Assess, audit, and evaluate configurations of your resources Show
How it worksAWS Config continually assesses, audits, and evaluates the configurations and relationships of your resources.
Enforce compliance with AWS Config (7:51) Enforce compliance with AWS Config In this video, find out how to create rules in AWS Config, evaluate AWS resources, and enforce compliance. Use casesDeploy a compliance-as-code frameworkCodify your compliance requirements as AWS Config rules and author remediation actions, automating the assessment of your resource configurations across your organization. Learn more about compliance as code » Continually audit security monitoring and analysisEvaluate resource configurations for potential vulnerabilities, and review your configuration history after potential incidents to examine your security posture. Learn more about vulnerability assessments » CustomersHow to get startedLearn more about AWS Config featuresExplore the resource tracking capabilities of AWS Config. Try AWS Config for freeSign up for an AWS account and start using AWS Config. Dive deeper on AWS ConfigLearn more about how AWS Config works. Explore more of AWSAWS support for Internet Explorer ends on 07/31/2022. Supported browsers are Chrome, Firefox, Edge, and Safari. Learn more » AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time. An AWS resource is an entity you can work with in AWS, such as an Amazon Elastic Compute Cloud (EC2) instance, an Amazon Elastic Block Store (EBS) volume, a security group, or an Amazon Virtual Private Cloud (VPC). For a complete list of AWS resources supported by AWS Config, see Supported Resource Types. FeaturesWhen you set up AWS Config, you can complete the following: Resource management
Rules and conformance packs
Aggregators
Advanced queries
Ways to Use AWS ConfigWhen you run your applications on AWS, you usually use AWS resources, which you must create and manage collectively. As the demand for your application keeps growing, so does your need to keep track of your AWS resources. AWS Config is designed to help you oversee your application resources in the following scenarios: Resource AdministrationTo exercise better governance over your resource configurations and to detect resource misconfigurations, you need fine-grained visibility into what resources exist and how these resources are configured at any time. You can use AWS Config to notify you whenever resources are created, modified, or deleted without having to monitor these changes by polling the calls made to each resource. You can use AWS Config rules to evaluate the configuration settings of your AWS resources. When AWS Config detects that a resource violates the conditions in one of your rules, AWS Config flags the resource as noncompliant and sends a notification. AWS Config continuously evaluates your resources as they are created, changed, or deleted. Auditing and ComplianceYou might be working with data that requires frequent audits to ensure compliance with internal policies and best practices. To demonstrate compliance, you need access to the historical configurations of your resources. This information is provided by AWS Config. Managing and Troubleshooting Configuration ChangesWhen you use multiple AWS resources that depend on one another, a change in the configuration of one resource might have unintended consequences on related resources. With AWS Config, you can view how the resource you intend to modify is related to other resources and assess the impact of your change. You can also use the historical configurations of your resources provided by AWS Config to troubleshoot issues and to access the last known good configuration of a problem resource. Security AnalysisTo analyze potential security weaknesses, you need detailed historical information about your AWS resource configurations, such as the AWS Identity and Access Management (IAM) permissions that are granted to your users, or the Amazon EC2 security group rules that control access to your resources. You can use AWS Config to view the IAM policy that was assigned to an IAM user, group, or role at any time in which AWS Config was recording. This information can help you determine the permissions that belonged to a user at a specific time: for example, you can view whether the user You can also use AWS Config to view the configuration of your EC2 security groups, including the port rules that were open at a specific time. This information can help you determine whether a security group blocked incoming TCP traffic to a specific port. Which AWS service can be used to track resource changes?You can use AWS CloudTrail to track which users are changing your AWS resources and infrastructure. CloudTrail is turned on by default for your AWS account. For an ongoing record of events in your AWS account, create a trail.
Which of the following AWS service can be used for compliance including tracking resource changes?AWS CloudTrail
The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
Which AWS service is used to track record and audit configuration changes made to AWS resources?AWS Config continually assesses, audits, and evaluates the configurations and relationships of your resources.
Which AWS service can be used to meet the compliance requirements?AWS Artifact – AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS's security and compliance reports and select online agreements.
|