AWS Config, a fully managed service, provides AWS resource inventory, configuration history and notification of configuration changes to enable security compliance and governance.
It gives a detailed overview of the configuration of AWS resources within the AWS account.
It provides historical and point-in-time information and allows users to visually see changes in a timeline.
In cases where multiple configuration changes to a resource occur quickly (i.e. within a few minutes), this will only record the most recent configuration. This represents the cumulative effect of all of those changes.
This does not include all AWS services. For those services that are not supported, the configuration management process can easily be automated using APIs and code. It can also be used to compare past and current data.
It is a regional service.
It allows you to create custom rules or modify predefined rules.
AWS Config can assist with the following: Evaluate AWS resource configurations to determine desired settings
Take a look at the current configurations for the supported resources associated with your AWS account.
Retrieve configurations for one or more resources found in the account.
Historical configurations of one or several resources can be retrieved.
You will receive a notification when a resource is created or modified or deleted.
You can see the relationships between resources. You might want to see all resources that use a certain security group.
Security Analysis & Resource Administrationenables continuous monitoring and governance over resource configurations and helps evaluate them for any misconfigurations leading to security gaps or weaknesses.
Auditing & Compliance helps maintain a complete inventory all resources and their configuration attributes as well as point-in-time history
It allows you to retrieve historical configurations which can be very helpful for ensuring compliance and audits with internal policies.
Change Management helps to understand the relationships between resources so that you can assess the impact of the change.
Can be configured to notify when resources are created, modified or deleted without the need to monitor these changes by polling each resource’s calls.
Troubleshooting helps to quickly identify and solve problems by being able use the historical configurations and to compare the most recent configuration to the one causing the problem.
Discoveryhelps uncover resources within an account, leading to better inventory management and asset management.
A snapshot of the current configurations for the supported resources associated with the AWS accountAWS Configur Concepts
AWS ResourcesAWS Resources are entities that are created and managed for e.g. EC2 instances, Security group
AWS Config RulesAWS Configur Rules helps to define desired configuration settings for resources or the entire account
AWS Config monitors the configuration of resource resources against the rules and marks those that violate them as non-compliant.
Resource RelationshipAWS Configure discovers AWS resources within the account and creates a map of relationships among AWS resources, for example. EBS volume linked with an EC2 instance
Configuration ItemsA configuration Item is a point in time view of an AWS resource supported by AWS
A configuration item’s components include metadata, attributes and relationships.
Configuration SnapshotA configuration snapshot is a collection all the configuration items for supported resources that are in your account
Configuration HistoryA configuration history is a record of all configuration items for a resource over a time period.
Configuration StreamConfiguration stream is an automatic updated list of configuration items for all resources that AWS Config records.
Configuration RecorderConfiguration recorder stor