Study Guides/AWS Cybersecurity Notes/AWS Config: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
No edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
AWS Config - records configurations and configuration changes. | AWS Config - records configurations and configuration changes. | ||
This is | This is separate from cloud trail that records user events. | ||
: How to visualize this | : How to visualize this | ||
| Line 12: | Line 12: | ||
AWS config has a ''configuration recorder'' that lets you inventory | AWS config has a ''configuration recorder'' that lets you inventory in real time. | ||
:: Can be used in | :: Can be used in across multiple regions or accounts. | ||
:: Resources can be evaluated constantly or on a fixed | :: Resources can be evaluated constantly or on a fixed schedule. | ||
:: Lambda or System manager can be used to automatically remediate any compliance problems. | :: Lambda or System manager can be used to automatically remediate any compliance problems. | ||
AWS Config allows a | AWS Config allows a system to be continuously compliant by maintaining records of the systems sin | ||
:: Any time a change is made on the system - the change is captured with who or what made the change. | :: Any time a change is made on the system - the change is captured with who or what made the change. | ||
| Line 32: | Line 32: | ||
It is hard to understand what resources you are using in AWS. | It is hard to understand what resources you are using in AWS. | ||
: Think of the problems running a massive | : Think of the problems running a massive system. | ||
:: How can you ever keep up with the what / where? | :: How can you ever keep up with the what / where? | ||
| Line 38: | Line 38: | ||
:: How do you know what is no longer required? | :: How do you know what is no longer required? | ||
:: How do you know developers and engineers are following | :: How do you know developers and engineers are following security policy? | ||
| Line 47: | Line 47: | ||
: Volumes that may not be encrypted. | : Volumes that may not be encrypted. | ||
: Servers than | : Servers than hardening. | ||
: Accurate records of changes are recorded. | : Accurate records of changes are recorded. | ||
= What can AWS config do = | |||
* Checks configurations | |||
* Can save a snapshot of the current configuration | |||
* Lets you pull historical configurations | |||
* Allows the viewing of relationships | |||
* Can find resources been used easily and quickly | |||
Revision as of 00:44, 17 May 2026
What is AWS Config
AWS Config - records configurations and configuration changes.
This is separate from cloud trail that records user events.
- How to visualize this
- Peope leave trails 🚶... (Cloud Trail)
- Computers have configuration
AWS config has a configuration recorder that lets you inventory in real time.
- Can be used in across multiple regions or accounts.
- Resources can be evaluated constantly or on a fixed schedule.
- Lambda or System manager can be used to automatically remediate any compliance problems.
AWS Config allows a system to be continuously compliant by maintaining records of the systems sin
- Any time a change is made on the system - the change is captured with who or what made the change.
- This enabled auditing and checking of compliance levels at any time, on demand.
Why use AWS config
It is hard to understand what resources you are using in AWS.
- Think of the problems running a massive system.
- How can you ever keep up with the what / where?
- How do you know what is no longer required?
- How do you know developers and engineers are following security policy?
This can be used for risk reduction:
- Checking server exposure to the internet
- Volumes that may not be encrypted.
- Servers than hardening.
- Accurate records of changes are recorded.
What can AWS config do
- Checks configurations
- Can save a snapshot of the current configuration
- Lets you pull historical configurations
- Allows the viewing of relationships
- Can find resources been used easily and quickly
