Posted On: Dec 22, 2020
AWS Config advanced queries feature adds ability to save your queries in your AWS Config account. Now, when you customize a sample query or write your query, you can save it with a name, description, and tags. This eliminates the need to save a query in a separate repository or rewrite it every time you want to run it. After you save the query, you can search it, copy it to the query editor, edit it, or delete it.
AWS Config enables you to assess, audit, and evaluate the configuration of your AWS resources. It helps you determine your overall compliance against the configurations specified in your internal policies, industry best practices, and external or regulatory standards. The AWS Config advanced query feature lets you query the current configuration state of your AWS resources based on configuration properties for single account and AWS Region, or multiple accounts and AWS Regions. You can either select one of the sample queries or write your own custom query to retrieve information about your specific use cases. For example, by running one of the sample queries provided in the advanced query feature, you can identify all EBS volumes across your organization that are not attached to any EC2 instance.
You can now save your queries using the AWS Config console or APIs. To get started, login into your AWS Config console and navigate to Advanced queries. You can choose a sample query or write your own in the query editor. When you are satisfied with the expression, choose the Save query button. Provide a name, description and tags, and then choose Save. These queries are called "custom queries" and are saved along with the sample queries. You can identify them by using the Creator: Custom filter.
The advanced query feature is available at no additional cost to AWS Config customers in the AWS Regions listed here. For more information about AWS Config and the advanced query feature, see the AWS Config webpage and the AWS Config Developer Guide.