Finding and tracking Elastic Beanstalk resources with AWS Config

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. You can see how resources are related, get a history of configuration changes, and see how relationships and configurations change over time. You can use AWS Config to define rules that evaluate resource configurations for data compliance.

Several Elastic Beanstalk resource types are integrated with AWS Config:

The following section shows how to configure AWS Config to record resources of these types.

For more information about AWS Config, see the AWS Config Developer Guide. For pricing information, see the AWS Config pricing information page.

Setting up AWS Config

To initially set up AWS Config, see the following topics in the AWS Config Developer Guide.

Configuring AWS Config to record Elastic Beanstalk resources

By default, AWS Config records configuration changes for all supported types of regional resources that it discovers in the region in which your environment is running. You can customize AWS Config to record changes only for specific resource types, or changes to global resources.

For example, you can configure AWS Config to record changes for Elastic Beanstalk resources and a subset of other AWS resources that Elastic Beanstalk starts for you. Using the AWS Config Console, you can select Elastic Beanstalk as a resource in the AWS Config Settings page from the Specific Types field. From there you can choose to record any of the Elastic Beanstalk resource types: Application, ApplicationVersion, and Environment.

The following figure shows the AWS Config Settings page, with Elastic Beanstalk resource types that you can choose to record: Application, ApplicationVersion, and Environment.

After you select a few resource types, this is how the Specific types list appears.

To learn about regional vs. global resources, and for the full customization procedure, see Selecting which Resources AWS Config Records.

Viewing Elastic Beanstalk configuration details in the AWS Config console

You can use the AWS Config console to look for Elastic Beanstalk resources, and get current and historical details about their configurations. The following example shows how to find information about an Elastic Beanstalk environment.

AWS Config displays configuration details and other information about the resource you selected.

To see the full details of the recorded configuration, choose View Details.

To learn more ways to find a resource and view information on this page, see Viewing AWS Resource Configurations and History in the AWS Config Developer Guide.

Evaluating Elastic Beanstalk resources using AWS Config rules

You can create AWS Config rules, which represent the ideal configuration settings for your Elastic Beanstalk resources. You can use predefined AWS Managed Config Rules, or define custom rules. AWS Config continuously tracks changes to the configuration of your resources to determine whether those changes violate any of the conditions in your rules. The AWS Config console shows the compliance status of your rules and resources.

If a resource violates a rule and is flagged as noncompliant, AWS Config can alert you using an Amazon Simple Notification Service (Amazon SNS) topic. To programmatically consume the data in these AWS Config alerts, use an Amazon Simple Queue Service (Amazon SQS) queue as the notification endpoint for the Amazon SNS topic. For example, you might want to write code that starts a workflow when someone modifies your environment's Auto Scaling group configuration.

To learn more about setting up and using rules, see Evaluating Resources with AWS Config Rules in the AWS Config Developer Guide.