Posted On: Feb 16, 2021
AWS Config advanced queries feature now supports the ability to save your queries in your AWS Config account in AWS GovCloud (US) Regions. Now, when you customize a sample query or write your query, you can save it with a name, description, and tags. This reduces the need to save a query in a separate repository or rewrite it every time you want to run it. After you save the query, you can search it, copy it to the query editor, edit it, or delete it.
AWS Config enables you to assess, audit, and evaluate the configuration of your AWS resources. It helps you determine your overall compliance against the configurations specified in your internal policies, industry best practices, and external or regulatory standards. The AWS Config advanced query feature lets you query the current configuration state of your AWS resources based on configuration properties for single account and AWS Region, or multiple accounts and AWS Regions. You can either select one of the sample queries or write your own custom query to retrieve information about your specific use cases. For example, by running one of the sample queries provided in the advanced query feature, you can identify all EBS volumes across your organization that are not attached to any EC2 instance.
You can now save your queries using the AWS Config console or API operations. To get started, log in into your AWS Config console and navigate to Advanced queries. You can choose a sample query or write your own in the query editor. When you are satisfied with the expression, choose the Save query button. Provide a name, description and tags, and then choose Save. These queries are called "custom queries" and are saved along with the sample queries. You can identify them by using the Creator: Custom filter.