AWS Config Rule: CodeDeploy Auto Rollback Monitor Enabled

Description: Checks if the deployment group is configured with automatic deployment rollback and deployment monitoring with alarms attached. The rule is NON_COMPLIANT if AutoRollbackConfiguration or AlarmConfiguration has not been configured or is not enabled.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region

This AWS Config Rule will check to see if you have particular settings enabled for your CodeDeploy Deployment settings. In order to be compliant, we will need to assign both an Alarm and 2 rollback settings.

To change this, head on over to your CodeDeploy Dashboard within the AWS Developer Tools. We will want to locate our application and deployment group and edit the settings.

In the edit screen, we need to expand the "Advanced" options at the bottom. We will need to add an appropriate CloudWatch Alarm and ensure that both Rollback options are ticked, as pictured below

Note: Enabling "Ignore Alarm Configuration" will render this as non-compliant under AWS Config regardless of the other settings.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here