What is AWS Config

AWS Config - records configurations and configuration changes.

This is separate from cloud trail that records user events.

How to visualize this

Peope leave trails 🚶... (Cloud Trail)

Computers have configuration

Cloudtrail = Who did it?

AWS Config = What did they do?

AWS config has a configuration recorder that lets you inventory in real time.

Can be used in across multiple regions or accounts.

Resources can be evaluated constantly or on a fixed schedule.

Lambda or System manager can be used to automatically remediate any compliance problems.

AWS Config allows a system to be continuously compliant by maintaining records of the systems sin

Any time a change is made on the system - the change is captured with who or what made the change.

This enabled auditing and checking of compliance levels at any time, on demand.

Why use AWS config

It is hard to understand what resources you are using in AWS.

Think of the problems running a massive system.

How can you ever keep up with the what / where?

How do you know what is no longer required?

How do you know developers and engineers are following security policy?

This can be used for risk reduction:

Checking server exposure to the internet

Volumes that may not be encrypted.

Servers than hardening.

Accurate records of changes are recorded.

What can AWS config do

• Checks configurations

• Can save a snapshot of the current configuration

• Lets you pull historical configurations

• Allows the viewing of relationships

• Can find resources been used easily and quickly

• Can help reduce troubleshooting times though the comparison with the last known good configuration.

How AWS Config works

When a service is started AWS config scans the account for supported resources or services.

A configuation item is created for each resource or service.

Each time a change takes place a new configuration item is created.

This allows changes to be determined in the configuration.