AWS Config

Best practices for preventing data exposure In this session, we will learn how to configure AWS Config, Amazon CloudWatch Events, AWS Lambda and AWS Systems Manager to prevent unauthorized exposure of enterprise data. This session also provides best practices for preventing misconfiguration of resources, including Amazon S3 and other services.

Turn on AWS Config

AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

1. Search for the Config Service under the Management Tools Section in the console and click on Config.

AWS Config

2. Click on Getting Started, lets follow the Setup Wizard

  • Keep all Defaults and Click Next – This will Create an S3 Bucket, a Role for the Config Service, and will record all resources supported by Config within the region. For a list of supported Service click here.
  • Click Next on the Next Screen, we will setup Config Rules a little later in this session.
  • On the Last Screen Click on Confirm.

We now have AWS Config recording changes for supported resources.

Deploy AWS Resource for the Lab

Click here To Deploy Lab into your Account

This will deploy a S3 Buket, AWS Systems Manager Automation Document, AWS Lambda Function, SNS Topic and IAM Role needed for this lab.

Please fill in a bucket name, such as: first-last-aws-config-yyyymmdd

Additionally put in your email address in TopicEmail

Note: This will deploy in US-EAST-1 region, the lambda function also resides in a S3 Bucket in the US-EAST-1 Region. If you want to set this lab up in another region, please be sure to download the S3BlockPublic.zip from the www.awsmanagementweek.com S3 Bucket and place it in a bucket in your target region and put that buckt name in the LambdaLocation Parameter of the CloudFormation Template.