everythingpossible - Fotolia
AWS configuration management is a two-phased process that involves defining and maintaining configuration scripts and then ensuring deployed resources are configured as expected. And AWS offers two specific tools to help with both phases of the management process.
CloudFormation addresses the first phase of AWS configuration management by providing a way to specify resources, configuration parameters and dependencies for deploying applications. AWS Config monitors the state of deployed resources to ensure they are configured as expected. This AWS configuration management service is useful for maintaining compliance in the public cloud. And while it doesn't prevent misconfigurations from being implemented, it can detect such events and record details.
AWS Config performs a few key functions. It provides a repository of information about the state of deployed resources. The AWS configuration management service also monitors for changes, including records configuration changes, within the repository. Cloud administrators can use the repository to get a quick view at the state of cloud resources and receive alerts when configurations change. Data about configurations are stored in Amazon Simple Storage Service (S3); admins can access configuration data through the AWS Management Console, APIs or SDKs.
Through AWS Config snapshots, system administrators can capture point-in-time descriptions of the state of cloud resources. Snapshots are created using the command-line interface or an API; snapshot data is stored in JSON format in an S3 bucket.
AWS Config also supports rules for evaluating the state of configurations and posts information to the console when resources are out of configuration.
Billing for AWS Config is based on the number of resources it is monitoring and the number of configuration rules that are in place. Amazon charges a one-time fee of $0.003 per configuration item recorded. There is also a charge of $2.00 per rule per month for active Config rules, which includes up to 20,000 evaluations of the rule per month. After that, Amazon charges $0.10 per 1,000 evaluations during the month.
AWS monitoring tools have limitations
Streamline AWS resources with CloudFormation
Native, third-party logging tools help secure AWS
Dig Deeper on Amazon EC2 (Elastic Compute Cloud) management
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading