AWS Config allows you to find, for any of your resources, what other AWS resources they are connected to or associated with. You can obtain this information from either the AWS Management Console or via commands from the CLI. Since you are already in the Management Console looking at the dashboard, try viewing one of your resources and its relationships, as follows:
Figure 5.3: Resource identifier screen
The following is an example snippet of the relationship data for an EC2 volume:
“relationships”: [
{
“resourceType”: “AWS::EC2::Instance”,
“resourceId”: “i-069fe8fba4d4c9254”,
“relationshipName”: “Is attached to Instance”
}
],
You have seen how AWS Config can produce and show you the relationships between resources. The next section describes how you can use rules to enforce compliance with the service in your organization.
AWS Config rules are the definitions you set by which to evaluate the current configuration settings of your AWS resources. The rules need to be triggered in order to run, which is done in two ways:
With Config rules, you can enforce a consistent deployment approach, ensuring all resource types follow a set criterion, regardless of who deployed the resource or when.
Along with choosing what type of trigger you would like your rules to apply, one of the following items must be applied for the rules to run successfully:
If none of the preceding values have been specified, then the rules will not be triggered.
From a compliance perspective, AWS Config rules are a great feature and should be implemented whenever you use AWS Config. Backed by AWS Lambda functions performing simple logic, Config rules automatically monitor your resources to ensure they meet specific compliance controls you might need to introduce within your AWS environment. If a resource is not compliant, you will be notified via SNS and the configuration stream, which will allow you to take corrective action.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
