Chapter 11: Amazon's newest venture into Michelin-starred restaurants? AWS Config

AWS Confit, something made of duck I think?







Whoops, misspelt it...

AWS Config, a configuration monitoring service for other AWSs, seems to be based on CloudTrail?
There's only 2 pages in the book devoted to it, but it looks complex and important enough to spend some more time on (someday).

How does it work (from the documentation), seems to be able to automatically discover resources:

When you turn on AWS Config, it first discovers the supported AWS resources that exist in your account and generates a configuration item for each resource.
AWS Config also generates configuration items when the configuration of a resource changes, and it maintains historical records of the configuration items of your resources from the time you start the configuration recorder. By default, AWS Config creates configuration items for every supported resource in the region. If you don't want AWS Config to create configuration items for all supported resources, you can specify the resource types that you want it to track.
AWS Config keeps track of all changes to your resources by invoking the Describe or the List API call for each resource in your account. The service uses those same API calls to capture configuration details for all related resources.

This looks cool, ideally you'd want to be able to visualise the dependencies and look at graphs etc of data over time? Sort of like Dynatrace transaction flow dashboards, but only for infrastructure and services I guess (it includes operating system changes I think but nothing higher up the stack).

From the documentation again:

AWS Config enables you to record software configuration changes within your Amazon EC2 instances and servers running on-premises, as well as servers and Virtual Machines in environments provided by other cloud providers. With Config, you gain visibility into operating system (OS) configurations, system-level updates, installed applications, network configuration and more. Config also provides a history of OS and system-level configuration changes alongside infrastructure configuration changes recorded for EC2 instances.
There are a lot of 3rd party products which do interesting and visual things with the data.


Some open source tools for use with AWS Config.

Also an open source tool (maybe to replace CloudFormation rather than AWS Config?)

And you can create custom AWS Config rules using Lambda.
What are config rules? From the documentation:

Use AWS Config to evaluate the configuration settings of your AWS resources. You do this by creating AWS Config rules, which represent your ideal configuration settings. AWS Config provides customizable, predefined rules called managed rules to help you get started. You can also create your own custom rules. While AWS Config continuously tracks the configuration changes that occur among your resources, it checks whether these changes violate any of the conditions in your rules. If a resource violates a rule, AWS Config flags the resource and the rule as noncompliant.

It looks like AWS Config can work with other services (CloudWatch, CloudTrail).

And the launch presentation.

Also found this global list of service limits today.



Comments

  1. Want to change your career in Selenium? Red Prism Group is one of the best training coaching for Selenium in Noida. Now start your career for Selenium Automation with Red Prism Group. Join training institute for selenium in noida.

    ReplyDelete

Post a Comment

Popular posts from this blog

Chapter 11: AWS Directory Service, Cloud Directory

AWS Solution Architecture Certification Postscript

Chapter 2: Amazon Simple Storage Service (S3) and Amazon Glacier Storage (for storing your beer?)