AWS config takes care of tracking of all resources which are created, deleted, or managed with a great accuracy and less effort.
AWS config does detailed inventory of AWS resources configuration while continuously audit changes.This helps in evaluate configuration and compliance with preferred configurations using AWS Config Rules.
Also you can use Amazon SNS for notification when a change occurs
In other words
A fully managed services for
- AWS resources inventory
- To capture resources changes
- Store Configuration for individual resources
- Snapshot of current resource configuration
- SNS when a change occurs
- Cloud trail integration – Who made the change and When
- Compliance check – possible custom rules
- Security Analysis
- Information regarding relationship of resources
Lets talk a bit about Configuration History !
CI helps to understand changes of aws resources in certain set of time.
A json file that consist of-
Metadata – Information about configuration item
it contains Version ID , the time when the configuration ID captured,Status of configuration, State ID
Attributes- information about resource ID, Key-Value tags for this resource,resource type, ARN- Amazon resource Name, AZ of resource, time stamp of resource creation
Relationships- Relationship between rsources associated with the account
Current Configaration – Information for call to discribe or list API resource
aws configservice get-resource-config-history –resource-type AWS::EC2::Subnet –resource-id subnet-xxxxxxxx