tiero - Fotolia

Audit resources with AWS configuration management tool

SysOps teams must maintain consistent workload performance, meet compliance and security standards, as well as other IT tasks. AWS Config helps admins keep a watchful eye on apps.

IT administrators need to configure available cloud resources to ensure optimum workload performance and meet regulatory compliance and corporate governance standards. And there are a few native AWS tools that can help admins mitigate potential risks or uncertainties.

AWS Config is a management service that inspects, summarizes and audits AWS resource configurations.

AWS Config is a management service that inspects, summarizes and audits AWS resource configurations. Administrators access this native configuration management service through the AWS Management Console, the AWS Command Line Interface or programmatically using AWS software development kits.

The service allows admins to inventory and monitor AWS resources and compare resource configurations against a desired state configuration (DSC). By adhering to a DSC, admins align cloud deployments with business-centric rules for compliance and governance. If a user improperly provisions or changes resources or configurations -- or even if a change occurs to the software state within Elastic Compute Cloud instances -- AWS Config triggers notifications.

AWS Config monitors relationships and dependencies among resources, tracking each configuration change over time to see how resource use and configurations evolve. In addition, the service correlates configuration changes with other AWS configuration management tools, such as AWS CloudTrail, to obtain a clearer picture of account-level events. Admins can see what changes were made -- and who made them -- as well as causes and effects. Then they can monitor the changes to improve security, compliance and troubleshooting methods.

With configuration management, one size does not fit all

Enterprise IT using AWS likely will want to use native configuration management tools and services because they can help identify dependencies and integrate more easily. But not all native tools fit the bill for all enterprises. Different cloud providers offer varying levels of compliance, and businesses have unique governance requirements, which may not align with a native configuration management service. In such cases, IT teams turn to third-party tools to fill the gaps. But how do you choose the right third-party configuration management tool for your needs? This essential guide provides a range of resources to help a company evaluate and purchase the proper configuration management system.

By default, this AWS configuration management service monitors and tracks all AWS resources; admins can adjust the service so it tracks desired resources and performs selective reporting to reduce unnecessary message traffic. They can also store AWS Config reports in Amazon Simple Storage Service buckets for retention and later access or receive alerts via Amazon Simple Notification Service. This option delivers messages to email addresses or other services, such as Amazon Simple Queue Service, so admins can act on notifications.

Next Steps

Configure AWS resources with these tools

Tool choice makes the difference in monitoring AWS

Fit AWS Config adds into your security portfolio

Dig Deeper on AWS compliance, governance, privacy and regulations