Now evaluate AWS Config Rules on demand, trigger rules on both configuration changes and periodic frequency, delete evaluation results, and assess a broad set of resources

Posted on: Jul 25, 2016

AWS Config is a fully managed service that continuously records configurations changes to your resources in AWS and notifies you when your resources change. With AWS Config Rules, you can define guidelines for provisioning and configuring AWS resources and then continuously monitor compliance with those guidelines. 

You can now re-evaluate your Config rules manually to verify that your rules are assessing your resources correctly. This capability is helpful in identifying issues with the logic in your Config rule. After you update your Config rule, you can simply re-evaluate the rule and check the results for correctness. Additionally, you can delete evaluation results to clear out evaluations that are incorrectly reported. When you create custom Config rules, you can now choose to trigger your rules on both configurations changes and periodic frequency. For example, if want to validate whether all your AWS Identity and Access Management (IAM) users are rotating access keys regularly, you can do so by evaluating your rule on configurations changes to IAM users and also every 24 hours. This way, even if an IAM user doesn’t undergo any configuration changes, it will still be evaluated for compliance every 24 hours. 

Earlier, you could report back evaluation results for your AWS account or for resources recorded by Config. With this launch, you can now evaluate a broader set of resources, including resources that are not yet recorded by Config. You’ll get notifications whenever the compliance states of your resources change and gain access to a dashboard for tracking compliance of your resources. Once AWS Config starts tracking configuration changes for resources that are not currently recorded, you’ll also get access to the configuration history of such resources.

To start using these new capabilities, visit the AWS Config console or download the latest AWS SDK or CLI. Refer our documentation to learn more about this launch.