Which AWS service provides an inventory of AWS resources and their configurations, including their relationships and how they’ve changed over time?
AWS Config
What AWS Config feature allows to aggregate configuration and compliance data from multiple accounts and regions into a single account?
Multi-Account Multi-Region Data Aggregation
Do source accounts that are part of an AWS Organization require additional authorization for an AWS Config Aggregator to collect their data?
No
Which AWS Config resource must be created to collect configuration and compliance data from multiple source accounts and regions?
Aggregator
In which AWS region AWS Config Aggregator must be created?
The region where data must be aggregated
What must source accounts not in an AWS Organization provide to allow an AWS Config Aggregator to collect their data?
Explicit authorization
Can AWS Config block configuration changes to resources?
No, it detects, records, evaluates changes and can trigger remediation actions, but does not prevent changes from happening
What are the core functions of AWS Config?
- Record and monitor resource configuration changes over time
- Evaluate compliance with organizational standards
Can AWS Config monitor and aggregate resource configurations across regions and accounts?
Yes, AWS Config is regional service, but supports cross-region and cross-account aggregation
What types of features does AWS Config support?
Standard and Optional features
What integrations does AWS Config support for near-real-time responses to configuration changes?
EventBridge or SNS to deliver events/notifications, which can trigger AWS Lambda for processing or remediation
What is the optional feature of AWS Config?
Config Rules: evaluates resources against defined standards using AWS Lambda and supports automatic remediation for non-compliant resources
What is the standard feature of AWS Config? A:
Configuration recorder: once enabled, collects resources and configuration history in an S3 bucket
What types of Config Rules are available in AWS Config?
- AWS-managed rules
- Customer-managed rules
-
IAM39
-
STS9
-
Organizations14
-
CloudTrail16
-
KMS14
-
S3128
-
EBS61
-
EFS14
-
VPC104
-
Hybrid Networking66
-
EC2152
-
Route 5336
-
RDS59
-
AWS Backup8
-
ELB44
-
SSM11
-
ECS12
-
ECR11
-
EKS7
-
ASG43
-
Lambda66
-
EventBridge11
-
SNS11
-
Step Functions15
-
API Gateway25
-
SQS41
-
Cognito17
-
MQ9
-
AppFlow6
-
ACM13
-
CloudFront75
-
Global Accelerator8
-
CloudWatch65
-
Directory Service17
-
DataSync12
-
FSx for Windows File Server13
-
FSx for Lustre15
-
Transfer Family15
-
Code*44
-
Elastic Beanstalk45
-
X-Ray27
-
DynamoDB97
-
CloudFormation110
-
Snow Family8
-
AppConfig12
-
Config14
-
Storage Gateway58
-
ElastiCache19
-
Secrets Manager11
-
Systems Manager12
-
Web Application Firewall30
-
Shield17
-
CloudHSM11
-
Inspector15
