AWS Config is a service that tracks, audits, and evaluates AWS resource configurations to ensure compliance, security, and best practices. It continuously monitors resource changes and maintains a history for governance and troubleshooting.
Key Features of AWS Config
- Continuous Resource Monitoring – Tracks changes in AWS resources (e.g., EC2, S3, IAM, Security Groups).
- Configuration History – Maintains a detailed history of resource configurations over time.
- Compliance Auditing – Compares resource configurations against predefined compliance rules.
- Predefined & Custom Rules – Use AWS-managed rules or define custom rules with AWS Lambda.
- Resource Relationships – Shows dependencies between resources (e.g., which EC2 instance is using a specific security group).
- Automated Remediation – Triggers actions (e.g., enforce security policies, auto-remediate misconfigurations).
- Integration with AWS Security Services – Works with AWS CloudTrail, AWS Security Hub, and AWS Organizations.
- Multi-Account & Multi-Region Support – Monitor compliance across multiple AWS accounts and regions.