diff --git a/modules/security_identity_compliance/aws_config/README.md b/modules/security_identity_compliance/aws_config/README.md
index 16db163..f05d89c 100644
--- a/modules/security_identity_compliance/aws_config/README.md
+++ b/modules/security_identity_compliance/aws_config/README.md
@@ -2,7 +2,7 @@
 This module performs the following tasks:
 
 - Enable AWS config in all regions
-- Deploy CIS1.4 level 1 conformance pack
+- Deploy [CIS1.4 level 1 conformance pack](https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_1.html)
 - Set Config retention period
 - Setup Config aggregator, aggregate Config in all regions into primary region
 - Create s3 bucket for config use
@@ -18,4 +18,6 @@ This module performs the following tasks:
 | aws-region-short | short name of aws region (e.g. apne1) | string | none | yes |
 
 # Notes
-It takes a while for AWS to process Config changes.
\ No newline at end of file
+- It takes a while for AWS to process Config changes.
+- [AWS managed config rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) are automatically applied. Those rule may duplicate with Cis1.4.
+