Auditing CloudWatch telemetry configurations
You can use Amazon CloudWatch to discover and understand the state of telemetry configuration for your AWS resources from a central view in the CloudWatch console. This simplifies the process of auditing your telemetry collection configurations across multiple resource types within your AWS organization or account. By providing a consolidated view, it allows you to easily review and manage telemetry settings, helping you ensure proper monitoring and data collection across your AWS environment.
CloudWatch can help you identify telemetry configuration for the following types of AWS resource types:
Amazon EC2 instances providing detailed metrics. For more information, see Manage detailed monitoring for your EC2 instances in the Amazon EC2 User Guide.
Amazon VPC virtual networks providing flow logs. For more information, see Logging IP traffic using VPC Flow Logs in the Amazon VPC User Guide.
Lambda functions providing traces. For more information, see Visualize Lambda function invocations using AWS X-Ray in the AWS X-Ray Developer Guide.
To begin auditing your telemetry configurations, you must first turn on the telemetry auditing experience for your AWS account or Organization. Enabling this feature creates AWS Config service-linked configuration recorders that discover resources and their associated telemetry configuration metadata. For more information, see Configuration Recorder in the AWS Config Developer Guide.
Note
AWS Config periodically takes inventory of, or discovers, all the resources in your account as an anti-entropy behavior, regardless of the resource types in scope for your configuration recorders. The inventory includes deleted resources and resources that AWS Config is not currently recording. This behavior helps maintain data consistency.
This means that although the service-linked configuration recorder for the CloudWatch telemetry auditing feature is configured to record 3 resource types (Amazon EC2 instances, Amazon EC2 VPC virtual networks, and Lambda functions), you might see describe calls from ConfigResourceCompositionSession and AWSConfig-Describe in AWS CloudTrail. For more information, see Non-recorded Resources in the AWS Config Developer Guide.
The telemetry auditing experience uses this information and offers visibility into the configuration status at both the resource type level and a more granular telemetry details level. You can customize your view of the resources or telemetry details using filters and modify the telemetry configuration directly from the resource's console page.
Turning on the telemetry auditing experience does not incur any additional cost.
Topics
