Monday, May 9, 2022

AWS Config to Rescue

 AWS Config is a service for assessment, audit, and evaluation of the configuration of resources in your account. You can monitor and review changes in resource configuration using automation against a desired configuration. The newly expanded set of types includes resources from Amazon SageMaker, Elastic Load Balancing, AWS Batch, AWS Step Functions, AWS Identity and Access Management (IAM), and more.

AWS Config continually assesses, audits, and evaluates the configurations and relationships of your resources.

Discover resources that exist in your account, record their configurations, and capture any changes, allowing you to quickly troubleshoot operational issues. Codify your compliance requirements as AWS Config rules and author remediation actions, automating the assessment of your resource configurations across your organization. Evaluate resource configurations for potential vulnerabilities, and review your configuration history after potential incidents to examine your security posture.

AWS Config enables you to record software configuration changes within your Amazon EC2 instances and servers running on-premises, as well as servers and Virtual Machines in environments provided by other cloud providers. With AWS Config, you gain visibility into operating system (OS) configurations, system-level updates, installed applications, network configuration and more. AWS Config also provides a history of OS and system-level configuration changes alongside infrastructure configuration changes recorded for EC2 instances.

AWS Config provides you with pre-built rules for evaluating provisioning and configuring of your AWS resources as well as software within managed instances, including Amazon EC2 instances and servers running on-premises. You can customize pre-built rules to evaluate your AWS resource configurations and configuration changes, or create your own custom rules in AWS Lambda that define your internal best practices and guidelines for resource configurations. Using AWS Config, you can assess your resource configurations and resource changes for compliance against the built-in or custom rules.

Conformance packs also provide compliance scores. A compliance score is a percentage-based score that helps you quickly discern the level to which your resources are compliant for a set of requirements that are captured within the scope of a conformance pack. A compliance score is calculated based on the number of rule-to-resource combinations that are compliant within the scope of a conformance pack. For example, a conformance pack with 5 rules applying to 5 resources has 25 (5x5) possible rule-resource combinations. If 2 resources are not compliant with 2 rules, the compliance score would be 84%, indicating that 21 out of 25 rule-resource combinations are currently in compliance. 

No comments: