Amazon provides a security service called Config which tracks all configuration changes and settings for supported resources. Used in conjunction with CloudWatch, it can be a very effective tool for keeping track of any changes made within your AWS account as well as useful for trouble shooting, auditing and general resource administration.
When you turn on AWS Config, it first discovers the supported AWS resources that exist in your account and generates a configuration item for each resource.
AWS Config also generates configuration items when the configuration of a resource changes, and it maintains historical records of the configuration items of your resources from the time you start the configuration recorder. By default, AWS Config creates configuration items for every supported resource in the region. If you don’t want AWS Config to create configuration items for all supported resources, you can specify the resource types that you want it to track.
AWS Config Summary
The AWS Config Summary report gives you a high look at all of your config data available in CloudCheckr. This report includes an overview which contains information on the total umber of recorders present, the total number of delivery channels, the number of resources changed and the total changes in the past 7 days. We also provide two different detail charts, one which gives Changes by resource type and another which provides changes by availability zone. These reports contain drilldowns which will take you to the appropriate detail report.
List of Recorders
The list of Configuration Recorders report provides you with details on each of your AWS config recorders. By default a created recorder will return results on every available resource within the region it is reporting. You need to create a recorder for each region separately to track configuration in that region.
Each recorder on this report will contain data on its Role ARN, it’s recording status, the start time, stop time, last status, last status change time, last error code and last error message.
How to create a new recorder:
1. Log in to the AWS Console
2. Select AWS Config
3. Choose the Region you wish to monitor
4. Choose the resources you wish to monitor (Note: by default the recorder will monitor all available resource types)
5. Choose the bucket where the logs will be stored
6. Choose the SNS topic which it will report to
7. Select Continue
8. Configure the permission details
9. Click allow
List of Delivery Channels
This report is designed to give you information surrounding your config delivery channels. Delivery channels are composed of the S3 bucket where your config files are delivered to and the SNS topic you designated during setup, if you designated one. This report will give you information on your delivery channels including crucial information regarding the delivery times of the configuration stream. configuration snapshot and configuration history. Similar to the List of recorders report this displays each Delivery channel. You are only allowed one delivery channel per region.
This page is our search functionality for your config files. Through this report you can gain access to four different common search parameters.
Option 1: Find all changes for a specific resource
This search option will give you all of the changes within a specific date range of whichever resource you choose.
Option 2: Find resources that were deleted
This search option will return all resources from whichever service you select, within whichever date range you specify.
Option 3: Find changes to security groups
This search option returns any changes to security groups within the specified date range.
Option 4: Find all security related changes
This search option returns any security related change within the date range specified.
The AWS Config Resource Changes report is designed to let you perform a more in depth search of your config log files. this search contains various filters, including the ability to enter a date range, resource type, change type, a specific resource id or a tag. This report also has the ability to save searches as saved filters, which will pre-compile the data for you and return the results faster.
The config history report allows you to search, filter, and drilldown into your AWS Config configuration history. Unlike the resource changes report this report allows you to see all changes for a specific resource within the time period you select.
AWS Config can provide you with a configuration snapshot, which is a point-in-time capture of all your resources and their configurations.
Configuration snapshots are generated on demand via the AWS Management Console, or API, and delivered to the Amazon S3 bucket you specify. Snapshots are provided in JSON format to enable easy automatic processing.
The CloudCheckr AWS Config Snapshots report processes this raw JSON data, providing you the ability to search and analyze your configuration snapshots.
The AWS Config Snapshots report is broken into three distinct sections: Unloaded Snapshots, Queued Snapshots, and Loaded Snapshots.
The Unloaded Snapshots section lists each Snapshot that is available within the designated AWS Config S3 bucket. The data from Unloaded Snapshots has not been made available within CloudCheckr yet.
To pull the data into your CloudCheckr account, and have CloudCheckr process the raw JSON, simply click the green ‘Load’ button next to whichever snapshot(s) you’d like.
Once you click the ‘Load’ button CloudCheckr will attempt to access the snapshot from S3. You should see a “Success. Snapshot queued for processing.” message. The queued snapshot within the Unloaded Snapshots section will now display a green checkmark.
The Queued Snapshots section will list each snapshot that is currently being processed into CloudCheckr.
Most snapshots will be available within 5 minutes, although the time to process is entirely dependent on the amount of data within each snapshot.
Snapshots cannot be interacted with until they are fully processed.
After a snapshot has been processed it will display in the Loaded Snapshots section. All data from Loaded Snapshots are immediately available, providing the ability to search and analyze your configuration snapshots.
To view the data from any snapshot simply click the green ‘View’ button to its left. That will redirect you to the Snapshot Browser where you can view the data from the snapshot by Resource Type, Availability Zone, Tag, and/or Resource ID.