How Select Soluções uses AWS Config to audite resources configuration

What is config?

AWS Config offers a comprehensive view of the configuration of AWS resources within your AWS account. It encompasses the interrelationships between resources and their historical configurations, enabling you to track changes in configurations and relationships over time.

How Select Soluções uses it?

Select Soluções utilizes AWS Config for the assessment, monitoring, and auditing of AWS resource configurations and changes for clients. To facilitate efficient configuration deployment across various accounts and regions, we employ IaC with Terraform. This automation streamlines AWS Managed Config Rules and Config Conformance Pack deployments, simplifying the aggregation of accounts and regions, including central and child accounts.

An illustration of pattern

To illustrate its practical application, we implement the ‘Security Analysis’ pattern using AWS Config managed conformance packs. This pattern enables resource inclusion in all customer accounts and regions, covering all resource types in each region. Our approach involves using an Amazon S3 bucket for data collection and a dedicated Amazon SNS for AWS Config message publication, along with annotations from AWS managed rules. This centralizes compliance data in a central account.