AWS Config

Definition

AWS service for monitoring and evaluating AWS resource configurations. Like having an audit system that tracks all changes to your cloud infrastructure.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between AWS Config and AWS CloudTrail?
AWS Config tracks the state of your resources over time (what a resource’s configuration looked like and how it changed). AWS CloudTrail records API activity (who/what made a call, from where, and when). In practice, Config answers “what changed on the resource,” while CloudTrail helps answer “who changed it and via which API call.” They are often used together for auditing and investigations.
When should I use AWS Config?
Use AWS Config when you need continuous visibility into resource configuration changes, compliance checks against rules (for example, “S3 buckets must not be public” or “EBS volumes must be encrypted”), and an audit-friendly history of how infrastructure changed over time. It’s especially useful in multi-account environments, regulated workloads, and anywhere configuration drift can create security or reliability issues.
How much does AWS Config cost?
AWS Config pricing is primarily based on what you record and evaluate. Common cost drivers include: (1) configuration items recorded for supported resource types (more resources and more frequent changes increase cost), (2) rule evaluations (managed or custom rules evaluated per resource), and (3) optional conformance packs and aggregators (which can add evaluation and data processing costs). You’ll also typically pay for related services you integrate with, such as Amazon S3 for storing configuration snapshots and Amazon SNS for notifications. For exact rates, use the AWS Config pricing page and estimate based on number of resources, change frequency, and number of rules.

Category: software

Difficulty: advanced

Related Terms

See Also