AWS Config Service
In any web services it is very important to have a auditing and
compliance management service. In AWS this feature is provided
to us by AWS Config Service.
AWS Config is a service that enables you to assess, audit,
and evaluate the configurations of your AWS resources. Config
continuously monitors and records your AWS resource
configurations and allows you to automate the evaluation of
recorded configurations against desired configurations.
AWS Config allows you to continuously audit and assess the
overall compliance of your AWS resource configurations with your
organization’s policies and guidelines. AWS Config provides you
with the ability to define rules for provisioning and
configuring AWS resources.
Solutions can be implemented with this service:
With AWS Config, you are able to track the relationships
among resources and review resource dependencies prior to
making changes. Once a change occurs, you are able to
quickly review the history of the resource's configuration
and determine what the resource’s configuration looked like
at any point in the past.With AWS Config, you can capture a comprehensive history of
your AWS resource configuration changes to simplify
troubleshooting of your operational issues. Config helps you
identify the root cause of operational issues through its
integration with AWS CloudTrail, a service that records
events related to API calls for your account.With multi-account, multi-region data aggregation in AWS
Config, you can view compliance status across your
enterprise and identify non-compliant accounts.
AWS CONFIG has the following use cases:
AWS Config shows us all the resources that exist in our
account, record their current configuration, and capture any
changes to these configurations.
AWS Config can send us notification whenever resources are
created, updated and updated by using the Amazon Simple
Notification Service (SNS).
Using AWS Config, you can automate assessment of your resource
configuration and resources changes to help you ensure
continuous compliance and self-governance across your AWS
infrastructure.
Using AWS Config, you can quickly troubleshoot operational
issues by identifying the recent configuration changes to your
resources.
AWS Config Features:
AWS Config records details of changes to your AWS resources to
provide you with a configuration history. You can use the AWS
Management Console, API, or CLI to obtain details of what a
resource’s configuration looked like at any point in the past.
AWS Config will also automatically deliver a configuration
history file to the Amazon S3 bucket you specify.
AWS Config discovers, maps, and tracks AWS resource relationships
in your account. For example, if a new Amazon EC2 security group
is associated with an Amazon EC2 instance, AWS Config records
the updated configurations of both the Amazon EC2 security group
and the Amazon EC2 instance.
AWS Config provides you with pre-built rules for evaluating
provisioning and configuring of your AWS resources as well as
software within managed instances, including Amazon EC2 instances
and servers running on-premises.
Multi-account, multi-region data aggregation is a capability in
AWS Config that enables centralized auditing and governance. It
gives you an enterprise-wide view of your AWS Config rule
compliance status, and you can associate your AWS organization
to quickly add your accounts.
AWS Config provides you a visual dashboard to help you quickly
spot non-compliant resources and take appropriate action.
IT Administrators, Security Experts, and Compliance Officers
can see a shared view of your AWS resources compliance posture.
AWS Config integrates with AWS CloudTrail to correlate
configuration changes to particular events in your account.
You can use the CloudTrail logs to obtain the details of the
event that invoked the change, including who made the request,
at what time, and from which IP address