What is AWS Config

AWS Config - records configurations and configuration changes.

This is seperate from cloudtrail that records user events.

How to visualize this

Peope leave trails 🚶... (Cloud Trail)

Computers have configuration

AWS config has a configuration recorder that lets you inventory inreal time.

Can be used in accross multiple regions or accounts.

Resources can be evaluated constantly or on a fixed scedule.

Lambda or System manager can be used to automatically remediate any compliance problems.

AWS Config allows a sysem to be continusly compliant by maintaining records of the systems state.

Any time a change is made on the system - the change is captured with who or what made the change.

This enabled auditing and checking of compliance levels at any time, on demand.

Why use AWS config

It is hard to understand what resources you are using in AWS.

Think of the problems running a massive account.

How can you ever keep up with the what / where?

How do you know what is no longer required?

How do you know developers and engineers are following securtiy policy?