Getting Started with Amazon Config
Amazon Config provides a detailed view of the configuration of Amazon resources in your Amazon account. With Amazon Config, you can review changes in configurations and relationships between Amazon resources, explore resource configuration history, and use rules to determine compliance. For more information, see What Is Amazon Config? and How Amazon Config Works.
Features
When you set up Amazon Config, you can complete the following:
Resource management
-
Specify the resource types you want Amazon Config to record.
-
Set up an Amazon S3 bucket to receive a configuration snapshot on request and configuration history.
-
Set up Amazon SNS to send configuration stream notifications.
-
Grant Amazon Config the permissions it needs to access the Amazon S3 bucket and the Amazon SNS topic.
For more information, see Viewing Amazon Resource Configurations and History and Managing Amazon Resource Configurations and History.
Rules and conformance packs
-
Specify the rules that you want Amazon Config to use to evaluate compliance information for the recorded resource types.
-
Use conformance packs, or a collection of Amazon Config rules and remediation actions that can be deployed and monitored as a single entity in your Amazon account.
For more information, see Evaluating Resources with Amazon Config Rules and Conformance Packs.
Aggregators
-
Use an aggregator to get a centralized view of your resource inventory and compliance. An aggregator is an Amazon Config resource type that collects Amazon Config configuration and compliance data from multiple Amazon accounts and Amazon Regions into a single account and Region.
For more information, see Multi-Account Multi-Region Data Aggregation .
Advanced queries
-
Use one of the sample queries or write your own query by referring to the configuration schema of the Amazon resource.
For more information, see Querying the Current Configuration State of Amazon Resources .
Signing up for Amazon
Sign up for an Amazon Web Services account
If you do not have an Amazon Web Services account, use the following procedure to create one.
To sign up for Amazon Web Services
Open http://www.amazonaws.cn/
and choose Sign Up. Follow the on-screen instructions.
Amazon sends you a confirmation email after the sign-up process is
complete. At any time, you can view your current account activity and manage your account by
going to http://www.amazonaws.cn/
Secure IAM users
After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.
To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.
For more information about creating and securing IAM users, see the following topics in the IAM User Guide:
Using Amazon Config
After you sign up for an Amazon account, you can get started with Amazon Config with the Amazon Web Services Management Console, Amazon CLI, or the Amazon SDKs. For more information about using the Amazon CLI or Amazon SDKs, see Setting Up Amazon Config with the Amazon CLI and Amazon Software Development Kits for Amazon Config.
You can also use the console for a quick and streamlined process. For more information, see Setting Up Amazon Config with the Console.