Integrated AWS Config controls available in AWS Control Tower

AWS Control Tower is integrated with AWS Config to provide selected additional detective controls that help you monitor and manage your AWS environment. These AWS Config controls are available in the AWS Control Tower console. The Control owner field for these controls is displayed as AWS Config.

You can enable and disable the controls through the console or the AWS Control Tower EnableControl and DisableControl APIs. They are viewable programmatically by calling the controlcatalog GetControl and ListControls APIs.

In AWS Config, these integrated controls are listed by identifier.
In the AWS Control Tower console and APIs, the integrated controls are shown with names that summarize their function.

For more information about AWS Config and these managed controls, see List of AWS Config managed rules in the AWS Config Developer Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

The Security Hub standard

Parameterized controls