Welcome - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Welcome

Amazon Config provides a way to keep track of the configurations of all the Amazon resources associated with your Amazon Web Services account. You can use Amazon Config to get the current and historical configurations of each Amazon resource and also to get information about the relationship between the resources. An Amazon resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by Amazon Config, see Supported Amazon resources.

You can access and manage Amazon Config through the Amazon Management Console, the Amazon Command Line Interface (Amazon CLI), the Amazon Config API, or the Amazon SDKs for Amazon Config. This reference guide contains documentation for the Amazon Config API and the Amazon CLI commands that you can use to manage Amazon Config. The Amazon Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process. For detailed information about Amazon Config features and their associated actions or commands, as well as how to work with Amazon Web Services Management Console, see What Is Amazon Config in the Amazon Config Developer Guide.

Configuration Recorder

Use the following APIs for the Amazon Config configuration recorder:

Delivery Channel

Use the following APIs for the Amazon Config delivery channel:

Resource Management

Use the following APIs for Amazon Config resource management:

Amazon Config Rules

Use the following APIs for Amazon Config Rules:

Remediation

Use the following APIs for Amazon Config remediation actions:

Conformance Packs

Use the following APIs for conformance packs:

Aggregators

Use the following APIs for multi-account multi-Region data aggregation:

Advanced Queries

Use the following APIs for Amazon Config:

  • SelectAggregateResourceConfig, accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of Amazon resources across multiple accounts and regions.

  • SelectResourceConfig, accepts a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties.

  • PutStoredQuery, saves a new query or updates an existing saved query.

  • GetStoredQuery, returns the details of a specific stored query.

  • ListStoredQueries, lists the stored queries for a single Amazon Web Services account and a single Amazon Web Services Region.

  • DeleteStoredQuery, deletes the stored query for a single Amazon Web Services account and a single Amazon Web Services Region.

This document was last published on June 13, 2024.