Part 3 - Bonus - Another Possibility using SSM Automation Document

1. Go to CloudWatch Events and Disable the CloudWatch Event Rule we created earlier, this will prevent the lambda from being triggered and remediating the public Bucket.

2. Go to AWS Config, select the rules and Click on Manage Redemediation, note that the Remediation Action column is blank.

3. Select the AWS Systems Manager Automation Document deployed by the CloudFormation template (it will be listed toward the Bottom), and Select BucketName for Resource ID.

4. The remediation column should now be populated with the SSM Automation Document Name

5. Follow the same steps as previously to make the bucket public, and run the config rule so the bucket comes up as non-compliant.

6. Go back to AWS Config, click into the rule and remediate the non-compliant resource. This will execute the Automation Document.

7. You can head over to AWS Systems Manager, and click on Automation on the right side to observe what occurred.

8. Re-Run your complaince, of check the Block Public Settings on the S3 Bucket.

End of Lab Exercises

Thank you for using this lab.