Study Guides/AWS Cybersecurity Notes/AWS Config: Difference between revisions
From Cramsession
Jump to navigationJump to search
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
No edit summary |
No edit summary |
||
| Line 39: | Line 39: | ||
:: How do you know developers and engineers are following securtiy policy? | :: How do you know developers and engineers are following securtiy policy? | ||
This can be used for risk reduction: | |||
: Checking server exposure to the internet | |||
: Volumes that may not be encrypted. | |||
: Servers than need patching. | |||
: Accurate records of changes are recorded. | |||
Revision as of 00:33, 17 May 2026
What is AWS Config
AWS Config - records configurations and configuration changes.
This is seperate from cloudtrail that records user events.
- How to visualize this
- Peope leave trails 🚶... (Cloud Trail)
- Computers have configuration
AWS config has a configuration recorder that lets you inventory inreal time.
- Can be used in accross multiple regions or accounts.
- Resources can be evaluated constantly or on a fixed scedule.
- Lambda or System manager can be used to automatically remediate any compliance problems.
AWS Config allows a sysem to be continusly compliant by maintaining records of the systems state.
- Any time a change is made on the system - the change is captured with who or what made the change.
- This enabled auditing and checking of compliance levels at any time, on demand.
Why use AWS config
It is hard to understand what resources you are using in AWS.
- Think of the problems running a massive account.
- How can you ever keep up with the what / where?
- How do you know what is no longer required?
- How do you know developers and engineers are following securtiy policy?
This can be used for risk reduction:
- Checking server exposure to the internet
- Volumes that may not be encrypted.
- Servers than need patching.
- Accurate records of changes are recorded.
