Now You Can Query Based on Resource Configuration Properties in AWS Config
AWS Config now gives you the ability to run advanced queries based on resource configuration properties, making it easier to assess your resource configurations to help you meet compliance, cost, auditing, and security requirements. For example, using this query capability, you can retrieve a list of Amazon EC2 instances of a particular size, Amazon EBS volumes that are not attached to an Amazon EC2 instance, or resources that have encryption disabled.
This capability, called advanced query, provides a single endpoint to query resource configuration, relationships, and tags across all services that AWS Config supports. This means that you don’t have to execute individual describe API calls across each service endpoint to retrieve this information, resulting in operational efficiencies and improved user experience.
It’s easy to get started with advanced query in the AWS Config console or through APIs. When you enable AWS Config in your account, AWS Config discovers and records your resource configuration state, tags, and relationships. In the AWS Config console, under Resources>Advanced query, choose a sample advanced query you want to run, or write your own using a subset of structured query language (SQL) SELECT syntax.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Advanced query is available at no additional cost to AWS Config customers in all AWS public Regions (except China regions) and AWS GovCloud (US). For the full list of supported Regions, see AWS Regions and Endpoints in the AWS General Reference.
To learn more about AWS Config and advanced query, visit the AWS Config webpage and the AWS Config Developer Guide.