AWS Config is an AWS management service that allows configurations of AWS resources to be monitored. It enforces compliance on AWS resources and their relationships in a specific region. It keeps track of the specified resources and marks a resource as noncompliant if it does not follow the specified rules.
In this Cloud Lab, you’ll learn how to use AWS Config to enforce compliance on EC2 instances and EC2 security groups. You’ll start by creating an IAM role that will allow AWS Config to perform all the required functions. Next, you’ll set up AWS Config to monitor EC2 instances and EC2 security groups in the us-east-1 region. Then, you’ll add the rules that you want to enforce on the specified resources. After setting up the AWS Config, you’ll create noncompliant resources and check how AWS Config responds. You’ll then add remediation actions that will be used to enforce compliance on these resources.
After finishing this Cloud Lab, you’ll be well-equipped to use AWS Config to monitor AWS resources. You’ll also be able to enforce compliance on the noncompliant resources, making sure that no AWS resource violates your organization’s policies.
The following is a high-level architecture diagram of the infrastructure you’ll set up in this Cloud Lab:
