tiero - Fotolia
IT administrators need to configure available cloud resources to ensure optimum workload performance and meet regulatory compliance and corporate governance standards. And there are a few native AWS tools that can help admins mitigate potential risks or uncertainties.
AWS Config is a management service that inspects, summarizes and audits AWS resource configurations. Administrators access this native configuration management service through the AWS Management Console, the AWS Command Line Interface or programmatically using AWS software development kits.
The service allows admins to inventory and monitor AWS resources and compare resource configurations against a desired state configuration (DSC). By adhering to a DSC, admins align cloud deployments with business-centric rules for compliance and governance. If a user improperly provisions or changes resources or configurations -- or even if a change occurs to the software state within Elastic Compute Cloud instances -- AWS Config triggers notifications.
AWS Config monitors relationships and dependencies among resources, tracking each configuration change over time to see how resource use and configurations evolve. In addition, the service correlates configuration changes with other AWS configuration management tools, such as AWS CloudTrail, to obtain a clearer picture of account-level events. Admins can see what changes were made -- and who made them -- as well as causes and effects. Then they can monitor the changes to improve security, compliance and troubleshooting methods.
With configuration management, one size does not fit all
Enterprise IT using AWS likely will want to use native configuration management tools and services because they can help identify dependencies and integrate more easily. But not all native tools fit the bill for all enterprises. Different cloud providers offer varying levels of compliance, and businesses have unique governance requirements, which may not align with a native configuration management service. In such cases, IT teams turn to third-party tools to fill the gaps. But how do you choose the right third-party configuration management tool for your needs? This essential guide provides a range of resources to help a company evaluate and purchase the proper configuration management system.
By default, this AWS configuration management service monitors and tracks all AWS resources; admins can adjust the service so it tracks desired resources and performs selective reporting to reduce unnecessary message traffic. They can also store AWS Config reports in Amazon Simple Storage Service buckets for retention and later access or receive alerts via Amazon Simple Notification Service. This option delivers messages to email addresses or other services, such as Amazon Simple Queue Service, so admins can act on notifications.
Configure AWS resources with these tools
Tool choice makes the difference in monitoring AWS
Fit AWS Config adds into your security portfolio
Dig Deeper on AWS compliance, governance, privacy and regulations
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading