Description:
AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items (AWS resources), any configuration changes between resources. It is recommended AWS Config be enabled in all regions.
Rationale:
The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking, and compliance auditing.
It is recommended AWS Config be enabled in all regions.
To implement AWS Config configuration:
From Console:
From Command Line:
aws configservice subscribe --s3-bucket my-config-bucket --sns-topic arn:aws:sns:us-east-1:012345678912:my-config-notice --iam-role arn:aws:iam::012345678912:role/myConfigRole
start-configuration-recorder --configuration-recorder-name