This repository provides a solution to detect and automatically remediate AWS security misconfigurations using AWS CDK (Cloud Development Kit). It focuses on ensuring that AWS resources are compliant with best practices, and if not, it triggers remediation actions.
The solution uses AWS Config to continuously monitor and assess AWS resource configurations. When a resource is found to be non-compliant with the defined AWS Config Rules, AWS Lambda functions are triggered to remediate the misconfiguration and bring the resource back to a compliant state.
- AWS CLI installed and configured with appropriate permissions.
- AWS CDK installed.
- Node.js and NPM installed.
- Python 3.8 or later.
-
Clone the Repository
-
Install Dependencies
npm install
- Deploy with CDK
First, bootstrap the CDK (only needs to be done once per AWS account/region):
cdk bootstrap
Deploy the CDK stack:
cdk deploy {STACK_NAME}
Once deployed, the solution will start monitoring the AWS resources defined in the AWS Config rules. If a resource is found to be non-compliant, the corresponding Lambda function will be triggered to remediate the misconfiguration.
To avoid incurring future charges, you can destroy the CDK stack
cdk destroy