Set up AWS Config Rules

Deep Security supports the use of AWS Config Rules to query the status of your AWS instances. This can be especially useful if you want to have a centralized view into whether your instances meet certain compliance requirements.

There are four Lambda functions available from the Deep Security AWS Config Rules Repository on GitHub:

  • ds-IsInstanceProtectedByAntiMalware checks whether the current instance is protected by the Deep Security Anti-Malware module.
  • ds-IsInstanceProtectedBy checks whether the current instance is protected by any of the Deep Security protection modules. This is a generic version of ds-IsInstanceProtectedByAntiMalware.
  • ds-DoesInstanceHavePolicy checks whether the current instance is protected by a specific Deep Security policy.
  • ds-IsInstanceClear checks whether the current instance has any warnings, alerts, or errors in Deep Security.

For more information about using AMS Config Rules with Deep Security, including a helpful video that walks you through the process of setting up a rule, see Deploying AWS Config Rules for Deep Security. For more information about AWS Config, see the AWS Config section of the Amazon AWS website.