16-03 AWS Config

Last updated Aug 17, 2023 Edit Source

AWS Config is a Compliance-as-Code framework that allows us to manage change in your AWS accounts on a per-region basis.

When should you use AWS Config?

• I want this resource to stay configured in a specific way for compliance.
• I want to keep track of configuration changes to resources.
• I want a list of all resources within a region.
• I want to use analyze potential security weaknesses, you need detailed historical information.

Change management in the context of Cloud Infrastructure is when we have a formal process to:

• monitor changes
• enforce changes
• Remediate changes

Compliance as code is when we utilize programming to automate the monitoring, enforcing, and remediating changes to stay compliant with compliance programs or expected configuration.