AmazonConfigClient configClient = new AmazonConfigClient(); ConfigRule configRule = new ConfigRule() .withRuleName("security-group-rule") .withDescription("Checks if security groups allow unrestricted inbound SSH access.") .withSource(new Source().withOwner("AWS").withSourceIdentifier("SECURITY_GROUP_SSH_ACCESS_CHECK")) .withInputParameters("{\"port\":\"22\",\"protocol\":\"TCP\"}"); configClient.putConfigRule(new PutConfigRuleRequest().withConfigRule(configRule)); configClient.putConfigurationRecorder(new PutConfigurationRecorderRequest() .withConfigurationRecorder(new ConfigurationRecorder() .withName("default-recorder") .withRoleARN("arn:aws:iam::123456789012:role/aws-config-role") .withRecordingGroup(new RecordingGroup().withAllSupported(true))) );