Verifying that Amazon Config is Successfully Started with the Amazon CLI - Amazon Config
Step 1: Check that a delivery channel is CreatedStep 2: Check that a configuration recorder is CreatedStep 3: Check that Amazon Config has started recording
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Verifying that Amazon Config is Successfully Started with the Amazon CLI

After you have started Amazon Config, you can use Amazon CLI commands to check that the Amazon Config is running and that Amazon Config has created a configuration recorder and a delivery channel. You can also confirm that Amazon Config has started recording and delivering configurations to the delivery channel.

Step 1: Check that a delivery channel is Created

Use the describe-delivery-channels command to check that your Amazon S3 bucket and Amazon SNS topic is configured.

You can use the --delivery-channel-names field to specify a list of delivery channel. If a delivery channel is not specified, this command returns the details of all delivery channels associated with the account.

$ aws configservice describe-delivery-channels
{
    "DeliveryChannels": [
        {
            "snsTopicARN": "arn:aws:sns:us-west-2:0123456789012:my-config-topic",
            "name": "my-delivery-channel",
            "s3BucketName": "my-config-bucket"
        }
    ]
}

Step 2: Check that a configuration recorder is Created

Use the describe-configuration-recorders command to check that a configuration recorder is created.

You can use the arn and configuration-recorder-names fields to specify a list of configuration recorders. If a configuration recorder is not specified, this command returns the details of all configuration recorders associated with the account.

$ aws configservice describe-configuration-recorders
{
    "ConfigurationRecorders": [
        {
            "roleARN": "arn:aws:iam::012345678912:role/myConfigRole",
            "name": "default"
        }
    ]
}

Step 3: Check that Amazon Config has started recording

Use the describe-configuration-recorder-status command to check that the configuration recorder is successfully recording the resource types in scope.

You can use the arn and configuration-recorder-names fields to specify a list of configuration recorders. If a configuration recorder is not specified, this command returns the details of all configuration recorders associated with the account.

$ aws configservice describe-configuration-recorder-status
{
    "ConfigurationRecordersStatus": [
        {
            "name": "default",
            "lastStatus": "SUCCESS",
            "lastStopTime": 1414511624.914,
            "lastStartTime": 1414708460.276,
            "recording": true,
            "lastStatusChangeTime": 1414816537.148,
            "lastErrorMessage": "NA",
            "lastErrorCode": "400"
        }
    ]
}

The true value in the recording field confirms that the configuration recorder has started recording configurations. Amazon Config records the time in UTC. The output is displayed as a Unix timestamp.