It is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your AWS resource configurations and allows the user to automate the evaluation of recorded configurations against desired configurations. With this, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management and operational troubleshooting.
- Security Analysis & Resource Administration – It?allows continuous monitoring and oversight of resource configurations, as well as assisting you in evaluating them for any misconfigurations that could lead to security vulnerabilities or weaknesses.
- Continuous monitoring – It allows you to monitor and record configuration changes to your AWS resources in real-time. At any time, it allows you to inventory your AWS resources, their configurations, and software configurations within EC2 instances. An Amazon Simple Notification Service (SNS) notification can be sent to you after a change from a prior state is detected for you to review and act on.
- Continuous assessment – It?allows you to audit and analyse the overall compliance of your AWS resource configurations with your organization’s policies and standards on a continual basis. Config allows you to specify rules for creating and configuring Amazon Web Services services. These rules can be delivered individually or in a pack (known as a conformance pack) with compliance remediation actions that can be implemented throughout your whole business with a single click.
- Change management – Before making changes, you can use Config to track resource relationships and examine resource dependencies. You can rapidly check the history of the resource’s configuration once a change occurs and determine what the resource’s configuration looked like at any point in time. It provides you with information to assess how a change to a resource configuration would affect your other resources, which minimizes the impact of change-related incidents.
- Enterprise-wide compliance monitoring –?With multi-account, multi-region data aggregation in Config, you can view compliance status across your enterprise and identify non-compliant accounts. You can dive deeper to view the status for a specific region or a specific account across regions. You can view this data from the Config console in a central account, removing the need to retrieve this information individually from each account and each region.
- AWS ResourcesAWS Resources are entities created and managed?for eg. EC2 instances, Security groups
- AWS Config RulesConfig Rules aid in the definition of required resource or account configuration parameters.It monitors resource configuration changes against the rules and flags them as non-compliant if they are not followed.
- Resource RelationshipIt finds the account’s AWS resources and then produces a map of relationships between them, for example, An EC2 instance is linked to an EBS volume.
- Configuration ItemsA configuration item represents a point-in-time view of the?supported AWS resourceComponents of a configuration item include metadata, attributes, relationships, current configuration and related events.
- Configuration SnapshotA configuration snapshot is a collection of the configuration items for your account’s supported resources.
- Configuration HistoryA configuration history is a collection of the configuration items for a given resource over any time period
- Configuration StreamConfig’s Configuration Stream is an automatically updated collection of all configuration items for the resources recorded by Config.
- Configuration RecorderIt records the configurations of the supported resources in your account are saved as configuration items in the Configuration Recorder.A configuration recorder needs to be created and started for recording.
You can use the AWS Management Console to get started with AWS Config to do the following:
- Specify the resource types you want Config to record.
- Set up Amazon SNS to notify you of configuration changes.
- Specify an Amazon S3 bucket to receive configuration information.
- Add AWS Config managed rules to evaluate the resource types.
