What is AWS Config?
AWS Config is a service for continuous assessment, monitoring, and recording of AWS resource configurations. The service creates a complete history of all configuration changes and enables defining compliance rules to ensure your infrastructure meets corporate policies.
Config records how your resources were configured at a specific point in time and how the configuration has changed over time. During security incidents, you can trace which changes were made and when. Config Rules automatically evaluate whether resources comply with defined standards.
Core Features
- Configuration History: Complete recording of all configuration changes for each resource
- Compliance Rules: Over 300 managed rules plus custom rules with Lambda
- Automatic Remediation: Remediation Actions automatically fix non-compliant resources
- Multi-Account Aggregation: Central compliance view across all AWS accounts
- Resource Relationships: Visualization of dependencies between resources
Typical Use Cases
Compliance Audits: Demonstrate during audits that your infrastructure meets compliance requirements. Config automatically documents when which resources were compliant and creates compliance reports for ISO 27001, PCI-DSS, or internal policies.
Security Analysis: Detect configuration changes that pose security risks. Config Rules can check whether S3 buckets are publicly accessible, whether encryption is enabled, or whether security groups are too permissive.
Change Management: Track all changes to your infrastructure over time. When problems occur, you can trace which configuration changes were made at that time.
Benefits
- Continuous compliance monitoring instead of point-in-time audits
- Automatic detection of configuration deviations
- Integration with AWS Organizations for multi-account governance
- Seamless integration with Security Hub for central security overview
Integration with innFactory
As an AWS Reseller, innFactory supports you with AWS Config: setup of Config Rules, definition of compliance baselines, and implementation of automatic remediation workflows.
Typical Use Cases
Frequently Asked Questions
What is AWS Config?
AWS Config is a service that continuously assesses, monitors, and records the configuration of your AWS resources. You get a complete overview of configuration changes and can define compliance rules.
What are AWS Config Rules?
Config Rules are customizable rules that define the desired configuration of your resources. AWS offers over 300 managed rules for common compliance requirements. You can also create custom rules with Lambda functions.
What is the difference between AWS Config and CloudTrail?
AWS CloudTrail logs API calls (who did what when), while AWS Config records the configuration state of your resources (what does the resource look like). Both services complement each other for complete auditing.
Can AWS Config automatically remediate resources?
Yes, with AWS Config Remediation you can define automatic remediation actions for non-compliant resources. Config can execute Systems Manager Automation documents to automatically bring resources into compliant state.