Config

Introduction

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines.

AWS Config helps accelerate compliance with governance frameworks such as PCI DSS, SOC 2, SOC 3, and others.

In this lab, we will enforce compliance by creating AWS Config rules, and create State Manager associations that ensure we have complied with a given security requirement. The rules created here are only a small sample of those that AWS provides as managed rules. For a complete list of managed rules see here.

Important Note

AWS routinely updates our console experience, so it is possible that the screenshots and guidance provided in these labs may differ slightly from what you experience.

Labs

Setup

Config Rules

Conformance Packs