AWS Config | Resource Configuration Flashcards
What regions is AWS Config available in?
Resource Configuration
AWS Config | Management Tools
For details on the regions where AWS Config is available, please visit this page:
http://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
What is a configuration item?
Resource Configuration
AWS Config | Management Tools
A Configuration Item (CI) is the configuration of a resource at a given point-in-time. A CI consists of 5 sections:
Basic information about the resource that is common across different resource types (e.g., Amazon Resource Names, tags),
Configuration data specific to the resource (e.g., EC2 instance type),
Map of relationships with other resources (e.g., EC2::Volume vol-3434df43 is “attached to instance” EC2 Instance i-3432ee3a),
AWS CloudTrail event IDs that are related to this state,
Metadata that helps you identify information about the CI, such as the version of this CI, and when this CI was captured.
Learn more about configuration items
What are AWS Config relationships and how are they used?
Resource Configuration
AWS Config | Management Tools
AWS Config takes the relationships among resources into account when recording changes. For example, if a new Amazon EC2 Security Group is associated with an Amazon EC2 Instance, AWS Config records the updated configurations of both the primary resource, the Amazon EC2 Security Group, and related resources, such as the Amazon EC2 Instance, if these resources actually changed.
Does AWS Config record every state a resource has been in?
Resource Configuration
AWS Config | Management Tools
AWS Config detects change to resource’s configuration and records the configuration state that resulted from that change. In cases where several configuration changes are made to a resource in quick succession (e.g. within a span of few minutes), Config will only record the latest configuration of that resource that represents cumulative impact of the set of changes. In these situations, Config will only list the latest change in the relatedEvents field of the Configuration Item.This allows users and programs to continue to change infrastructure configurations without having to wait for Config to record intermediate transient states.
Does AWS Config record configuration changes that did not result from API activity on that resource?
Resource Configuration
AWS Config | Management Tools
Yes, AWS Config will regularly scan configuration of resources for changes that haven’t yet been recorded and record these changes. CIs recorded from these scans will not have a relatedEvent field in the payload, and only the latest state that is different from state already recorded is picked up.
Does AWS Config record configuration changes to software within EC2 instances?
Resource Configuration
AWS Config | Management Tools
Yes. AWS Config enables you to record configuration changes to software within EC2 instances in your AWS account and also virtual machines (VMs), or servers in your on-premises environment. The configuration information recorded by AWS Config includes Operating System updates, network configuration, installed applications, etc. You can evaluate whether your instances, VMs, and servers are in compliance with your guidelines using AWS Config Rules. The deep visibility and continuous monitoring capabilities provided by AWS Config allow you to assess compliance and troubleshoot operational issues.
Does AWS Config continue to send notifications if a resource that was previously non-compliant is still non-compliant after a periodic rule evaluation? AWS Config sends notifications only when the compliance status changes. If a resource was previously non-compliant and is still non-compliant, Config will not send a new notification. If the compliance status changes to “compliant”, you will receive a notification for the change in status.
Resource Configuration
AWS Config | Management Tools