Prerequisite for Conformance Packs for AWS Config
Before you deploy your conformance pack, turn on AWS Config recording.
Step 1: Start AWS Config Recording (Required for all conformance packs)
- Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/home - . 
- 
                Choose Settings in the navigation pane. 
- 
                To start recording, under Recording is off, choose Turn on. When prompted, choose Continue. 
Step 2: Additional Prerequisites by Conformance Pack Type
A. Prerequisites for Using a Conformance Pack With Remediation
Before deploying conformance packs using sample templates with remediation, you must create appropriate resources such as automation assume role and other AWS resources based on your remediation target.
If you have an existing automation role that you are using for remediation using SSM documents, you can directly provide the ARN of that role. If you have any resources you can provide those in the template.
Note
When deploying a conformance pack with remediation to an organization, the management account ID of the organization needs to be specified. Otherwise, during deployment of the organizational conformance pack AWS Config replaces the management account ID with the member account ID automatically.
AWS Config does not support AWS CloudFormation intrinsic functions for the automation execution role
                or the ConfigRuleName. You must provide the exact ARN of the role as a
                string, and you must use the complete rule name without intrinsic functions.
For more information about how to pass the exact ARN, see Conformance Pack Sample Templates for AWS Config. While using example templates, update your Account ID and management account ID for organization.
B. Prerequisites for Using a Conformance Pack With One or More Custom AWS Config Rules
Before deploying a conformance pack with one or more custom AWS Config rules, create appropriate resources such as AWS Lambda function and the corresponding execution role.
If you have an existing custom AWS Config rule, you can directly provide the
                ARN of AWS Lambda function to create another instance of that custom
                rule as part of the pack. 
If you do not have an existing custom AWS Config rule, you can create a AWS Lambda function and use the ARN of the Lambda function. For more information, see AWS Config Custom Rules.
If your AWS Lambda function is present in a different AWS account, you can create
                AWS Config rules with appropriate cross-account AWS Lambda function authorization. For more
                information, see How to Centrally Manage AWS Config Rules across Multiple AWS accounts
C. Prerequisites for Organization Conformance Packs
Specify an automation execution role ARN for that remediation in the template if the
                input template has an autoremediation configuration. Ensure a role with the specified
                name exists in all the accounts (management and member) of an organization. You must create
                this role in all accounts before calling PutOrganizationConformancePack.
                You can create this role manually or using the AWS CloudFormation stack-sets to create this role
                in every account.
If your template uses AWS CloudFormation intrinsic function Fn::ImportValue to import a particular variable, then that
                variable must be defined as an Export
                    Value in all the member accounts of that organization.
For custom AWS Config rule, see How to Centrally Manage AWS Config Rules across Multiple AWS accounts
Organization bucket policy:
For AWS Config to be able to store conformance pack artifacts, you will need to provide an Amazon S3 bucket and add the following permissions. For more information on naming your bucket, see Bucket naming rules.
Note
When deploying conformance packs to an organization, the name of the delivery Amazon S3
                    bucket should start with awsconfigconforms.