AWS Config Flashcards
What is AWS Config?
is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources
Where can you store AWS Config’s configuration data?
into S3 (analyzed by Athena)
What questions can be solved by AWS config?
- Is there unrestricted SSH access to my security groups?
- Do my buckets have any public access?
- How has my ALB configuration changed over time?
What can you view on AWS Config?
- compliance of a resource over time
- configuration of a resource over time
How can you know who did something in AWS Config?
Viewing CloudTrail API calls if enabled
What is made of AWS Config?
Config Rules, managed (75) or customized
How can you define a custom config rule?
using Lambda
When can AWS Rules be evaluated or triggered?
for each configuration change and/or at regular time intervals
What can you do if an AWS Rule is non-compliant?
trigger CloudWatch Events chaining with Lambda
Can you deal with not compliant AWS Rules?
Yes:
• If a resource is not compliant, you can trigger an auto remediation
• Ex: stop instances with non-approved tags
How can you prevent actions from happening using AWS Config Rules?
you can’t
Are AWS Rules free tier?
no, $2 per active rule per region per month
