Everyone who uses cloud-based services understands the need for Monitoring. Well, AWS Config helps us in that.
When we talk about cloud monitoring, we are talking about the technologies, policies, and services that help continuously monitor and record configuration changes of your AWS resources.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It allows you to automate the evaluation of recorded configurations against desired configurations.
In this blog, we will discuss Amazon Config and cover topics like:
- What is Amazon Config
- Benefits of AWS Config
- AWS Config Concepts
- How does AWS Config Work?
- Setting Up AWS Config
- Pricing
- AWS Config vs CloudTrail
What is AWS Config?
It is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your AWS resource configurations and allows the user to automate the evaluation of recorded configurations against desired configurations. With this, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management and operational troubleshooting.
Benefits of AWS Config
- Security Analysis & Resource Administration – It allows continuous monitoring and oversight of resource configurations, as well as assisting you in evaluating them for any misconfigurations that could lead to security vulnerabilities or weaknesses.
- Continuous monitoring – It allows you to monitor and record configuration changes to your AWS resources in real-time. At any time, it allows you to inventory your AWS resources, their configurations, and software configurations within EC2 instances. An Amazon Simple Notification Service (SNS) notification can be sent to you after a change from a prior state is detected for you to review and act on.
- Continuous assessment – It allows you to audit and analyse the overall compliance of your AWS resource configurations with your organization’s policies and standards on a continual basis. Config allows you to specify rules for creating and configuring Amazon Web Services services. These rules can be delivered individually or in a pack (known as a conformance pack) with compliance remediation actions that can be implemented throughout your whole business with a single click.
- Change management – Before making changes, you can use Config to track resource relationships and examine resource dependencies. You can rapidly check the history of the resource’s configuration once a change occurs and determine what the resource’s configuration looked like at any point in time. It provides you with information to assess how a change to a resource configuration would affect your other resources, which minimizes the impact of change-related incidents.
- Enterprise-wide compliance monitoring – With multi-account, multi-region data aggregation in Config, you can view compliance status across your enterprise and identify non-compliant accounts. You can dive deeper to view the status for a specific region or a specific account across regions. You can view this data from the Config console in a central account, removing the need to retrieve this information individually from each account and each region.
AWS Config Concepts
- AWS Resources
- AWS Resources are entities created and managed for eg. EC2 instances, Security groups
- AWS Config Rules
- Config Rules aid in the definition of required resource or account configuration parameters.
- It monitors resource configuration changes against the rules and flags them as non-compliant if they are not followed.
- Resource Relationship
- It finds the account’s AWS resources and then produces a map of relationships between them, for example, An EC2 instance is linked to an EBS volume.
- Configuration Items
- A configuration item represents a point-in-time view of the supported AWS resource
- Components of a configuration item include metadata, attributes, relationships, current configuration and related events.
- Configuration Snapshot
- A configuration snapshot is a collection of the configuration items for your account’s supported resources.
- Configuration History
- A configuration history is a collection of the configuration items for a given resource over any time period
- Configuration Stream
- Config’s Configuration Stream is an automatically updated collection of all configuration items for the resources recorded by Config.
- Configuration Recorder
- It records the configurations of the supported resources in your account are saved as configuration items in the Configuration Recorder.
- A configuration recorder needs to be created and started for recording.
How AWS Config Work?
You can use the AWS Management Console to get started with AWS Config to do the following:
- Specify the resource types you want Config to record.
- Set up Amazon SNS to notify you of configuration changes.
- Specify an Amazon S3 bucket to receive configuration information.
- Add AWS Config managed rules to evaluate the resource types.
Setting Up AWS Config
It provides a detailed view of the resources associated with your AWS account, including how they are configured, how they are related to one another, and how the configurations and their relationships have changed over time.
Step 1. Open your AWS Console
Step 2. Search and select Config from the panel
Step 3. Click on Get Started
Step 4. Note: If you are creating config first time you can follow the steps mentioned below else click on settings from the left-hand side navigation panel then proceed with the steps
To get the records of the resources running in your account click on the record specific resource types
Step 5. Under Resource, category Select AWS resources than search for EC2 Instance. Also, select Create AWS Config service-linked role
Step 6. For Amazon S3 Bucket, choose the Amazon S3 bucket to which Config sends configuration history and configuration snapshot files:
Create a new bucket àFor Bucket Name, type a name for your Amazon S3 bucket. Example – k212021demo
Click on Next
Note: The name that you type must be unique across all existing bucket names in Amazon S3. One way to help ensure uniqueness is to include a prefix; for example, the name of your organization. You can’t change the bucket name after it is created.
You have successfully set up the Config.
Pricing
You are charged based on the number of configuration items recorded and on the number of Config rules evaluations recorded, instead of the number of active rules in your account per region. You pay $0.003 per configuration item recorded in your AWS account per AWS Region.
AWS Config vs CloudTrail
- Config reports on WHAT has changed, whereas CloudTrail reports on WHO made the change, WHEN, and from WHICH location.
- Config focuses on the configuration of the AWS resources and reports with detailed snapshots on HOW the resources have changed, whereas CloudTrail focuses on the events, or API calls, that drive those changes. It focuses on the user, application, and activity performed on the system.
Related Links/References:
- AWS Certified Solutions Architect Associate SAA-CO2
- Overview of Amazon Web Services & Concepts
- How to create a free tier account in AWS
- AWS Certified Solutions Architect Associate SAA-CO2
- Amazon Elastic File System User guide
Next Task For You
Begin your journey towards becoming an AWS Certified Solutions Architect Associate SAA-CO2 by checking our FREE LIVE CLASS.
Click on the below image to download our FREE Live CLASS
The post AWS Config: Overview, Benefits, and How to Get Started? appeared first on Cloud Training Program.