 24, 2016 | 
| AWS Config supports the Amazon S3 bucket resource and two new managed rules |  With this release, you can use AWS Config to record configuration changes to your Amazon S3 buckets. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). This release supports two new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) For more information, see [AWS Config Managed Rules](evaluate-config_use-managed-rules.md).  | October 18, 2016 | 
| New and updated content  |  This release adds support for AWS Config and AWS Config Rules in the US East (Ohio) Region. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*.  |  October 17, 2016  | 
| New and updated managed rules | This update adds support for eight new managed rules: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)You can specify multiple parameter values for the following rules:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html)For more information, see [List of AWS Config Managed Rules](managed-rules-by-aws-config.md). | October 4, 2016 | 
| New and updated content for the AWS Config console  | This update adds support for viewing AWS CloudTrail API activity in the AWS Config timeline. If CloudTrail is logging for your account, you can view create, update, and delete API events for configuration changes to your resources. For more information, see [Viewing Compliance History for your AWS Resources with AWS Config](view-manage-resource-console.md).  | September 06, 2016 | 
| AWS Config supports Elastic Load Balancing resource type | With this release, you can use AWS Config to record configuration changes to your Elastic Load Balancing application load balancers. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | August 31, 2016 | 
| New and updated content |  This release adds support for AWS Config Rules in the Asia Pacific (Singapore), and Asia Pacific (Sydney) Regions. For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region) in the *AWS General Reference*.  |  August 18, 2016  | 
| New and updated content for AWS Config Rules |  This update adds support for creating a rule that can be triggered by both configuration changes and at a periodic frequency that you choose. For more information, see [Components of an AWS Config Rule](evaluate-config_components.md).  This update also adds support for manually evaluating your resources against your rule and deleting evaluation results. For more information, see [Evaluating Your Resources with AWS Config Rules](evaluating-your-resources.md). This update also adds support for evaluating additional resource types using custom rules.  | July 25, 2016 | 
| AWS Config supports Amazon RDS and AWS Certificate Manager (ACM) resource types | With this release, you can use AWS Config to record configuration changes to your Amazon Relational Database Service (Amazon RDS) DB instances, DB security groups, DB snapshots, DB subnet groups, and event subscriptions. You can also use AWS Config to record configuration changes to certificates provided by ACM. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | July 21, 2016 | 
| Updated information about managing the configuration recorder | This update adds steps for renaming and deleting the configuration recorder to [Working with the configuration recorder](stop-start-recorder.md). | July 07, 2016 | 
| Simplified role creation and updated policies | With this update, creating an IAM role for AWS Config is simplified. This enhancement is available in regions that support Config rules. To support this enhancement, the steps in [Setting Up AWS Config with the Console](gs-console.md) are updated, the example policy in [Permissions for the Amazon S3 Bucket for the AWS Config Delivery Channel](s3-bucket-policy.md) is updated, and the example policy in [Identity-based policy examples for AWS Config](security_iam_id-based-policy-examples.md) is updated. | March 31, 2016 | 
| Example functions and events for Config rules | This update provides updated example functions. | March 29, 2016 | 
| AWS Config Rules GitHub repository | This update adds information about the [AWS Config Rules GitHub repository](https://github.com/awslabs/aws-config-rules/) to [Evaluating Resources with AWS Config Rules](evaluate-config.md). This repository provides sample functions for custom rules that are developed and contributed by AWS Config users. | March 1, 2016 | 
| AWS Config Rules | This release introduces AWS Config Rules. With rules, you can use AWS Config to evaluate whether your AWS resources comply with your desired configurations. For more information, see [Evaluating Resources with AWS Config Rules](evaluate-config.md). | December 18, 2015 | 
| AWS Config supports IAM resource types | With this release, you can use AWS Config to record configuration changes to your IAM users, groups, roles, and customer managed policies. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | December 10, 2015 | 
| AWS Config supports EC2 Dedicated host | With this release, you can use AWS Config to record configuration changes to your EC2 Dedicated hosts. For more information, see [Supported Resource Types for AWS Config](resource-config-reference.md). | November 23, 2015 | 
| Updated permissions information | This update adds information about the following AWS managed policies for AWS Config:[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/DocumentHistory.html) | October 19, 2015 | 
| AWS Config Rules preview | This release introduces the AWS Config Rules preview. With rules, you can use AWS Config to evaluate whether your AWS resources comply with your desired configurations. For more information, see [Evaluating Resources with AWS Config Rules](evaluate-config.md). | October 7, 2015 | 
| New and updated content |  This release adds the ability to look up resources that AWS Config has discovered. For more information, see [Looking Up Resources That Are Discovered by AWS Config](looking-up-discovered-resources.md).  |  August 27, 2015  | 
| New and updated content |  This release adds the ability to select which resource types AWS Config records. For more information, see [Recording AWS Resources with AWS ConfigConsiderations](select-resources.md).  |  June 23, 2015  | 
| New and updated content |  This release adds support for the following regions: Asia Pacific (Tokyo), Asia Pacific (Singapore), Europe (Frankfurt), South America (São Paulo), and US West (N. California). For more information, see [AWS Regions and Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region).  |  April 6, 2015  | 
| New guide |  This release introduces AWS Config.  |  November 12, 2014  |