AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules,and dive in to configuration details of are source at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
You will find the “Config” service under Management Tools.
When you navigate to Config for the first time,it’ll ask you to setup the AWS config.Here is the steps to configure the AWS config.
Choose what resource types to record with AWS config.
a. YoucanchoosealltheresourcesinSelectedregionandevenyoucanchooseglobal resources i.e; S3,IAM
Choose the S3 bucket to store all the logs for the AWS Config.You can opt to create a new bucket or choose an existing bucket.
Choose an SNS topic to get notification and create an IAM role to perform the tasks on- behalf of us then click on“Next”
If you want to monitor any specific rule,you can select,otherwise you can choose or skip it.
Review and click on confirm to complete the AWS config service setup.
Here is the Config service dashboard,you can choose the specific service and get the details about the changes,events happened
Let me navigate to S3 bucket to verify the logs,Log path looks similar to Cloud Trail path.
We can see the below details with AWS Config service:
- Resource Type
- Resource ID
a. Configuration Details
c. Changesd. Cloud Trail Events
More Information :https://www.fgrade.com/aws/amazon-kinesis/