AWS Config Integrations

Overview

AWS Config integrates with several AWS services, enabling enhanced visibility, compliance monitoring, and operational tracking of resource configurations.

Key Integrations:

AWS Organizations:
- Consolidates multiple AWS accounts for centralized management and compliance monitoring.
- Facilitates multi-account, multi-region data aggregation for AWS Config.
AWS Control Tower:
- Enables AWS Config on all enrolled accounts to monitor compliance, track resource changes, and log activity in the log archive account.
AWS CloudTrail:
- Links AWS Config with CloudTrail logs to correlate configuration changes with specific API events (e.g., who made the request and from which IP).
- Supports timeline navigation between CloudTrail and AWS Config.
AWS Security Hub:
- Centralizes security checks, including compliance with AWS Config rules.
- Requires AWS Config to be enabled across all accounts and regions for Security Hub integration.
AWS Audit Manager:
- Uses AWS Config evaluations as evidence in audits.
- Maps Config rules to Audit Manager controls to report compliance check results.
AWS Systems Manager:
- Records software configuration changes for Amazon EC2 instances and on-premises servers.
- Tracks OS updates, network settings, and installed applications alongside infrastructure changes.
AWS Firewall Manager:
- Requires AWS Config to monitor resources and enforce firewall rules.
- Recommends continuous recording for real-time monitoring.
Amazon EC2 Dedicated Hosts:
- Tracks instance activity on Dedicated Hosts for license compliance.
- Monitors host details like AMI IDs, physical cores, and sockets for accurate reporting.
Elastic Load Balancers (ALB):
- Records changes to Application Load Balancers and related resources (e.g., security groups, VPCs).
- Supports security analysis and troubleshooting by tracking relationships between resources.
AWS CodeBuild:

Tracks CodeBuild projects and maintains a history of their configuration changes.

AWS X-Ray:

Monitors configuration changes in X-Ray encryption settings.
Provides a detailed history of changes for auditing and notifications.

AWS Service Management Connector:

Integrates AWS Config data with ServiceNow using an Aggregator for multi-account, multi-region synchronization.

Amazon API Gateway:

Records configuration changes to API Gateway resources.
Maintains change history for operational troubleshooting, auditing, and compliance.

PreviousResource Management in AWS Config NextAWS Config Resources

Last updated 8 months ago

Overview

AWS Config integrates with several AWS services, enabling enhanced visibility, compliance monitoring, and operational tracking of resource configurations.

Key Integrations:

AWS Organizations:

Consolidates multiple AWS accounts for centralized management and compliance monitoring.
Facilitates multi-account, multi-region data aggregation for AWS Config.

AWS Control Tower:

Enables AWS Config on all enrolled accounts to monitor compliance, track resource changes, and log activity in the log archive account.

AWS CloudTrail:

Links AWS Config with CloudTrail logs to correlate configuration changes with specific API events (e.g., who made the request and from which IP).
Supports timeline navigation between CloudTrail and AWS Config.

AWS Security Hub:

Centralizes security checks, including compliance with AWS Config rules.
Requires AWS Config to be enabled across all accounts and regions for Security Hub integration.

AWS Audit Manager:

Uses AWS Config evaluations as evidence in audits.
Maps Config rules to Audit Manager controls to report compliance check results.

AWS Systems Manager:

Records software configuration changes for Amazon EC2 instances and on-premises servers.
Tracks OS updates, network settings, and installed applications alongside infrastructure changes.

AWS Firewall Manager:

Requires AWS Config to monitor resources and enforce firewall rules.
Recommends continuous recording for real-time monitoring.

Amazon EC2 Dedicated Hosts:

Tracks instance activity on Dedicated Hosts for license compliance.
Monitors host details like AMI IDs, physical cores, and sockets for accurate reporting.

Elastic Load Balancers (ALB):

Records changes to Application Load Balancers and related resources (e.g., security groups, VPCs).
Supports security analysis and troubleshooting by tracking relationships between resources.

AWS CodeBuild:

Tracks CodeBuild projects and maintains a history of their configuration changes.

AWS X-Ray:

Monitors configuration changes in X-Ray encryption settings.

Provides a detailed history of changes for auditing and notifications.

AWS Service Management Connector:

Integrates AWS Config data with ServiceNow using an Aggregator for multi-account, multi-region synchronization.

Amazon API Gateway:

Records configuration changes to API Gateway resources.

Maintains change history for operational troubleshooting, auditing, and compliance.