Welcome - AWS Config

Welcome

AWS Config provides a way to keep track of the configurations of all the AWS resources associated with your AWS account. You can use AWS Config to get the current and historical configurations of each AWS resource and also to get information about the relationship between the resources. An AWS resource can be an Amazon Compute Cloud (Amazon EC2) instance, an Elastic Block Store (EBS) volume, an elastic network Interface (ENI), or a security group. For a complete list of resources currently supported by AWS Config, see Supported AWS resources.

You can access and manage AWS Config through the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Config API, or the AWS SDKs for AWS Config. This reference guide contains documentation for the AWS Config API and the AWS CLI commands that you can use to manage AWS Config. The AWS Config API uses the Signature Version 4 protocol for signing requests. For more information about how to sign a request with this protocol, see Signature Version 4 Signing Process. For detailed information about AWS Config features and their associated actions or commands, as well as how to work with AWS Management Console, see What Is AWS Config in the AWS Config Developer Guide.

Configuration Recorder

Use the following APIs for the configuration recorder.

The following APIs can only be used for the customer managed configuration recorder:

  • PutConfigurationRecorder, creates or updates the customer managed configuration recorder.

  • StartConfigurationRecorder, starts the customer managed configuration recorder. The customer managed configuration recorder will begin recording configuration changes for the resource types you specify.

  • StopConfigurationRecorder, stops the customer managed configuration recorder. The customer managed configuration recorder will stop recording configuration changes for the resource types you have specified.

  • DeleteConfigurationRecorder, , deletes the customer managed configuration recorder.

The following APIs can only be used for service-linked configuration recorders:

The following APIs can be used for both the customer managed configuration recorder and the service-linked configuration recorders:

Delivery Channel

Use the following APIs for the delivery channel:

Resource Management

Use the following APIs for AWS Config resource management:

AWS Config rules

Use the following APIs for AWS Config rules:

Remediation

Use the following APIs for AWS Config remediation actions:

Conformance Packs

Use the following APIs for conformance packs:

Aggregators

Use the following APIs for multi-account multi-Region data aggregation:

Advanced Queries

Use the following APIs for AWS Config:

  • SelectAggregateResourceConfig, accepts a structured query language (SQL) SELECT command and an aggregator to query configuration state of AWS resources across multiple accounts and regions.

  • SelectResourceConfig, accepts a structured query language (SQL) SELECT command, performs the corresponding search, and returns resource configurations matching the properties.

  • PutStoredQuery, saves a new query or updates an existing saved query.

  • GetStoredQuery, returns the details of a specific stored query.

  • ListStoredQueries, lists the stored queries for a single AWS account and a single AWS Region.

  • DeleteStoredQuery, deletes the stored query for a single AWS account and a single AWS Region.

This document was last published on December 26, 2024.