Posted On: Apr 13, 2020
AWS Config now supports multi-account, multi-region advanced query enabling you to run queries across accounts and Regions in AWS GovCloud (US). This feature provides you an easy mechanism to query your entire AWS footprint from a central account and get relevant information about your resources. For example, using this query capability, you can retrieve a list of Amazon Elastic Compute Cloud (Amazon EC2) instances of a particular size, Amazon Elastic Block Store (Amazon EBS) volumes that are not attached to an Amazon EC2 instance, or resources that have encryption disabled. This capability works across accounts, Regions, and organizations in AWS Organizations.
It’s easy to get started with advanced query in the AWS Config console or through APIs. When you enable AWS Config in your account, AWS Config discovers and records your resource configuration state, tags, and relationships. In the AWS Config console, choose Resources, choose Advanced query, and then choose a sample advanced query. You can also write your own advanced query using your own subset of structured query language (SQL) SELECT syntax. In order to run the query on an aggregator, create an aggregator If you have not set up an aggregator before, follow the steps in Setting Up An Aggregator Using the Console. After the aggregator is set up, you can run the advanced query on that aggregator by selecting it under the query scope. You can view the query results and also export the results in CSV or JSON format from the console for offline access.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.