View Amazon Trusted Advisor checks powered by Amazon Config
Amazon Config is a service that continually assesses, audits, and evaluates your resource configurations for your desired settings. Amazon Config provides managed rules, which are predefined, customizable compliance checks that Amazon Config uses to evaluate if your Amazon resources comply with common best practices.
The Amazon Config console guides you through the configuration and activation of managed rules. You can also use the Amazon Command Line Interface (Amazon CLI) or Amazon Config API to pass the JSON code that defines your configuration of a managed rule. You can customize the behavior of a managed rule to suit your needs. You can customize the rule's parameters to define attributes that your resources must have to comply with the rule. To learn more about enabling Amazon Config, see the Amazon Config Developer Guide.
Amazon Config managed rules power a set of Trusted Advisor checks across all categories. When you enable certain managed rules, the corresponding Trusted Advisor checks are automatically enabled. To see which Trusted Advisor checks are powered by specific Amazon Config managed rules, see Amazon Trusted Advisor check reference.
The Amazon Config powered checks are available to customers with Amazon Business Support
Note
Results for these checks are automatically refreshed based on change-triggered updates to Amazon Config managed rules. Refresh requests are not allowed. Currently, you can’t exclude resources from these checks.
Troubleshooting
If you have issues with this integration, see the following troubleshooting information.
Contents
- I just enabled recording and managed rules for Amazon Config, but I don’t see corresponding Trusted Advisor checks.
- I deployed the same Amazon Config managed rule twice, what will I see in Trusted Advisor?
- I turned off recording for Amazon Config in an Amazon Region. What will I see in Trusted Advisor?
I just enabled recording and managed rules for Amazon Config, but I don’t see corresponding Trusted Advisor checks.
After the Amazon Config rule generates evalution results, you see the results in Trusted Advisor in near real-time. If you have issues with this feature, create a technical support case in the Amazon Web Services Support Center
I deployed the same Amazon Config managed rule twice, what will I see in Trusted Advisor?
You see separate entries in the Trusted Advisor check results for each managed rule that you install.
I turned off recording for Amazon Config in an Amazon Region. What will I see in Trusted Advisor?
If you turned off resource recording for Amazon Config in an Amazon Region, then Trusted Advisor no longer receives data for corresponding managed rules and checks in that Region. Existing managed rule results remain in Amazon Config and in Trusted Advisor until Amazon Config expires, based on the recorder retention policy. If you delete a managed rule, then the Trusted Advisor check data usually deletes in near real-time.