Bootstrap FreeKB - Amazon Web Services (AWS) - Getting Started with AWS Config
Amazon Web Services (AWS) - Getting Started with AWS Config


AWS Config is a service that can be used to determine if any changes have been made to certain resources. For example, let's say all of your S3 Buckets should NOT be public accessible. Check out my article Get S3 Bucket Public Access using AWS CLI. In this simple Getting Started article, I'll show how I setup AWS Config to detect if any of my S3 Buckets had public access allowed.

In the AWS Config console, I selected Get started. Since this is just meant to be a simple Getting Started article, and I know I'm only checking my S3 Buckets, i got with Specific resource types and select AWS S3 Bucket. The reason I go with Continuous is because this is part of testing / getting started / proof of concept, and I'm going to update my S3 Bucket public access and see if AWS Config detects the change.

 

AWS Config uses S3 to keep track of stuff. So I create a new S3 Bucket.

 

And then for the rules I go with s3-bucket-level-public-access-prohibited and Confirm to create the AWS Config.

 

Give it a moment, refresh the AWS Config console, and Compliance status should list how many of your S3 Buckets are compliant (meaning they have public access disabled) and how many are noncompliant (meaning they are publically accessible).

 

So far, so good. But we do not want to have to remember to check the AWS Config console for noncompliance. Let's update the Rule to publish a message to a Simple Notification Service (SNS) Topic when AWS Config finds noncompliance. Check out these articles for the steps on how to create and subscribe to an SNS Topic.

Next, let's create a runbook that will be used to publish a messages to the SNS Topic. Check out my article Publish message to Simple Notification Service (SNS) Topic when AWS Config Resource is noncompliant.




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 9f7c61 in the box below so that we can be sure you are a human.