AWS Config simplifies compliance auditing, security analysis, change management, and operational troubleshooting by continuously recording and evaluating your AWS resource configurations. With Config, you are able to inventory your AWS resources, review changes in configurations and relationships between your AWS resources, and dive into detailed resource configuration histories. Config allows you to define your desired resource configurations, internal best practices, and guidelines with customizable rules and evaluate your recorded configurations against these rules.

Get Started with AWS for Free

Create a Free Account
Or Sign In to the Console

Receive twelve months of access to the AWS Free Usage Tier and enjoy AWS Basic Support features including, 24x7x365 customer service, support forums, and more.

Configurable and Customizable Rules

AWS Config provides you with pre-built rules for evaluating provisioning and configuring of your AWS resources as well as software within managed instances, including Amazon EC2 instances and servers running on-premises. You can customize pre-built rules to evaluate your AWS resource configurations and configuration changes, or create your own custom rules in AWS Lambda that define your internal best practices and guidelines for resource configurations. Using Config, you can assess your resource configurations and resource changes for compliance against the built-in or custom rules.

Configuration History of AWS Resources

AWS Config records details of changes to your AWS resources to provide you with a configuration history. You can use the AWS Management Console, API, or CLI to obtain details of what a resource’s configuration looked like at any point in the past. Config will also automatically deliver a configuration history file to the Amazon S3 bucket you specify.

 

 

Configuration History of Software

AWS Config enables you to record software configuration changes within your Amazon EC2 instances and servers running on-premises, as well as servers and Virtual Machines in environments provided by other cloud providers. With Config, you gain visibility into operating system (OS) configurations, system-level updates, installed applications, network configuration and more. Config also provides a history of OS and system-level configuration changes alongside infrastructure configuration changes recorded for EC2 instances.

Configuration Snapshots

AWS Config can provide you with a configuration snapshot - a point-in-time capture of all your resources and their configurations. Configuration snapshots are generated on demand via the AWS CLI or API and delivered to the Amazon S3 bucket you specify.

Resource Relationships Tracking

AWS Config discovers, maps and tracks AWS resource relationships in your account. For example, if a new Amazon EC2 security group is associated with an Amazon EC2 instance, Config records the updated configurations of both the Amazon EC2 security group and the Amazon EC2 instance.


 

Cloud Governance Dashboard

AWS Config provides you a visual dashboard to help you quickly spot non-compliant resources and take appropriate action. IT Administrators, Security Experts, and Compliance Officers can see a shared view of your AWS resources compliance posture.

 

 

Ecosystem of Partner Solutions

You can choose from numerous AWS Partner Network (APN) partners who provide solutions that integrate with AWS Config for resource discovery, change management, compliance or security. To learn more about Config partner ecosystem, visit here.

 

 

Configurable and Customizable Rules

AWS Config integrates with AWS CloudTrail to correlate configuration changes to particular events in your account. You can use the CloudTrail logs to obtain the details of the event that invoked the change, including who made the request, at what time, and from which IP address. You can navigate to the Config timeline from the AWS CloudTrail console to view the configuration changes related to your AWS API activities. To learn more about this feature, read our documentation here.

Configurable and Customizable Rules

AWS Config integrates with Amazon EC2 Systems Manager to record configuration changes to software on your Amazon EC2 instances and servers in your on-premises environment. With this integration, you can gain visibility into operating system (OS) configurations, system-level updates, installed applications, network configuration, and more. Config also provides a history of OS and system-level configuration changes alongside infrastructure configuration changes recorded for EC2 instances. You can navigate to the Config timeline from the EC2 Systems Manager console to view the configuration changes of your managed EC2 instances.

Configurable and Customizable Rules

AWS Config integrates with Amazon EC2 Dedicated Hosts to assess license compliance. Config records when instances are launched, stopped, or terminated on a Dedicated Host, and pairs this information with host and instance level information relevant to software licensing, such as Host ID, Amazon Machine Image (AMI) IDs, number of sockets and physical cores. This enables you to use Config as a data source for your license reporting. You can navigate to the Config timeline from the Amazon EC2 Dedicated Hosts console to view the configuration changes of your Amazon EC2 Dedicated Hosts.

Configurable and Customizable Rules

AWS Config integrates with Elastic Load Balancing (ELB) service to record configuration changes to Application Load Balancers. Config also includes relationships with associated EC2 security groups, VPCs, and subnets. You can use this information for security analysis and troubleshooting. For example, you can check which security groups are associated with your application load balancer at any point in time. You can navigate to the Config timeline from the ELB console to view the configuration changes of your Application Load Balancers.