April 25, 2020 / Eternal Team
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. This can be especially true for organizations that have large AWS deployments or have multiple AWS administrators. The AWS Config can help you keep track of what is going on in the AWS cloud accounts.
It is a fully managed service, and it works by continuously recording resources configurations to a chosen S3 bucket .You can look at detailed configuration history, review these configuration changes, and, most importantly, respond to anything that is not matching the predefined rules. Whatever your compliance standards or security requirements might be, AWS Config can be of great use to you.
More about AWS Config pricing.
How to set up the AWS Config service?
1. First select the Config service console.
2. Next select the rules interface and filter on instance to reduce the set of choices.
Example of how the Config service can be used to confirm that only a limited set of instance types are running.
3. The next step is to select the resource types that you want to be checked for compliance. EC2: Instance has already been set by the template. Associated with that are the Instance Type values that match your needs. For this example we are using the value m3.medium,t2.micro,t2.nano.
4. Save to create the new rule. The list of existing rules will then appear.
5. Select the new rule to see the details and confirm that they match what you think they are.
6. After the instance is successfully launched the Config service should be automatically triggered and a Noncompliant report status should appear.
(Manage resource can also be selected to get to the instance information)
7. Once you confirm that the instance out of compliance entry is the new one then terminate it by whatever method you are most comfortable with.
8. Note that terminating instances also qualifies as a configuration change so the Config service rules will run again. The result should be that everything is once again in compliance.
AWS Config provides a simple way for your cloud environment to stay secure and compliant. It is a powerful tool that should be considered by every business running on Amazon’s cloud.