Here is a service AWS provides a service that continuously monitors and tracks your AWS resource configurations lets users review and assess your AWS resources’ configurations. This service can keep autonomous track of the configurations in your AWS resources, and various other functions. With AWS Config, you can make security audits, troubleshooting, and change management a breeze.
Benefits
Continuous Monitoring – the service automatically monitors and tracks changes to the configurations of your AWS resources. At any time, you can generate an inventory of your AWS resources, their configurations, and also the software settings of your EC2 instances. You can be notified by even minor changes via Amazon SNS so you can monitor and approve it.
Continuous Assessment – with AWS Config you may verify and assess how well your configurations comply with required standards and policies. The service allows you to designate rules for provisioning and configuring AWS resources. If the configurations do not follow these settings, you may automatically be notified of these deficiencies through Amazon SNS. You are also provided a dashboard from which you may quickly check for non-compliant resources.
Change management – AWS Config lets you monitor the connections between your AWS resources and monitor dependencies before you decide on changes. After any change, you may even review the resource’s configuration change history at any time in its past. The service can also inform you what the effect a change will have on other resources, so as to mitigate any risky impact that comes with the change.
Troubleshoot Operational Issues — With the stringent configuration change history available in AWS Config, users can more easily find the cause of operational problems. AWS Config integrates with AWS CloudTrail, which records events that have to do with API calls for your account.
Monitor Compliance – AWS Config lets your review how closely your organization complies with standards. You can quickly determine which accounts are non-compliant. You can also check the status of individual account across different regions, or view an entire region’s compliance status, all within the Config console and using a single account.
Where To Use AWS Config
- Discover Resources – You can discover all resources that are linked to your account, track their configurations, and detect changes to them. For complete inventory purposes, it will even keep the data from deleted resources.
- Change Management — any changes (creation, modification, deletion) are sent to you through Amazon SNS. You are not caught off-guard by sudden changes.
- Continuous Compliance Assessment – You can carefully monitor configurations to determine if they comply with your organization’s policies and standards. You gain visibility and can evaluate configuration changes as needed.
- Codifying Compliance – You can set compliance as code, using your own rules in AWS Lambda, to set best practices for your configurations to follow. AWS Config also lets you automate the assessment of changes to your configurations to stay within compliance standards.
- Troubleshooting – You can rapidly detect operational problems by determining changes to your resource configuration.
- Security Analysis – AWS Config allows users to continuously check configurations for possible security risks. Any changes can be sent to you through Amazon SNS for evaluation and approval. By letting you review your history of changes, you can also determine the status of your security.
Talk to us at info@copebit.ch if you want to use AWS config. We have great templates and its very easy to start.
Marco is a managing partner at copebit. He got seven AWS certifications. He has spent three years in Australia and has worked with AWS and DevOps technologies for the last 6 years.