AWS Config gives you complete visibility into the deployment and tracking resources. It monitors inventory changes and identifies deleted resources. It analyzes the compliance of the desired rule against a deployed configuration and responds to security incidents without distorting the end user. It assists in troubleshooting misconfigured resources.
AWS Config allows users to see a complete view on the configuration of AWS resources associated with their AWS account. This allows you to see the relationships between all resources and their configurations.
AWS Config uses AWS CloudTrail for recording configuration changes and interdependencies between resources.
Why AWS Configure?
IT admin can set the desired configuration settings for all of your resources in AWS Config rules. These rules are compared to the current deployment to provide an analysis. This will show you how your current deployment is set up and how it should be.
Sometimes conflicts can occur between configurations, indicating non-compliance with the configuration. Administrators can use this information to identify the problem and fix it.
What are AWS Config Rules?
An AWS Config Rule can be described as the desired configuration setting for a specific AWS resource or an entire AWS account. AWS Config records configuration changes as configuration items and checks that each change is compliant with the desired rules.
There are two types of config rules.
Pre-built rules that are primarily for common use cases
You can create custom rules that allow you to write a lambda function, and then trigger it. This lambda function includes logic that evaluates whether your AWS Resources will conform to the rule.
AWS Config tracks the configuration changes that are occurring in your account. It can either be configured for SNS notifications or can be viewed on AWS Config dashboard to view compliance and resource changes.
Capabilities of AWS Configuration
You can see how resources are interconnected and how changes to one resource affect other resources.
You must ensure that your rules are being followed.
The following describes the use cases for AWS config rules:
Security analysis: Are my configurations secure?
AWS Config monitors all configuration changes and assists you in evaluating them.
Management of change: What will this change do?
This section explains how changes to the current deployment can affect other resources.
Troubleshooting: What’s changed?
If changes to the resource configuration are not in compliance, a walk-through from AWS Config dashboard of the changes history will help you fix the problem.
Discovery: What resources are available?
Find resources in your account. API and console provide a complete inventory of all resources as well as their configuration attributes.
VPC compliance being checked
This Config rule will check whether instances are located under a specific VPC. If this is true, the rule will show compliance.
1.Login to AWS Console and choose Config under Management Tools.
2.Select “ec2-instances” in-vpc, which is an existing rule with configuration (AWS Config rule available only in N.Virginia).
3.Name your config rule. Modify the scope of changes to Resources in order to filter the resources.
4. Select EC2 instance from the resources field. Then, enter your instance-id into the next field.
5.Config rule takes effect when you click on Save. You can see that the rule is compliant.
6. We can view the timeline and examine the changes made to the instance at resource level.
7. It is possible to see how different resources relate to the EC2-instance.
8. You can