AWS Config
Learn about Config, an essential AWS service.
We'll cover the following...
AWS Config
AWS Config is a fully managed service that can help assess, audit, and evaluate the configuration of resources in an AWS account. It provides a detailed view of resources and the ability to monitor them continuously.
Your manager wants to check if unrestricted SSH access exists in any of the security groups in an account. You can create an AWS Config rule to monitor all security groups for unrestricted SSH access. Whenever this rule finds a security group with unrestricted SSH access, it’ll be flagged as NON_COMPLIANT
.
AWS Config can help us evaluate all kinds of situations:
- Check whether ACM certificates in an account are marked for expiration within the specified days.
- Check if ASGs associated with load balancers use ELB health checks, not instance checks.
- Check whether AWS CloudTrail trails are configured to send logs to CloudWatch