Enabling AWS Config in All Regions
Use AWS Config in All Accounts and Regions
Using AWS Config is crucial to network management and security in your AWS environment. This service from AWS enables you to “assess, audit, and evaluate the configurations of your AWS resources.” According to AWS, the main features of AWS Config include:
- Configuration history of AWS resources
- Configuration history of software
- Resource tracking relationship
- Configurable and customizable rules
- Conformance packs
- Multi-account, multi-region data aggregation
- Configuration snapshots
Why should you enable AWS Config in all AWS Regions? AWS Config continuously monitors and records your AWS resource configurations. You want this function happening in all Regions so that you can evaluate the recorded configurations against the intended configurations. Without AWS Config enabled in all Regions, you lose key information for security analysis and compliance auditing. To enforce this best practice, AWS says that you can use this AWS CloudFormation StackSets and this sample CloudFormation template.
For more information, visit the AWS documentation on best practices for AWS Config. You’ll find that enabling AWS Config is all accounts and Regions is the top recommendation.
AWS Config is an AWS native configuration management tool that monitors your AWS resources for current configurations. It’s important to have it enabled because it reports to CloudTrail the status of its configuration monitoring.