AWS Config

AWS Config is a fully managed service that provides you with resource inventory, configuration history, and configuration change notifications for security and governance. With AWS Config, you can discover existing AWS resources, record configurations for third-party resources, export a complete inventory of your resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities use compliance auditing, security analysis, resource change tracking, and troubleshooting. AWS Config is designed to help you oversee your application resources in the following scenarios:

1. Resource Administration: AWS Config provides visibility into resource configurations and automatically notifies you of resource changes, helping detect misconfigurations and evaluate compliance through AWS Config rules.
2. Auditing and Compliance: AWS Config enables compliance demonstration by providing historical configuration data of your AWS resources.
3. Managing and Troubleshooting Configuration Changes: AWS Config helps assess the impact of configuration changes by showing resource relationships and provides historical configurations for troubleshooting.
4. Security Analysis: AWS Config allows you to review historical IAM permissions and security group configurations to analyze potential security vulnerabilities.
5. Partner Solutions: AWS Config integrates with third-party logging and analysis specialists to provide enhanced solutions for resource management.

In the following sections we will outline some of the best practices for AWS Config.