AWS Config (Amazon Web Services Config) is an Amazon cloud auditing tool that provides an inventory of existing resources, allowing an administrator to accurately track AWS assets to analyze compliance levels and security. It also enables an administrator to troubleshoot why a resource may have stopped working properly.
AWS Config records previous resource configuration details and uses Amazon Simple Notification Service to notify an administrator of configuration changes. Historical resource configurations can be viewed using the AWS Management Console, command-line interface or software developer's kits.
Administrators enable AWS Config to receive continuously updated details of all resource configurations, which are called configuration items (CIs), at a given point in time. CIs are comprised of basic information that is common across different resource types (what tags are applied); configuration data, such as which type of Elastic Computer Cloud instance a resource runs on; and relationships with other resourced, including shared volumes or instances with another resource. CIs can also include AWS CloudTrail IDs related to the resource and metadata that help identify the CI version and when it was captured.
Configuration changes include the IP address and information on the person requesting a change. Configuration snapshots and records are also delivered to an Amazon Simple Storage Service bucket.
Admins can integrate AWS Config with AWS CloudTrail to pinpoint additional details about API calls to or from a service. AWS Config can also gather data across different AWS accounts.
Charges for AWS Config are based on the number of configuration items recorded for resources.