Amazon Config

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past, enabling assessment, auditing, and evaluation of configurations for compliance and security governance. It records configuration changes continuously, evaluates compliance against rules, and supports automated remediation of noncompliant resources.

1 APIs 1 Capabilities 8 Features

AuditingAWSComplianceConfiguration ManagementGovernanceSecurity

APIs

Amazon Config API

The AWS Config API provides 92 operations for managing configuration recording, evaluating resource compliance against rules, querying resource configurations, tracking configur...

Capabilities

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Amazon Config Compliance and Governance

Workflow capability for AWS resource configuration tracking, compliance evaluation, configuration history auditing, and automated remediation using Amazon Config. Used by securi...

Run with Naftiko

Run Capabilities with Naftiko — Deploy and orchestrate these API capabilities using Naftiko Fleet.

Run with Naftiko

Features

Configuration Recording

Continuously record configuration changes to all supported AWS resources in your account with detailed configuration items.

Config Rules

Evaluate AWS resource configurations against desired settings using AWS-managed or custom Lambda-based rules.

Conformance Packs

Deploy collections of Config rules and remediation actions as a single unit across an AWS Organization.

Configuration History

View detailed configuration history for any AWS resource including who changed what and when.

Resource Inventory

Maintain a complete inventory of all AWS resources in your account with current and past configurations.

Automated Remediation

Automatically remediate noncompliant resources using SSM Automation documents triggered by Config rules.

Multi-Account Aggregation

Aggregate configuration and compliance data from multiple accounts and regions into a single view.

Advanced Query

Use SQL-like queries to search across resource configurations and compliance states.

Use Cases

Security and Compliance Auditing

Continuously audit AWS resource configurations against security benchmarks like CIS, PCI DSS, and HIPAA.

Change Management

Track who changed what configuration on which resource and when for change management and troubleshooting.

Resource Inventory

Maintain an always-current inventory of all AWS resources for asset management and CMDB purposes.

Drift Detection

Detect configuration drift from approved baselines and trigger alerts or automated remediation.

Incident Investigation

Reconstruct the configuration state of resources at any point in time to aid incident investigation.

Governance at Scale

Enforce organization-wide governance policies using conformance packs deployed across all accounts.

Integrations

AWS CloudTrail

Correlate Config configuration items with CloudTrail API activity to understand who made changes.

AWS Security Hub

Send Config compliance findings to Security Hub for centralized security posture management.

Amazon S3

Deliver configuration snapshots and history to S3 for long-term storage and analysis.

Amazon SNS

Send notifications for compliance changes and configuration changes via SNS topics.

AWS Systems Manager

Use SSM Automation documents as remediation targets for Config rules.

AWS Organizations

Deploy Config rules and conformance packs across entire AWS Organizations for governance at scale.

AWS Lambda

Create custom Config rules using Lambda functions for organization-specific compliance requirements.

GitHubOrganization

NaftikoCapability

Amazon Config

APIs

Amazon Config API

Capabilities

Amazon Config Compliance and Governance

Features

Use Cases

Integrations

Semantic Vocabularies

Amazon Config Context

API Governance Rules

Amazon Config API Rules

Resources