Config

  • Config provides a detailed view of the configuration of AWS resources in your AWS account.

  • This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

  • With AWS Config, you can do the following:

    • Evaluate your AWS resource configurations for desired settings.

    • Retrieve historical configurations of one or more resources.

    • Receive a notification whenever a resource is created, modified, or deleted.

    • View relationships between resources.

      • For example, you might want to find all resources that use a particular security group.

Rules

  • Config rules represent your ideal configuration settings.

  • Config provides customizable, predefined rules called managed rules to help you get started.

  • You can also create your own custom rules with Lambda functions.

  • While Config continuously tracks the configuration changes that occur among your resources, it checks whether these changes violate any of the conditions in your rules.

  • If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant.

  • For example, when an EC2 volume is created, Config can evaluate the volume against a rule that requires volumes to be encrypted.

    • If the volume is not encrypted, AWS Config flags the volume and the rule as noncompliant.

  • Triggers:

    • When you add a rule to your account, you can specify when you want AWS Config to run the rule (triggers).

    • There are two types of triggers:

      • Configuration changes

        • Config runs evaluations for the rule when certain types of resources are created, changed, or deleted.

      • Periodic

        • Config runs evaluations for the rule at a frequency that you choose (for example, every 24 hours).

PreviousCloudTrailNextIAM Policies

Last updated