Amazon Web Services (AWS) is a bundled remote computing service that provides cloud computing infrastructure over the Internet with storage, bandwidth and customized support for application programming interfaces (API).
Launched in 2006, AWS is provided by cloud solution concept pioneer Amazon Inc. Amazon’s internal IT resource management built AWS, which expanded and grew into an innovative and cost-effective cloud solution provider.
AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
The quickest way to get started with AWS Config is to use the AWS Management Console. You can turn on AWS Config in a few clicks. For additional details, see the Getting Started documentation.
Data aggregation in AWS Config allows you to aggregate AWS Config data from multiple accounts and regions into a single account. Multi-Account data aggregation is useful for central IT administrators to monitor compliance for multiple AWS accounts in the enterprise.
AWS Config makes it easy to track your resource’s configuration without the need for up-front investments and avoiding the complexity of installing and updating agents for data collection or maintaining large databases. Once you enable AWS Config, you can view continuously updated details of all configuration attributes associated with AWS resources. You are notified via Amazon Simple Notification Service (SNS) of every configuration change.
AWS Config gives you access to resource configuration history. You can relate configuration changes with AWS CloudTrail events that possibly contributed to the change in configuration. This information provides you full visibility, right from details, such as “Who made the change?”, “From what IP address?” to the effect of this change on AWS resources and related resources. You can use this information to generate reports to aid auditing and assessing compliance over a period of time.
A Config Rule represents desired configurations for a resource and is evaluated against configuration changes on the relevant resources, as recorded by AWS Config. The results of evaluating a rule against the configuration of a resource are available on a dashboard. Using Config Rules, you can assess your overall compliance and risk status from a configuration perspective, view compliance trends over time and pinpoint which configuration change caused a resource to drift out of compliance with a rule.
With a full-time job and other commitments, investing 80 hours of study usually takes two months. If you are entirely new to AWS, we recommend approximately 120 hours or three months to prepare.
Yes, you can set up AWS Config to deliver configuration updates from different accounts to one S3 bucket, once the appropriate IAM policies are applied to the S3 bucket. You can also publish notifications to the one SNS Topic, within the same region, once appropriate IAM policies are applied to the SNS Topic.
You can create up to 50 rules in your AWS account by default. Additionally, you can request an increase for the limit on the number of rules in your account by visiting the AWS Service Limits page.