2025 06 12

AWS – AWS Control Tower now supports service-linked AWS Config managed Config rules

Today, we are excited to announce support for service-linked AWS Config rules in AWS Control Towers detective controls. A service-linked AWS Config rule is managed entirely by AWS services and cannot be edited or deleted by users. To maintain consistency, prevent configuration drift, and simplify user experience, you can only update these rules through AWS Control Tower.

With this release, AWS Control Tower now deploys service-linked Config rules directly in managed accounts, replacing the previous AWS CloudFormation StackSets deployment method. This change delivers substantial improvements to deployment speed, significantly reducing the time required to enable service-linked Config rules across multiple AWS Control Tower managed accounts and regions. Additionally, these service-linked Config rules are designed to ensure consistent governance of your resources through detective controls by preventing unintentional configuration drift.

AWS Control Towers Config rules detect resource noncompliance within your accounts, such as policy violations, and provide alerts through the dashboard. You can deploy AWS Control Tower controls via the console or using AWS Control Tower control APIs. For a complete list of supported AWS Regions, please refer to the AWS Region Table.

AWS – AWS Control Tower now supports service-linked AWS Config managed Config rules

Related Posts

GCP – How to benchmark and scale your Google Cloud Managed Service for Kafka deployment

GCP – How good is your AI? Gen AI evaluation at every stage, explained

AWS – Announcing price reductions for Amazon SageMaker AI GPU-accelerated instances