How do I disable a check? How do I enable a check that was disabled?

Disabling a check will prevent notifications of violations of this specific check on future resources. It can be disabled across all cloud accounts or on an individual account basis.

How to disable a check

1.) From the compliance problems page ensure that the problem you want to place a bulk policy exception on is expanded. Below is an expanded view of "CloudTrail does not have KMS key correctly attached"

2.) Click "More information about this Check"

Image of a resource opened on the compliance tab.

3.) Click "Manage"

Image of a resource check

4.) Select the specific accounts for which you want to disable the check, or select "Disable for all-" 

5.) Click "Disable this Check for these Accounts"


  • You won't see compliance drift for changes to resources violating this check
  • Existing problems for resources violating this check will be marked as "fixed" with eight hours
  • Resources won't show as applying to this check
  • Resources won't show as applying to any policy associated with this check unless the resource also applies to another check associated with that policy



How to enable a check

1.) From the Compliance screen select the "Disabled Checks" icon

2.) Click "Manage Check" from the list of currently disabled checks that you want to enable. 

3.) Uncheck the box(es) for each individual account or "Disable for all-"

4.) Click "Disable this Check for these Accounts"