AWS Config -An intro
Originally posted on dev.to
What is AWS Config?
AWS config takes care of tracking of all resources which are created, deleted, or managed with a great accuracy and less effort.
AWS config does detailed inventory of AWS resources configuration while continuously audit changes.This helps in evaluate configuration and compliance with preferred configurations using AWS Config Rules.
Also you can use Amazon SNS for notification when a change occurs
In other words
A fully managed services for
- AWS resources inventory
- To capture resources changes
- Store Configuration for individual resources
- Snapshot of current resource configuration
- SNS when a change occurs
- Cloud trail integration – Who made the change and When
- Compliance check – possible custom rules
- Security Analysis
- Information regarding relationship of resources
Lets talk a bit about Configuration History !
Configuration items (CI)
CI helps to understand changes of aws resources in certain set of time.
Components of a Configuration Item
A json file that consist of-
Metadata – Information about configuration item
it contains Version ID , the time when the configuration ID captured,Status of configuration, State ID
Attributes- information about resource ID, Key-Value tags for this resource,resource type, ARN- Amazon resource Name, AZ of resource, time stamp of resource creation
Relationships- Relationship between rsources associated with the account
Current Configaration – Information for call to discribe or list API resource
example –
aws configservice get-resource-config-history –resource-type AWS::EC2::Subnet –resource-id subnet-xxxxxxxx
Resources
Demo of AWS Config – by Rudy Chetty
Enforce Compliance with AWS Config – by AWS
Evaluate Third-Party Resources with AWS Config -by AWS
AWS Config Videos Collection by awsvideocatalog.com
Hands on Labs
AWS Config Workshop – Risk and Complaince
Config Engine for IAC (infrastructure as code) Development Kit code
