The AWS Config Dashboard provides a high-level view of your resource compliance, recent changes, and configuration history. It’s a great starting point to explore the state of your resources.
Rules:
Click on Rules in the left-hand menu to see the list of compliance rules configured in your environment. Each rule monitors specific resource configurations, such as whether S3 buckets are public or if encryption is enabled.
Resources:
Explore Resources to view the different AWS resources that AWS Config tracks (e.g., S3 buckets, EC2 instances, security groups). Clicking on a resource provides detailed information about its configuration history and compliance status.
3. Exploring the AWS Well-Architected Framework Pillars
Navigate to Resources, select a specific resource, and review its Configuration Timeline. This timeline provides historical information about configuration changes, helping in auditing and troubleshooting.
Compliance Status:
In the Rules section, check the compliance status of resources against your predefined rules. Ensuring compliance with operational best practices supports the smooth operation of your AWS environment.
Change Management:
Use the Timeline under individual resource details to track configuration changes over time. This information can guide operational decisions, such as reverting to a previous configuration if a recent change caused issues.
In the Rules section, look for rules related to security, such as ensuring S3 buckets are not publicly accessible, security groups are not overly permissive, or encryption is enabled for resources. Compliance with these rules indicates that your environment adheres to security best practices.
Snapshot of Current State:
In the Resources section, select a resource (e.g., an S3 bucket) to view its configuration details, including access policies, encryption settings, and network configurations. This snapshot helps assess the current security posture of the resource.
Security Hub Integration:
If AWS Security Hub is enabled, use Security Hub to view findings related to AWS Config compliance. Security Hub aggregates these findings, helping to identify security risks and potential misconfigurations across your environment.
In the Rules section, review the rules that monitor reliability-related configurations, such as ensuring automatic backups are enabled for databases (RDS) or that instances are part of Auto Scaling groups. Compliance with these rules ensures your resources remain resilient to changes and failures.
Resource Configuration Timeline:
Use the Configuration Timeline for individual resources to examine changes that could affect reliability, such as modifications to security groups or changes to VPC settings. Understanding the history helps maintain resource stability.
Under the Resources section, explore the list of AWS resources in your account. Identifying unused or underutilized resources, like idle EC2 instances or unattached EBS volumes, helps in optimizing costs by removing unnecessary expenses.
Compliance with Cost-Related Rules:
Check for rules related to cost optimization, such as ensuring EC2 instances use the latest generation of instance types or that EBS volumes have lifecycle policies in place. Compliance with these rules can lead to more efficient resource utilization and cost savings.
Explore the Rules that monitor configurations impacting performance, such as whether instances are properly tagged for autoscaling, ensuring the use of provisioned IOPS for databases, or enforcing placement groups for high-performance networking.
Configuration History for Performance:
In the Resources section, select performance-critical resources (e.g., RDS instances, EC2 instances) and review their configuration changes over time. Analyzing configuration changes helps identify patterns that affect resource performance.
If AWS Config is set up with aggregators across multiple accounts or regions, use the Aggregators section to get a unified view of compliance and resource inventory across your AWS environment.
Compliance Reporting:
In the Compliance section, review compliance summaries to understand how well your resources align with AWS best practices. These summaries can be filtered by resource type or rule to focus on specific areas, such as security or cost optimization.
AWS Config and Security Hub:
If AWS Security Hub is integrated, review findings related to AWS Config to assess compliance with security standards and best practices.