Delivering Configuration Snapshot to an Amazon S3 Bucket - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Delivering Configuration Snapshot to an Amazon S3 Bucket

Amazon Config delivers configuration snapshots of the Amazon resources that Amazon Config is recording to the Amazon S3 bucket that you specified when you configured your delivery channel.

Delivering Configuration Snapshot

Amazon Config generates configuration snapshots when you invoke the DeliverConfigSnapshot action or you run the Amazon CLI deliver-config-snapshot command. Amazon Config stores configuration snapshots in the Amazon S3 bucket that you specified when you enabled Amazon Config.

Type the deliver-config-snapshot command by specifying the name assigned by Amazon Config when you configured your delivery channel, for example:

$ aws configservice deliver-config-snapshot --delivery-channel-name default { "configSnapshotId": "94ccff53-83be-42d9-996f-b4624b3c1a55" }

Example Configuration Snapshot from Amazon Config

The following is an example of the information that Amazon Config includes in a configuration snapshot. The snapshot describes the configuration for the resources that Amazon Config is recording in the current region for your Amazon account, and it describes the relationships between these resources.

Note

The configuration snapshot can include references to resources types and resource IDs that are not supported.

{ "fileVersion": "1.0", "requestId": "asudf8ow-4e34-4f32-afeb-0ace5bf3trye", "configurationItems": [ { "configurationItemVersion": "1.0", "resourceId": "vol-ce676ccc", "arn": "arn:aws:us-west-2b:123456789012:volume/vol-ce676ccc", "accountId": "12345678910", "configurationItemCaptureTime": "2014-03-07T23:47:08.918Z", "configurationStateID": "3e660fdf-4e34-4f32-afeb-0ace5bf3d63a", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adb69edbb1e4", "c376e30d-71a2-4694-89b7-a5a04ad92281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Volume", "resourceCreationTime": "2014-02-27T21:43:53.885Z", "tags": {}, "relationships": [ { "resourceId": "i-344c463d", "resourceType": "AWS::EC2::Instance", "name": "Attached to Instance" } ], "configuration": { "volumeId": "vol-ce676ccc", "size": 1, "snapshotId": "", "availabilityZone": "us-west-2b", "state": "in-use", "createTime": "2014-02-27T21:43:53.0885+0000", "attachments": [ { "volumeId": "vol-ce676ccc", "instanceId": "i-344c463d", "device": "/dev/sdf", "state": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } ], "tags": [ { "tagName": "environment", "tagValue": "PROD" }, { "tagName": "name", "tagValue": "DataVolume1" } ], "volumeType": "standard" } }, { "configurationItemVersion": "1.0", "resourceId": "i-344c463d", "accountId": "12345678910", "arn": "arn:aws:ec2:us-west-2b:123456789012:instance/i-344c463d", "configurationItemCaptureTime": "2014-03-07T23:47:09.523Z", "configurationStateID": "cdb571fa-ce7a-4ec5-8914-0320466a355e", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adb69edbb1e4", "c376e30d-71a2-4694-89b7-a5a04ad92281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Instance", "resourceCreationTime": "2014-02-26T22:56:35.000Z", "tags": { "Name": "integ-test-1", "examplename": "examplevalue" }, "relationships": [ { "resourceId": "vol-ce676ccc", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume" }, { "resourceId": "vol-ef0e06ed", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume", "direction": "OUT" }, { "resourceId": "subnet-47b4cf2c", "resourceType": "AWS::EC2::SUBNET", "name": "Is contained in Subnet", "direction": "IN" } ], "configuration": { "instanceId": "i-344c463d", "imageId": "ami-ccf297fc", "state": { "code": 16, "name": "running" }, "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "stateTransitionReason": "", "keyName": "configDemo", "amiLaunchIndex": 0, "productCodes": [], "instanceType": "t1.micro", "launchTime": "2014-02-26T22:56:35.0000+0000", "placement": { "availabilityZone": "us-west-2b", "groupName": "", "tenancy": "default" }, "kernelId": "aki-fc8f11cc", "monitoring": { "state": "disabled" }, "subnetId": "subnet-47b4cf2c", "vpcId": "vpc-41b4cf2a", "privateIpAddress": "172.31.21.63", "publicIpAddress": "54.218.4.189", "architecture": "x86_64", "rootDeviceType": "ebs", "rootDeviceName": "/dev/sda1", "blockDeviceMappings": [ { "deviceName": "/dev/sda1", "ebs": { "volumeId": "vol-ef0e06ed", "status": "attached", "attachTime": "2014-02-26T22:56:38.0000+0000", "deleteOnTermination": true } }, { "deviceName": "/dev/sdf", "ebs": { "volumeId": "vol-ce676ccc", "status": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } } ], "virtualizationType": "paravirtual", "clientToken": "aBCDe123456", "tags": [ { "key": "Name", "value": "integ-test-1" }, { "key": "examplekey", "value": "examplevalue" } ], "securityGroups": [ { "groupName": "launch-wizard-2", "groupId": "sg-892adfec" } ], "sourceDestCheck": true, "hypervisor": "xen", "networkInterfaces": [ { "networkInterfaceId": "eni-55c03d22", "subnetId": "subnet-47b4cf2c", "vpcId": "vpc-41b4cf2a", "description": "", "ownerId": "12345678910", "status": "in-use", "privateIpAddress": "172.31.21.63", "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "sourceDestCheck": true, "groups": [ { "groupName": "launch-wizard-2", "groupId": "sg-892adfec" } ], "attachment": { "attachmentId": "eni-attach-bf90c489", "deviceIndex": 0, "status": "attached", "attachTime": "2014-02-26T22:56:35.0000+0000", "deleteOnTermination": true }, "association": { "publicIp": "54.218.4.189", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" }, "privateIpAddresses": [ { "privateIpAddress": "172.31.21.63", "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "primary": true, "association": { "publicIp": "54.218.4.189", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" } } ] } ], "ebsOptimized": false } } ] }

The next step is to verify that configuration snapshot was delivered successfully to the delivery channel.

Verifying Delivery Status

Type the describe-delivery-channel-status command to verify that the Amazon Config has started delivering the configurations to the specified delivery channel, for example:

$ aws configservice describe-delivery-channel-status { "DeliveryChannelsStatus": [ { "configStreamDeliveryInfo": { "lastStatusChangeTime": 1415138614.125, "lastStatus": "SUCCESS" }, "configHistoryDeliveryInfo": { "lastSuccessfulTime": 1415148744.267, "lastStatus": "SUCCESS", "lastAttemptTime": 1415148744.267 }, "configSnapshotDeliveryInfo": { "lastSuccessfulTime": 1415333113.4159999, "lastStatus": "SUCCESS", "lastAttemptTime": 1415333113.4159999 }, "name": "default" } ] }

The response lists the status of all the three delivery formats that Amazon Config uses to deliver configurations to your bucket and topic.

Take a look at the lastSuccessfulTime field in configSnapshotDeliveryInfo. The time should match the time you last requested the delivery of the configuration snapshot.

Note

Amazon Config uses the UTC format (Coordinated Universal Time) to record the time.

Viewing Configuration Snapshot in Amazon S3 bucket

  1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/.

  2. In the Amazon S3 console All Buckets list, click the name of your Amazon S3 bucket.

  3. Click through the nested folders in your bucket until you see the ConfigSnapshot object with a snapshot ID that matches with the ID returned by the command. Download and open the object to view the configuration snapshot.

    The S3 bucket also contains an empty file named ConfigWritabilityCheckFile. Amazon Config creates this file to verify that the service can successfully write to the S3 bucket.