AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
In order to use AWS Config it needs to be turned on for each region and account we want to assess, audit and evaluate configurations. Once turned on AWS config will create a configuration item for supporting services and store it in the S3 bucket we specify in the configuration.
Click on “Get started”, lets follow the setup wizard
We now have AWS Config recording changes for supported resources within our region.
Now lets create a simple config rule. This rule checks to ensure that the AWS Systems Manager Service is running on EC2 Instances, we will review the rule later after we have deploy an EC2 Instance. We will learn more about AWS Systems Manager in a later lab.
Congratulations! You have turned AWS Config on and configured an AWS Config Rule. If you wait for the rule to evaluate it will come up “Noncompliant”. Return to this rule after you have created Inventory Collection in the AWS Systems Manager lab. The rule is dependant on inventory collection.