# Config

* Config **provides a detailed view of the configuration of AWS resources in your AWS account**.<br>

* This includes **how the resources are related to one another** and **how they were configured in the past** so that you can **see how the configurations and relationships change over time**.

* With AWS Config, you can do the following:
  * **Evaluate your AWS resource configurations for desired settings**.<br>
  * Retrieve **historical configurations of one or more resources**.<br>
  * Receive a **notification whenever a resource is created, modified, or deleted**.<br>
  * View **relationships between resources**.
    * For example, you might want to **find all resources that use a particular security group**.

## Rules

* Config rules **represent your ideal configuration settings**.<br>

* Config **provides customizable, predefined rules called managed rules** to help you get started.<br>

* You **can also create your own custom rules with Lambda functions**.<br>

* While **Config continuously tracks the configuration changes that occur among your resources**, it **checks whether these changes violate any of the conditions in your rules**.<br>

* **If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant**.

* For example, when an EC2 volume is created, Config can evaluate the volume against a rule that requires volumes to be encrypted.
  * If the volume is not encrypted, AWS Config flags the volume and the rule as noncompliant.<br>

* **Triggers:**
  * When you add a rule to your account, you **can specify when you want AWS Config to run the rule (triggers)**.<br>
  * There are **two types of triggers:**
    * **Configuration changes**
      * Config runs evaluations for the rule when **certain types of resources are created, changed, or deleted**.<br>
    * **Periodic**
      * Config runs evaluations for the rule at **a frequency that you choose (for example, every 24 hours)**.