AWS Config ¶
What is AWS Config?
AWS Config
provides a detailed view of the resources associated with your AWS account, including how they are configured, how they are related to one another, and how the configurations and their relationships have changed over time.
Below diagram shown the various servers which we need to configure
You can use AWS Config rules to represent your desired configuration settings
for specific AWS resources or for an entire AWS account. If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant and notifies you through Amazon SNS
AWS Config also provides the following features:
- A normalized snapshot of how your resources are configured and the ability to create rules that enforce the compliant state of those resources
- Customizable, predefined rules to help you get started, in addition to prebuilt remediation actions and the option to automatically remediate an issue
Config Aggregators ⚛️¶
An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from the following:
- Multiple accounts and multiple AWS Regions.
- Single account and multiple AWS Regions.
- An organization in AWS Organizations and all the accounts in that organization which have AWS Config enabled.
Use an aggregator to view the resource configuration and compliance data recorded in AWS Config. An aggregator uses an Amazon S3 bucket to store aggregated data. It periodically retrieves configuration snapshots from the source accounts and stores them in the designated S3 bucket.
Config Recorder 🎥¶
The configuration recorder stores the configurations of the supported resources in your account as configuration items. You must first create and then start the configuration recorder before you can start recording. You can stop and restart the configuration recorder at any time.
Config Snapshot 📷¶
A configuration snapshot is a collection of the configuration items for the supported resources that exist in your account. This configuration snapshot is a complete picture of the resources that are being recorded and their configurations. The configuration snapshot can be a useful tool for validating your configuration.
Config History ⌚️¶
A configuration history is a collection of the configuration items for a given resource over any time period. A configuration history can help you answer questions about, for example, when the resource was first created, how the resource has been configured over the last month, and what configuration changes were introduced yesterday at 9 AM.
Difference between Config History and Config Snapshot
Config Rule 👮¶
AWS Config provides AWS managed rules, which are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.
For example, you could use a managed rule to quickly start assessing whether your Amazon Elastic Block Store (Amazon EBS) volumes are encrypted or whether specific tags are applied to your resources.