Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Verifying that Amazon Config is Successfully Started with the Amazon CLI

After you have started Amazon Config, you can use Amazon CLI commands to check that the Amazon Config is running and that Amazon Config has created a configuration recorder and a delivery channel. You can also confirm that Amazon Config has started recording and delivering configurations to the delivery channel.

Check that the Delivery Channel Is Created

Use the describe-delivery-channels command to check that your Amazon S3 bucket and Amazon SNS topic is configured.

$ aws configservice describe-delivery-channels
{
    "DeliveryChannels": [
        {
            "snsTopicARN": "arn:aws:sns:us-west-2:0123456789012:my-config-topic",
            "name": "my-delivery-channel",
            "s3BucketName": "my-config-bucket"
        }
    ]
}

When you use the CLI, the service API, or the SDKs to configure your delivery channel and do not specify a name, Amazon Config automatically assigns the name "default".

Check that the Configuration Recorder Is Created

Use the describe-configuration-recorders command to check that a configuration recorder is created and that the configuration recorder has assumed an IAM role. For more information, see Creating an IAM Role.

$ aws configservice describe-configuration-recorders
{
    "ConfigurationRecorders": [
        {
            "roleARN": "arn:aws:iam::012345678912:role/myConfigRole",
            "name": "default"
        }
    ]
}

Check that Amazon Config has started recording

Use the describe-configuration-recorder-status command to check that the Amazon Config has started recording the configurations of the supported Amazon resources existing in your account. The recorded configurations are delivered to the specified delivery channel.

$ aws configservice describe-configuration-recorder-status
{
    "ConfigurationRecordersStatus": [
        {
            "name": "default",
            "lastStatus": "SUCCESS",
            "lastStopTime": 1414511624.914,
            "lastStartTime": 1414708460.276,
            "recording": true,
            "lastStatusChangeTime": 1414816537.148,
            "lastErrorMessage": "NA",
            "lastErrorCode": "400"
        }
    ]
}

The value true in the recording field confirms that the configuration recorder has started recording configurations of all your resources. Amazon Config records the time in UTC. The output is displayed as a Unix timestamp.

For information about looking up the resources existing in your account and understanding the configurations of your resources, see Viewing Amazon Resource Configurations and History.