Viewing the Amazon Config Dashboard - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Viewing the Amazon Config Dashboard

Use the Dashboard to see an overview of your resources, rules, conformance packs, and their compliance states and to visualize your Amazon Config usage and success metrics with Amazon CloudWatch. This page helps you quickly identify the top resources in your Amazon account, the conformance packs with the lowest level of compliance in your Amazon Web Services account, what rules or resources are noncompliant in your Amazon Web Services account, what traffic is driving your Amazon Config usage, and key metrics for success and failure that have occured in your workflows.

To use the Amazon Config Dashboard
  1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at https://console.amazonaws.cn/config/.

  2. In the left navigation pane, choose Dashboard.

Compliance and Resource Inventory

After setup, Amazon Config starts recording your specified resources and evaluating them against your rules. It may take a few minutes for Amazon Config to display your resources, rules, conformance packs, and their compliance states.

Conformance packs by compliance score

Conformance packs by compliance score displays up to 10 of your conformance packs with the lowest compliance score. A compliance score is the percentage of the number of compliant rule-resource combinations in a conformance pack compared to the number of total possible rule-resource combinations in the conformance pack.

This metric provides you with a high-level view of the compliance state of your conformance packs, and can be used to identify, investigate, and understand the level of compliance in your conformance packs. You can use the compliance score to track remediation progress, perform comparisons across different sets of requirements, and see the impact a specific change or deployment has on a conformance pack.

To view the deployment status, compliance score, compliance score timeline, and rules for a conformance pack in a detailed view, choose the name of the conformance pack under Conformance pack.

Compliance status

Compliance status displays the number of your compliant and noncompliant rules and compliant and noncompliant resources. Resources are compliant or noncompliant based on an evaluation of the rule associated with it. If a resource does not follow the rule's specifications, the resource and the rule are flagged as noncompliant.

To view the list of noncompliant rules and resources, choose Noncompliant rule(s) or Noncompliant resource(s).

Rules by noncompliant resources

Rules by noncompliant resources displays your top noncompliant rules in descending order by the number of resources. Choose a rule to view its details, parameters, and the resources in scope for that specific rule.

For a comprehensive list of noncompliant rules, choose View all noncompliant rules.

Resource inventory

Resource inventory displays the total number of resources that Amazon Config is recording in descending order by the number of resources, and the count of each resource type in your Amazon Web Services account. To open all resources for a resource type, choose that resource type to go to its Resources inventory page.

You can use the dropdown list to indicate which resource totals you want to view. By default, it is set to view All resources, but you can change it to Amazon resources, Third-party resources, or Custom resources.

Note

The Evaluate your Amazon resource configuration using Config rules message may appear on the Dashboard for the following reasons:

  • You haven't set up Amazon Config Rules for your Amazon Web Services account. You can choose Add rule to go to the Rules page.

  • Amazon Config is still evaluating your resources against your rules. You can refresh the page to see the latest evaluation results.

  • Amazon Config evaluated your resources against your rules and did not find any resources in scope. You can specify the resources for Amazon Config to record in the Settings page. For more information, see Recording Amazon Resources with Amazon Config.

Amazon Config Usage and Success Metrics

You can use Amazon CloudWatch dashboards in the Amazon Config console to visualize your Amazon Config usage and success metrics.

For each dashboard, you can do the following:

  • Adjust the dashboard time range to display data from the past 3 Hours, 1 Day, or 1 Week.

  • Choose the Calender icon, to enter a custom time range: either a Relative time for a past specified amount of time or an Absolute time range between two dates.

  • You can change the time format to display dashboard data in UTC (Coordinated Universal Time) or Local time zone (the time zone specified as your local time zone in the operating system of your device).

  • Use the Drop arrow next the Refresh icon to specify how often the data in a dashboard should refresh, or to turn off the automatic refresh. Choose Off, 10 Seconds, 1 Minute, 2 Minutes, 5 Minutes, or 15 Minutes to change the refresh internal.

  • Choose More options (the vertical ellipsis menu) to add the Amazon Config usage metrics or the Amazon Config success metrics you are currently viewing in the Amazon Config Dashboard to the CloudWatch console. This opens a new tab in the CloudWatch console that allows you to create a new custom dashboard in CloudWatch with information copied from your current Amazon Config usage metrics or Amazon Config success metrics.

If you want to perform additional analyses of these metrics with CloudWatch, choose Metrics in the left navigation pane of the CloudWatch console and then choose Amazon/Config. For more information on what you can do from the CloudWatch console, see Using Amazon CloudWatch dashboards and Using Amazon CloudWatch metrics in the CloudWatch User Guide.

Amazon Config Usage Metrics
Metric Description Unit
Configuration Items Recorded

The number of configuration items recorded for each resource type or all resource types. A configuration item represents a point-in-time view of the various attributes of a supported Amazon resource. For more information about configuration items or supported resource types, see Configuration Items and Supported Resource Types.

Count

You can select the resource type that you want to view by using the dropdown list. By default, it is set to view all resource types.

Amazon Config Success Metrics
Metric Description Unit
Change Notifications Delivery Failed

The number of failed change notification deliveries to the Amazon SNS topic for your delivery channel. A change notification informs you about a change to the configuration state of your Amazon resources. You can use the ConfigStreamDeliveryInfo API to get the lastErrorCode or lastErrorMessage for the last attempted delivery for a change notification. For more information, see Managing the Delivery Channel.

Count

Config History Export Failed

The number of failed configuration history exports to your Amazon S3 bucket. A configuration history is a collection of the configuration items for a given resource over a specified time period. For more information about configuration history, see Configuration History.

Count

Configuration Recorder Insufficient Permissions Failure

The number of failed permission access attempts due to the IAM role policy for all the configuration recorders in your account and Amazon Web Services Region having insufficient permissions. The configuration recorder detects changes in to the resource types in scope. For the configuration recorder to record your Amazon resource configurations, it requires the necessary IAM permissions. For more information, see IAM Role Policy for Getting Configuration Details.

Count

Config Snapshot Export Failed

The number of failed configuration snapshot exports to your Amazon S3 bucket. A configuration snapshot is a collection of the configuration items for the supported resources in your account. For more information about configuration snapshots, see Configuration Snapshot.

Count