# 1-click setup for Amazon Config
<a name="1-click-setup"></a>

Amazon Config **1-click setup** helps simplify the getting started process for Amazon Config console customers by reducing the number of manual selections. To go through all the manual selections of the setup process, see [Manual setup](https://docs.amazonaws.cn/config/latest/developerguide/detailed-setup.html).

**To set up Amazon Config with the console using **1-click setup****

1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at [https://console.amazonaws.cn/config/home](https://console.amazonaws.cn/config/home).

1. Choose **1-click setup**. 

The set up page includes three steps, but through the **1-click setup** workflow, you are automatically directed to Step 3 (Review). The following provides a breakdown of that procedure.
+ **Settings**: To select the manner by which the Amazon Config console records resources and roles, and choose where configuration history and configuration snapshot files are sent.
+ **Rules**: For Amazon Web Services Regions that support Amazon Config rules, this step is available for you to configure initial managed rules that you can add to your account. After setting up, Amazon Config will evaluate your Amazon resources against the rules that you chose. Additional rules can be created and existing ones can be updated in your account after setup.
+ **Review**: To verify your setup details.

## Step 1: Settings
<a name="1-click-setup-settings.title"></a>

### Recording strategy
<a name="1-click-setup-settings-recording-strategy.title"></a>

The option to record **All resource types with customizable overrides** is selected for you. Amazon Config will record all current and future supported resource types in this Region. For more information, see [Supported Resource Types](https://docs.amazonaws.cn/config/latest/developerguide/resource-config-reference.html).
+ **Default settings**

  The default recording frequency is set to **Continuous** for you. This means Amazon Config records configuration changes continuously whenever a change occurs.

  Amazon Config also supports the option to set the recording frequency to **Daily**. If you select this option after setup, you will receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded. For more information see, [Recording Frequency](https://docs.amazonaws.cn/config/latest/developerguide/select-resources.html#select-resources-recording-frequency).
**Note**  
Amazon Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
+ **Override settings – *optional***

  Optionally, after setup you can override the record frequency for specific resource types, or exclude specific resource types from recording. To override the default settings, choose **Settings** in the left navigation of the Amazon Config console, and then choose **Edit**.

#### Considerations When Recording Resources
<a name="1-click-setup-considerations"></a>

** High Number of Amazon Config Evaluations**

You might notice increased activity in your account during your initial month recording with Amazon Config when compared to subsequent months. During the initial bootstrapping process, Amazon Config runs evaluations on all the resources in your account that you have selected for Amazon Config to record.

If you are running ephemeral workloads, you may see increased activity from Amazon Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Amazon Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can set up the configuration recorder to exclude these resource types from being recorded, or run these types of workloads in a separate account with Amazon Config turned off to avoid increased configuration recording and rule evaluations.

**Global resource types \$1 Aurora global clusters are initially included in recording**

The `AWS::RDS::GlobalCluster` resource type will be recorded in all supported Amazon Config Regions where the configuration recorder is enabled.

If you do not want to record `AWS::RDS::GlobalCluster` in all enabled Regions, you can exclude this resource type from recording after setup. Choose **Settings** in the left navigation bar, and then choosing **Edit**. From **Edit**, go to **Override settings** in the **Recording method** section, choose `AWS::RDS::GlobalCluster`, and choose the override "Exclude from recording".

**Global resource types \$1 IAM resource types are initially excluded from recording**

"All globally recorded IAM resource types" are initially excluded from recording to help you reduce costs. This bundle includes IAM users, groups, roles, and customer managed policies. Choose **Remove** to remove the override and include these resources in your recording. 

Additionally, the global IAM resource types (`AWS::IAM::User`, `AWS::IAM::Group`, `AWS::IAM::Role`, and `AWS::IAM::Policy`) cannot be recorded in Regions supported by Amazon Config after February 2022. For a list of those Regions, see [Recording Amazon Resources \$1 Global Resources](https://docs.amazonaws.cn/config/latest/developerguide/select-resources.html#select-resources-all).

### Data governance
<a name="1-click-setup-data-governance"></a>

The default data retention period to retain Amazon Config data for 7 years (2557 days) is selected for you in this section.

The option to **Use an existing Amazon Config service-linked role** is selected for you and set to the **Amazon Config role**. Service-linked roles are predefined by Amazon Config and include all the permissions that the service requires to call other Amazon services.

### Delivery method
<a name="1-click-setup-data-delivery-method"></a>

The option to **Choose a bucket from your account **is selected for you in this section. This selection will default to the bucket in your account that is named in the format `config-bucket-accountid`. For example, `config-bucket-012345678901`. If you don't have a bucket created in that format, one will be created for you. If you want to create your own bucket, see [Creating a bucket](https://docs.amazonaws.cn/AmazonS3/latest/userguide/create-bucket-overview.html) in the *Amazon Simple Storage Service User Guide*.

For more information about S3 buckets, see [Buckets overview](https://docs.amazonaws.cn/AmazonS3/latest/userguide/UsingBucket.html) in the *Amazon Simple Storage Service User Guide*.

## Step 2: Rules
<a name="1-click-setup-rules.title"></a>

Under **Amazon Managed Rules**, no rules are selected for you at this step. Instead, you are encouraged to create and update rules after you have finished setting up your account.

## Step 3: Review
<a name="1-click-setup-review.title"></a>

Review your Amazon Config setup details. You can go back to edit changes for each section. Choose **Confirm** to finish setting up Amazon Config.