Posted On: Dec 10, 2015
AWS Config continuously records changes to the configuration of your AWS resources and notifies you of these changes through Amazon Simple Notification Service (SNS). Config rules monitor these resources for compliance with desired configurations you specify.
Now, you can record changes to the configuration of your IAM Users, Groups, and Roles, including inline policies associated with them. You can also record attachments of your managed (customer-managed) policies and changes made to them. To enable this capability, check "include global resources" in the AWS Config settings page in the region of your choice, or specifically select IAM resource types from the drop down. Further, you can create AWS Config Rules to ensure these IAM resources possess desired configurations.