Question 1

What's the difference between AWS Config and AWS CloudTrail?

Accepted Answer

AWS Config tracks the state of your resources over time (what a resource’s configuration looked like and how it changed). AWS CloudTrail records API activity (who/what made a call, from where, and when). In practice, Config answers “what changed on the resource,” while CloudTrail helps answer “who changed it and via which API call.” They are often used together for auditing and investigations.

Question 2

When should I use AWS Config?

Accepted Answer

Use AWS Config when you need continuous visibility into resource configuration changes, compliance checks against rules (for example, “S3 buckets must not be public” or “EBS volumes must be encrypted”), and an audit-friendly history of how infrastructure changed over time. It’s especially useful in multi-account environments, regulated workloads, and anywhere configuration drift can create security or reliability issues.

Question 3

How much does AWS Config cost?

Accepted Answer

AWS Config pricing is primarily based on what you record and evaluate. Common cost drivers include: (1) configuration items recorded for supported resource types (more resources and more frequent changes increase cost), (2) rule evaluations (managed or custom rules evaluated per resource), and (3) optional conformance packs and aggregators (which can add evaluation and data processing costs). You’ll also typically pay for related services you integrate with, such as Amazon S3 for storing configuration snapshots and Amazon SNS for notifications. For exact rates, use the AWS Config pricing page and estimate based on number of resources, change frequency, and number of rules.

AWS Config

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms