Summary

In this course, you learned how to define compliance as code and run this compliance automation across AWS resources in response to events.

You used AWS CloudFormation to provision the AWS resources as code and then run this code as part of a deployment pipeline using AWD CodePipeline and AWS CodeBuild.

You learned that these compliance checks can be run through managed services, including AWS Config Rules and Amazon CloudWatch Event Rules. These rules are defined in AWS Lambda and there are over 100 Managed Config Rules available for use.

You went through an exercise on how to write custom Config Rules using the Rules Development Kit which generates Lambda functions and other resources.

Finally, you learned how to automatically remediate resources that are deemed noncompliant based on desired configurations.

The whole idea of "Continuous Compliance" is that we treat security and compliance as code assets that we version, test, codify, and run with every change, the same as we do with other software assets. This is the only effective way to scale compliance while we scale the rest of the infrastructure.