Deep Security supports the use of AWS Config Rules to query the status of your AWS
instances. This can be especially useful if you want to have a centralized view into
whether your instances meet certain compliance requirements.
There are four Lambda functions available from the Deep Security AWS Config Rules Repository on GitHub:
-
ds-IsInstanceProtectedByAntiMalware checks whether the current instance is protected by the Deep Security anti-malware module.
-
ds-IsInstanceProtectedBy checks whether the current instance is protected by any of the Deep Security protection modules. This is a generic version of ds-IsInstanceProtectedByAntiMalware.
-
ds-DoesInstanceHavePolicy checks whether the current instance is protected by a specific Deep Security policy.
-
ds-IsInstanceClear checks whether the current instance has any warnings, alerts, or errors in Deep Security.
For more information about using AWS Config Rules with Deep Security, including a
helpful
video that walks you through the process of setting up a rule, see Deploying
AWS Config Rules for Deep Security. For more information about AWS Config, see
the AWS
Config section of the Amazon AWS website.