AWS Config provides AWS hosting regular (predefined rules customizable), AWS Config uses these rules to assess whether your AWS resources in line with common best practices. For example, you can use a regular hosting to quickly begin to assess whether your Amazon Elastic Block Store (Amazon EBS) volume is encrypted, or whether a particular label has been applied to your resources. You can set up and activate these rules without having to create AWS Lambda functions by writing code, if you want to create custom rules that is required. AWS Config Console can guide you through the process of configuring and activating hosting rules. You can also pass JSON code is used to define the hosting rule configuration using or AWS Command Line Interface AWS Config API.
You can customize the behavior of hosting the rules to suit your needs. For example, you can define a rule so as to define a range trigger rule evaluation resources, e.g. EC2 instance or volume. You can customize the parameters defined rules to define your resources to comply with the rules and must have property. For example, you can customize a parameter to specify your security group should block incoming traffic to a specific port number.
After activating a rule, AWS Config will be your resource in the rule conditions are compared. Upon completion of this initial assessment, AWS Config will continue to evaluate each time the assessment is triggered. Rule defines assessment triggers can include the following types:
-
Configuration Changes - When any resource configuration changes with the scope of the rules match, AWS Config will trigger assessment. After sending the configuration item change notifications AWS Config, will run the assessment.
-
Regular - AWS Config operational evaluation in accordance with the frequency of your choice (for example, every 24 hours).
AWS Config console resources which conform to the rules and follow the rules can be displayed.