Now record changes to IAM Users, Groups, Roles and Policies and write Config Rules to check their state
AWS Config continuously records changes to the configuration of your AWS resources and notifies you of these changes through Amazon Simple Notification Service (SNS). Config rules monitor these resources for compliance with desired configurations you specify.
Now, you can record changes to the configuration of your IAM Users, Groups, and Roles, including inline policies associated with them. You can also record attachments of your managed (customer-managed) policies and changes made to them. To enable this capability, check "include global resources" in the AWS Config settings page in the region of your choice, or specifically select IAM resource types from the drop down. Further, you can create AWS Config Rules to ensure these IAM resources possess desired configurations.
To learn more about this launch, read our documentation and visit the AWS Config Console.