AWS Config for all governance and audit needs
Rating: 8 out of 10
IncentivizedUse Cases and Deployment Scope
AWS Config is used to assess, audit, and evaluate the configuration of your AWS resources. It is implemented in many applications that use AWS to deploy. It helps in assessment, operational auditing and general governance of AWS resources.
Pros
- It can help you define rules for provisioning and configuring of your AWS. We use it for this purpose.
- It maintains configuration history. So you can use the AWS Management Console, API, or CLI to obtain details of past configurations
- It gives you a configuration snapshot of all of your AWS resources and you can store it in AWS S3.
- You can integrate it with AWS CloudTrail to correlate configuration changes to particular events in your account.
Cons
- Dashboarding and graphs should be better and more configurable.
- Some time the Config Rules are difficult to understand and configure. They could be made easy or have GUI to configure them. I know it is difficult to build but that would be a good win.
Likelihood to Recommend
If you have multiple resources in your AWS environment then AWS Config can provide you with audit, governance, and comparison of any changes to your resource configuration over time. You can create alerts to be notified via AWS SNS if any configuration changes, which is very useful for development teams. Governance in an organization, like “Who made the change?”, “From what IP address?” is a very useful audit and operational governance tool.