Blog Details

Introduction to AWS Config

+1
0
+1
0
+1
0
+1
0
+1
0

AWS Config -An intro

Originally posted on dev.to

 

What is AWS Config?

AWS config takes care of tracking of all resources which are created, deleted, or managed with a great accuracy and less effort.
AWS config does detailed inventory of AWS resources configuration while continuously audit changes.This helps in evaluate configuration and compliance with preferred configurations using AWS Config Rules.
Also you can use Amazon SNS for notification when a change occurs

In other words

A fully managed services for

  • AWS resources inventory
  • To capture resources changes
  • Store Configuration for individual resources
  • Snapshot of current resource configuration
  • SNS when a change occurs
  • Cloud trail integration – Who made the change and When
  • Compliance check – possible custom rules
  • Security Analysis
  • Information regarding relationship of resourcesconfig-AWS

Lets talk a bit about Configuration History !

Configuration items (CI)

CI helps to understand changes of aws resources in certain set of time.

Components of a Configuration Item

CI-AWS config

A json file that consist of-

Metadata – Information about configuration item
it contains Version ID , the time when the configuration ID captured,Status of configuration, State ID

Attributes- information about resource ID, Key-Value tags for this resource,resource type, ARN- Amazon resource Name, AZ of resource, time stamp of resource creation

Relationships- Relationship between rsources associated with the account

Current Configaration – Information for call to discribe or list API resource
example –

aws configservice get-resource-config-history –resource-type AWS::EC2::Subnet –resource-id subnet-xxxxxxxx
 

Resources

Demo of AWS Config – by Rudy Chetty

Enforce Compliance with AWS Config – by AWS

Evaluate Third-Party Resources with AWS Config -by AWS

AWS Config Videos Collection by awsvideocatalog.com


Hands on Labs

AWS Config Workshop

AWS Config Workshop – Risk and Complaince

Config Engine for IAC (infrastructure as code) Development Kit code

AWS Config Rule Development Kit

AWS Config Rules Repository