Config

track & evaluate configuration changes

Overview

A fully managed service that provide AWS resource inventory, configuration history, and configuration change notification to enable security and governance. Helps you ... the configurations.

• Access

• Audit

• Evaluate

Benefits

• Continuous monitoring

• Continuous assessment: if there are non-compliant resources -> SNS / EventBridge

• Change management

• Operational troubleshooting

• Enterprize-wise compliance: multi-account, cross-region support

• 3rd party support:

  • Github repo

  • Microsoft AD

  • On-premises resources

Rules

ec2-instance-no-public-ip

Checks if EC2 instances have a public IP association. The rule is NON_COMPLIANT if the publicIp field is present. The rule applies only to IPv4.

All supported AWS regions except Asia Pacific (Osaka) Region

restricted-ssh

Checks if the incoming SSH traffic for the security groups is accessible.

Concepts

• Conformance pack: is a collection of AWS Config rules and remediation actions that is built using a common framework and packaging model on AWS Config.