AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.  

With AWS Config, you can discover existing and deleted AWS resources and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.

benefit_SecurityProductFeatures_monitoring-logging

You can view continuously updated details of all configuration attributes of your AWS resources. You are notified via Amazon Simple Notification Service (SNS) of the updated configuration and the specific changes from the previous state, and you can process these notifications programmatically.

Benefit_Click-Drag_Orange

You can enable AWS Config with a few clicks in the AWS Management Console. AWS Config will discover your AWS resources and start recording configuration changes. You can access information about the configuration of any resource and look at the configuration history using the AWS Management Console, CLI, or SDKs.

Benefit_Ecosystem_Red

You can choose from numerous AWS Partner Network (APN) partners who provide solutions that integrate with AWS Config for resource discovery, change management, and security.

AWS Config will discover resources that exist in your account, record their current configuration and capture any changes to these configurations. Config will also retain configuration details for resources that have been deleted. A comprehensive snapshot of all resources and their configuration attributes provides a complete inventory of resources in your account.

When your resources are created, updated, or deleted, AWS Config streams these configuration changes to Amazon Simple Notification Service (SNS), so that you are notified of all configuration changes. AWS Config represents relationships between resources, so that you can assess how a change to one resource may impact other resources.

Using AWS Config, you can quickly troubleshoot operational issues by identifying the recent configuration changes to your resources.

Properly configured resources improve your security posture. Data from AWS Config enables you to continuously monitor the configurations of your resources and evaluate these configurations for potential security weaknesses. After a potential security event, AWS Config enables you to examine the configuration of your resources at any single point in the past.