Tracking resource protection changes in Amazon Config - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tracking resource protection changes in Amazon Config

You can record changes to the Amazon Shield Advanced protection of your resources using Amazon Config. You can then use this information to maintain a configuration change history for audit and troubleshooting purposes.

To record protection changes, enable Amazon Config for each resource that you want to track. For more information, see Getting Started with Amazon Config in the Amazon Config Developer Guide.

You must enable Amazon Config for each Amazon Web Services Region that contains the tracked resources. You can enable Amazon Config manually, or you can use the Amazon CloudFormation template "Enable Amazon Config" at Amazon CloudFormation StackSets Sample Templates in the Amazon CloudFormation User Guide.

If you enable Amazon Config, you're charged as detailed on the Amazon Config Pricing page.

Note

If you already have Amazon Config enabled for the necessary Regions and resources, you don't need to do anything. Amazon Config logs regarding protection changes to your resources start populating automatically.

After enabling Amazon Config, use the US East (N. Virginia) Region in the Amazon Config console to view the configuration change history for Amazon Shield Advanced global resources.

View the change history for Amazon Shield Advanced regional resources via the Amazon Config console in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Sydney) Regions.