AWS Config
- Helps with auditing and recording compliance of AWS resources
- Helps record configurations and changes over time
- Questions that can be solved by AWS Config:
- Is there unrestricted SSH access to any SGs?
- Do buckets have any public access?
- How has ALB configuration changed over time?
- Can receive alerts (SNS notifications) for any changes
- AWS Config is a per-region service
- Can be aggregated across regions and accounts
- Possibility of storing the configuration data into S3