AWS Cloud Operations & Migrations Blog

AWS Config: A Year in Review 2017

It’s been another exciting year for AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. We have expanded our regional availability, added support for new resource types, introduced new managed Config rules, and introduced a dashboard view of your resource configuration and compliance. In this post, I recap some of this year’s announcements and provide links to additional resources.

Regional expansion: With the addition of the South America (São Paulo), Canada (Central), Asia Pacific (Mumbai), and Europe (London) Regions, AWS Config now supports Config rules in all 17 public AWS Regions and in AWS GovCloud (US). For the complete list of regions where Config and Config rules are available, see the AWS Config section under AWS Regions and Endpoints.

New resource types: We have added support for eight new services in 2017. You can now record configuration changes from the following:

New managed rules: AWS Config allows you to enable rules to evaluate whether your AWS resources comply with common best practices. In 2017, we added support for nine new rules, bringing the total to 47. Two of the rules that we announced during the AWS NY Summit allow you to secure your Amazon S3 buckets. The rules check your S3 buckets for unrestricted public write access or unrestricted public read access. They are backed by a new semantic-based automated reasoning engine, which returns a compliance decision.

Notable features: In 2017, we released ready-to-use AWS CloudFormation templates for all managed rules and added support for a test mode to check the functionality of custom Config rules. Using the test mode, you can safely check whether your custom Config rules are correctly reporting evaluation results for your resources without sending evaluation results to Config and incurring charges.

We also introduced an AWS Config dashboard that allows you to view the total number of resources being recorded in your account and the count of resources by type to easily access the configuration history of a resource. With a Config dashboard, you can also quickly spot the number of resources that are non-compliant with your Config rules in each region, view the Config rules with the most non-compliant resources, and drill down to view the resources that are non-compliant with a particular Config rule.

For the complete list of 2017 AWS Config announcements, see What’s New from AWS Config. To view Config documentation, click here.

Individual announcements for the releases noted in this post are listed below.

Regional expansion:

New resource types:

New managed rules:

Notable features:

The AWS Config team is excited about 2018 and is looking forward to continually adding new functionality. To learn more about Config features, see the AWS Config page.