Please enable JavaScript.
Coggle requires JavaScript to display documents.
24.280: AWS Config - Coggle Diagram
24.280: AWS Config
Features
Auditing and record Compliance of your AWS resource
Record config and changes over time
Question can be solved by AWS Config
Is there unrestricted SSH access to my security group?
Do my buckets have any public access?
How has my ALB config changed over time?
Can receive alerts (SNS notifications) for any changes
AWS Config is a per-region service
Can be aggregated across regions and accounts
Can store config data into S3 (analyzed by Athena)
Config rules
Can use AWS managed config rules
Can make customer config rule
Rules can be evaluated/triggered
For each config change
And / or: at regular time intervals
AWS Config Rules not prevent actions from happening
No free tier
Remediations
Automate remediation of non-compliant resources using SSM Automation Documents
Use AWS Managed Automation Document or create custom Automation Documents
You can set Remediation Retries if the resource is still non-compliant after auto Remediation
Notifications
Use EventBridge to trigger notification when AWS resource are non-compliant
Send config change and compliance state notification to SNS