AWS Config - Assess, audit, and evaluate configurations of your resources

What is AWS Config?

AWS Config is a fully managed service that provides you with

• resource inventory

• configuration history

• configuration change notifications for security and governance.

It provides a detailed inventory of your AWS resources and their configurations.

It continuously monitors and records configurations and changes, enabling you to assess compliance with internal policies, organization standards , industry regulations, and best practices

Benefits of AWS Config

1. Manage resource configuration changes:

Continually assess, monitor, and record resource configuration changes to simplify change management.

2. Evaluate configurations against desired state:

Audit and evaluate compliance of your resource configurations with your organization’s policies on a continual basis.

3. Simplify troubleshooting and remediation:

Simplify operational troubleshooting by correlating configuration changes to particular events in your account.

How AWS config works?

1. Configuration Recorder: AWS Config starts by recording the configuration details of your AWS resources. This includes information such as instance types, security groups, network configurations.

2. Configuration Items: These recorded details [recorded by Configuration recorder ]are stored as Configuration Items (CIs) in AWS Config. Each CI represents a snapshot of a resource’s configuration at a specific point in time.

3. Rules: An AWS Config rule represents desired configurations for a resource and is evaluated against configuration changes on the relevant resources, as recorded by AWS Config. These rules are based on AWS Config managed rules (pre-defined rules provided by AWS) or custom rules that you can create using AWS Lambda functions.

4. Compliance Checking: AWS Config continuously monitors the configurations of your resources against the rules you’ve defined. It checks for any deviations from the desired configurations.

5. Notifications & Alert Mechanism: When AWS Config detects a deviation (non-compliance) based on your rules, it can send notifications via Amazon SNS (Simple Notification Service). These notifications alert you to take corrective actions.

So AWS Config helps you maintain a consistent and compliant configuration posture across your AWS resources by continuously monitoring, evaluating, and alerting you on configuration changes and deviations. It’s a crucial tool for ensuring security, compliance, and operational best practices in your AWS environment.