Posted On: Nov 11, 2019

You can now use AWS Config to record configuration changes to AWS Key Management Service (KMS) keys and Amazon Elasticsearch Service domains. You can view the metadata associated with an AWS KMS key and track changes to key policies, tags, and other configuration attributes associated with the AWS KMS key. Similarly, for Amazon Elasticsearch Service domains, you can track configuration changes such as changes to instance type, encryption settings, network configuration, and access policies.

AWS Config will automatically record the history of configuration changes for these resource types, if you have configured AWS Config to record all resource types in your account. You can use this information for operational troubleshooting, configuration audit, and change management. You can also create change-triggered AWS Config rules to help you verify whether these changes comply with your internal governance policies, regulatory standards, or industry best practices on a continuous and real-time basis.

Support for AWS Key Management Service and Amazon Elasticsearch Service is available in all AWS commercial Regions, China Regions, and AWS GovCloud (US). For the full list of supported Regions, see AWS Regions and Endpoints in the AWS General Reference. To learn more about AWS Config, visit the AWS Config webpage. For the full list of services supported by AWS Config, visit the Supported AWS Resources Types webpage.