It’s not hard to see that Amazon Web Services (AWS), a cloud-based service, is highly flexible and dynamic. Although this flexibility can be extremely beneficial, it also comes with its fair share of management challenges.
For example, it can be difficult to keep track of any changes made to cloud resources. This is especially true for large AWS deployments and multiple AWS administrators.
AWS Config is a tool that allows you to keep track of everything in the AWS cloud.
AWS Config can be used for many purposes. You can create rules using AWS Lambda and then use AWS Config for checking the compliance status of your AWS resources. You can even use the dashboard to monitor compliance. AWS Config is a basic resource monitoring tool that I will be focusing on for the purposes of this column.
Open the AWS console, and then go to the AWS Configur page. After logging in, click on the Get started button. This will bring up the Settings page. You will need to enter four pieces of information on this screen (see Figure 1).
[Click on the image to see a larger version.] Figure 1: This screen is the AWS Configur Settings screen. First, you’ll need to select the resources you wish to monitor. AWS Config will automatically record configuration changes to resources within your region. However, you can also monitor global resources. You can also specify the types of resources you wish to monitor.
The name of an Amazon S3 storage container is the second piece of information you will need to provide. AWS Config writes configuration snapshots and configuration history data to an S3 bucket. You will need to tell AWS which bucket you want.
The Amazon SNS Topic is the third piece of information you need to provide on the Settings screen. SNS is Amazon’s notification system. An SNS topic is a communication channel that sends notifications. You can find my recent column on setting-up SNS to help you get started.
The configuration role is the last setting you’ll need to enter on the Settings screen. AWS Config can’t track changes to resources unless the permission is granted. You can tell AWS to create a role or use an existing one.
You will be taken to Step 2. AWS Config is a tool that can be used to check the compliance status of your AWS resources. It compares those resources against a set rules. Step 2 allows you to select the configuration rules you wish to use in such comparisons. These configuration rules are beyond the scope this column (I plan on covering them in a future installment), but Figure 2 shows you how the screen looks.
[Click on the image to see a larger view.] Figure 2: Here you can select the AWS Config rules you want to use. Once you have made your selections, click Next to proceed to Step 3. This step is a review of all the configuration choices you have made. If everything looks good, click the Confirm button. This will confirm the configuration and complete setup as shown in Figure 3.
[Click on the image to see a larger version.] Figure 3: Click on the Confirm button in order to confirm the setup. The AWS Config interface can be used immediately after it is set up. Figure 4 shows that AWS Config uses a search interface.
[Click on the image to see a larger version.] Figure 4: AWS Config allows you to search

Oswald