This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
When AWS Config detects that a resource violates the conditions in one of your rules, AWS Config flags the resource as noncompliant and sends a notification.
This information is provided by AWS Config.Managing and Troubleshooting Configuration ChangesWhen you use multiple AWS resources that depend on one another, a change in the configuration of one resource might have unintended consequences on related resources.
You can also use the historical configurations of your resources provided by AWS Config to troubleshoot issues and to access the last known good configuration of a problem resource.Security AnalysisTo analyze potential security weaknesses, you need detailed historical information about your AWS resource configurations, such as the AWS Identity and Access Management (IAM) permissions that are granted to your users, or the Amazon EC2 security group rules that control access to your resources.You can use AWS Config to view the IAM policy that was assigned to an IAM user, group, or role at any time in which AWS Config was recording.
A configuration history can help you answer questions about, for example, when the resource was first created, how the resource has been configured over the last month, and what configuration changes were introduced yesterday at 9 AM.
For example, a relationship might include an Amazon EBS volume vol-123ab45d attached to an Amazon EC2 instance i-a1b2c3d4 that is associated with security group sg-ef678hk.AWS Config Managed and Custom RulesAn AWS Config rule represents your desired configuration settings for specific AWS resources or for an entire AWS account.