AWS Practice - AWS Config Service Delivery
AWS Config gives you the ability to assess, audit, and evaluate configurations of your resources. It tracks and stores configuration history of your AWS resources, software and tracks relationships of AWS resources in your account. It gives you pre-built rules for evaluating, provisioning and configuring your AWS resources. Conformance packs help you manage compliance of your AWS resource configuration at scale–from policy definition to auditing and aggregated reporting–using a common framework and packaging model.
Using AWS Config, you can have centralized auditing and governance with multi account and multi region data aggregation. It gives you an enterprise-wide view of your AWS Config rule compliance status, and you can associate your AWS organization to quickly add your accounts.
You can even publish the configuration of third-party resources into AWS Config using publicly available APIs. Third-party resources could be version control systems such as GitHub, Microsoft Active Directory resources or even on-premise servers.
You can create configuration snapshots, which is a point in time capture of all your resources and configurations. This can be generated via the CLI or API calls, and is delivered to an S3 bucket of your choice.
AWS Config records details of changes to your AWS resources to provide you with a configuration history. You can use the AWS Management Console, API, or CLI to obtain details of what a resource’s configuration looked like at any point in the past. AWS Config will also automatically deliver a configuration history file to the Amazon S3 bucket you specify.
Case Studies - AWS Config
AWS Config helps CBWC conform to compliance requirements
CryptoBear Watch Club (CBWC) was launched with a mission to unite luxury watch and NFT collectors in a community by facilitating more access to the watches they seek in a virtual world dedicated to them. AWS config is used for ensuring compliance to data protection standards. Required resources and configuration are defined and AWS Config monitors resource configuration changes against the rules and flags them as non-compliant if they are not followed. Some of the use cases are to make sure data is encrypted at rest and any encryption standards uses a minimum of TLS version 1.2. Another use case id to ensure that IAM users with only with least granted privileges can access the workload resources and flags if any permissions are modified or created.