AWS Config is a robust service designed to audit and record compliance and configuration changes of AWS resources. It enables users to establish rules for monitoring and alerts on configuration changes, enhancing security and compliance management. Below is a structured summary of the key aspects discussed about AWS Config:

Key Features of AWS Config

• Audit and Compliance Recording: Tracks the configuration and compliance of AWS resources.
• Configuration Change Management: Records changes over time, aiding in rollback and troubleshooting.
• Rule-Based Monitoring: Utilizes both AWS-managed and custom rules to monitor resource configurations.
• Notifications and Alerts: Sends alerts or SNS notifications for any changes based on rule compliance.
• Region-Specific with Aggregation: Works on a per-region basis but allows data aggregation across regions and accounts.
• Integration with Other Services: Can store configurations for analysis by services like Athena and integrate with CloudTrail for detailed activity tracking.

Config Rules

• AWS Managed Config Rules: Over 75 predefined rules available for common monitoring needs.
• Custom Config Rules: Users can define their own rules using Lambda functions to evaluate specific conditions.
• Evaluation Triggers: Rules can be evaluated on configuration changes or at regular intervals.

Pricing

• Configuration Items: $0.003 per item recorded per region.
• Config Rule Evaluations: $0.001 per rule evaluation per region.

Compliance and Remediation

• Compliance Over Time: Tracks and views the compliance status of resources historically.
• Non-compliant Resource Remediation: Utilizes SSM Automation Documents for remediation actions.
• Automated and Scripted Remediations: Supports both AWS-managed and custom automation documents, including Lambda functions for flexible remediation strategies.
• Retries for Remediation: Allows for retrying remediation actions up to five times if resources remain non-compliant.