AWS Config Update – More Regions, Friendly Notifications, Partner Support

AWS Config lets you track changes to your AWS resources over time (read my AWS re:Invent post, Track AWS Resource Configurations With AWS Config for more information, and my AWS Config Update for a walk-through).

Today we are making AWS Config available in five additional AWS regions. We are also making Config’s email notification messages a bit more user (and email filter) friendly. Finally, I have some news from Japan — our partner LogStorage now supports AWS Config with their Integrated Log Management application.

More Regions
AWS Config is now available in a total of nine AWS regions. Here’s the full lineup:

• US East (N. Virginia)
• Europe (Ireland)
• Asia Pacific (Sydney)
• US West (Oregon)
• Asia Pacific (Tokyo) – New
• US West (N. California) – New
• Asia Pacific (Singapore) – New
• South America (São Paulo) – New
• Europe (Frankfurt) – New

Improved Notifications
AWS Config delivers a notification to Amazon Simple Notification Service (Amazon SNS) each time that it detects a configuration change for a supported AWS resource. You can choose to create an email subscription in order to receive timely notification of these changes:

We recently (March 27, 2015) improved the email messages in order to make them more readable and to make them easier to filter and process from within your email client. The subject line now includes the region, resource type, resource id, change type (create, update, or delete), and AWS account id. The email message also displays the updated fields in a easy to view format. The email is still in JSON, so you can also use it programmatically:

We have also given you the ability to disable SNS notifications entirely.

To learn more about this handy new feature, read Example Amazon SNS Notification and Email from AWS Config in the AWS Config Developer Guide.

Support from LogStorage
The integrated log management application from AWS partner LogStorage now supports AWS Config. Of particular note is the ability to search on individual fields of the notification and to set alerts that are driven by the results. For example, you can easily watch for configuration changes that involve all of your EC2 instances which use a particular AMI. You can also detect when EC2 instances are launched and do not use a set of pre-approved AMIs; this allows you to easily detect usage that is not in accord with your internal standards and practices. Here is what it looks like:

You can also display a diagram of your AWS resources and explore the relationships (as reported by AWS Config) between them:

For more information about this product, read Welcome to Logstorage.

— Jeff;