Posted On: Mar 2, 2020
AWS Config launched advanced query last year, which makes it easy to query the resource configuration properties of your AWS resources for audit, compliance, or operational troubleshooting using simple SQL-like queries. With today’s launch, you can now use advanced query with configuration aggregators, enabling you to run the same queries across accounts and Regions. This provides you an easy mechanism to query your entire AWS footprint from a central account and get relevant information about your resources. For example, using this query capability, you can retrieve a list of Amazon Elastic Compute Cloud (Amazon EC2) instances of a particular size, Amazon Elastic Block Store (Amazon EBS) volumes that are not attached to an Amazon EC2 instance, or resources that have encryption disabled. This capability works across accounts, Regions, and organizations in AWS Organizations.
It’s easy to get started with advanced query in the AWS Config console or through APIs. When you enable AWS Config in your account, AWS Config discovers and records your resource configuration state, tags, and relationships. In the AWS Config console, under Resources>Advanced query, choose a sample advanced query you want to run, or write your own using a subset of structured query language (SQL) SELECT syntax. In order to run the query on an aggregator, create an aggregator. If you have not set up an aggregator before, follow the steps in Setting Up An Aggregator Using the Console. After the aggregator is set up, you can run the advanced query on that aggregator by selecting it under the query scope. You can view the query results and also export the results in CSV or JSON format on the console for offline access.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Multi-account, multi-region support for advanced query is available at no additional cost to AWS Config customers in these Regions: Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), South America (São Paulo), US East (N. Virginia), US East (Ohio), US West (N. California) and US West (Oregon). To learn more about AWS Config and advanced query, visit the AWS Config webpage and the AWS Config Developer Guide.