In this AWS blog, we are going to talk about everything about AWS Config Services. There are different services in AWS like Application Monitoring, Network Monitoring, The Config service has many dimensions that we are going to deep dive are-
- AWS config service now
- AWS config profile
- AWS config file
- AWS config pricing
- AWS appconfig
- AWS config documentation
- AWS config example
- AWS config vs cloudtrail
What is the AWS Config service?
AWS Config is an AWS service that enables users to audit, check, and evaluate the settings and configurations of various AWS resources.
AWS Config simplifies the process of change management, operational troubleshooting, security analysis, compliance auditing and so much more.
AWS config profile?
AWS Config allows the ability to monitor, assess, and record the AWS resource configurations for you to automatically assess the configurations recorded with the preferred.
The service allows you to review changes, relationships between the AWS resources, the history of configurations, and the compliance of the configurations in comparison with the ones you have specified.
How does AWS Config Service Work?
The moment you enable it in your account, it discovers the services that you enabled in your account and creates a list of items of how they are configured.
It tracks the change in the configs of the existing resources.
What are The AWS Config Service Features?
There are a variety of features for AWS Config.
1. Configuration History of AWS Resources
- The best feature of AWS Config is that it provides a complete configuration history of the AWS resources you use.
- The API, AWS Management Console, or Command Line Interface can be used to determine the configurations in any past version.
- AWS Config can also send a configuration history file to you according to your specifications.
2. Software Configuration History
AWS Config gives the ability to users to record their configurations of the software within the Amazon EC2 instances, local on-site, and virtual machines in different environments of other cloud providers.
You can easily gain information about operating system configurations, application installations, system updates, network settings, and a lot more changes recorded for the Amazon EC2 instances.
3. Tracking of Relationships between Resources
- AWS Config uncovers, charts, and tracks AWS resource relationships within your AWS account.
- The AWS Config can look for connections between Amazon EC2 security groups and Amazon EC2 instances to map a relationship between them.
- AWS Config can note the updated configurations of the instance as well as the security group.
4. Customizable AWS Config Rules
- AWS Config provides a built set of rules for assessing configuration and provisioning needs for your AWS resources.
- The AWS Config File also provides rules for software within instances which include Amazon EC2 and on-site servers.
- These rules can be tailored according to your preferences and evaluation of AWS resource configurations.
AWS Config vs CloudTrail: Which is better?
AWS CloudTrail is a service that logs all API calls to an AWS service. It records details of which user or application made the changes when was the call made, and which IP address was the call made from.
There are similarities between AWS Config and AWS CloudTrail but there is a major difference as well:
|AWS Config||AWS CloudTrail|
|AWS Config is a monitoring tool that assess and evaluates your AWS resources.||AWS CloudTrail is a monitoring tool that evaluates where and when the changes were made to an AWS service.|
|AWS Config focuses on what has changed in an AWS resource.||AWS CloudTrail has a record of the user that made the change, the IP address of the location the change was made from, and the time it was made.|
|AWS Config focuses on configuration rules and how changes are made in comparison with the set threshold.||AWS CloudTrail focuses on API calls, events, and any activity that drives changes.|
How to Configure AWS Config?
The below terraform code snippet creates an AWS Config with a Delivery Channel.
What is AWS config service now?
AWS Config has Service Management Connector that can be used to configure ServiceNow.
AWS config Service Linked Role?
AWSServiceRoleForConfig is the Role that AWS Config uses to communicate to all the services in AWS to work and collect the config data.
What is an AWS appconfig?
This is a tool that makes the changes in config which are basically app administration easy by handling it from a central location.
What are the top AWS config rules?
There are many AWS Config Rules, let us jot down a few.
|ec2-instance-no-public-ip||Checks if EC2 does not have a public IP|
|ec2-ebs-encryption-by-default||Encryption should be enabled for EBS volumes|
|vpc-default-security-group-closed||Default security group is not attached to VPC|
|access-keys-rotated||Make sure rotation of the access key is enabled|
|s3-bucket-server-side-encryption-enabled||Checks if the server-side encryption is enabled.|
AWS config example?
Below is an example of configuring your AWS Config using Terraform.
Q. Where Can I Find AWS Config Documentation?
AWS Config Documentation can be found easily on the AWS website here where you can find tutorials, information about AWS Config rules, and frequently asked questions about AWS Config.
Q. Where Can I Find Details About AWS Config Pricing?
AWS Config pricing depends on how many configuration items are recorded, how many AWS Config rule evaluations are there, and the amount of conformance pack evaluations.
If you are interested in knowing how much AWS Config would cost for your application or usage, you can calculate AWS Config and architecture costs by using this calculator.
Q. Are there any AWS Config service limits?
Of course, there are service limits of AWS Config. For details check out the AWS Page here.
Q: AWS config service cli?
Yes, AWS Config supports Cli. We can use CLI to configure AWS Config.
I am an Amazon Web Services Professional, having more than 11 years of experience in AWS and other technologies. Extensively working in various AWS tools like S3, Lambda, API, Kinesis, Load Balancers, EKS, ECS, and many more. Working as a Solution Architect and Technology Lead for Architecting and implementing the same for different clients. He provides expert solutions around the world and especially in countries like the United States, Canada, United Kingdom, Australia, New Zealand, etc. Check out the complete profile on About us.