AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.
You can enable and customize these rules in the AWS Config console according to these instructions. See To set up and activate an AWS managed rule (Console).
...but of course we prefer to automate.