The introduction provides an overview of the article's focus, which is to present a comprehensive guide on AWS Config. It may briefly explain the significance of AWS Config in terms of monitoring and managing AWS resources for compliance and security purposes.

This section states the purpose of the article, which is to educate readers about AWS Config and demonstrate how to set it up using the AWS Management Console and Prismscaler. It aims to provide both DevOps and non-DevOps methods to cater to different experience levels.  

AWS Config is a service provided by Amazon Web Services (AWS) that helps you assess, audit, and monitor your AWS resources. It enables you to continuously track and record changes to your AWS resource configurations and provides a detailed view of the historical configuration of resources for audit and compliance purposes. Here are some key features and functionalities of AWS Config: Resource management

• Specify the resource types you want AWS Config to record.
• Set up an Amazon S3 bucket to receive a configuration snapshot on request and configuration history.
• Set up Amazon SNS to send configuration stream notifications.
• Grant AWS Config the permissions it needs to access the Amazon S3 bucket and the Amazon SNS topic.

For more information, see Viewing AWS Resource Configurations and History and Managing AWS Resource Configurations and History. Rules and conformance packs

• Specify the rules that you want AWS Config to use to evaluate compliance information for the recorded resource types.
• Use conformance packs, or a collection of AWS Config rules and remediation actions that can be deployed and monitored as a single entity in your AWS account.

For more information, see Evaluating Resources with AWS Config Rules and Conformance Packs. Aggregators

• Use an aggregator to get a centralized view of your resource inventory and compliance. An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from multiple AWS accounts and AWS Regions into a single account and Region.

For more information, see Multi-Account Multi-Region Data Aggregation . Advanced queries

• Use one of the sample queries or write your own query by referring to the configuration schema of the AWS resource.

For more information, see Querying the Current Configuration State of AWS Resources .

AWS Config works by continuously monitoring and recording the configurations of your AWS resources. It provides a historical record of resource configurations and enables you to assess compliance with your organization's policies and industry standards. Here's how AWS Config typically works:

1. Resource Discovery: AWS Config starts by discovering and identifying the AWS resources in your account. This includes compute instances, databases, storage, networking components, and more. It builds an inventory of these resources.
2. Configuration Data Collection: After identifying resources, AWS Config collects configuration data for each resource. This data includes information such as resource attributes, relationships with other resources, and metadata.
3. Configuration Snapshot: AWS Config takes periodic snapshots of resource configurations. These snapshots capture the state of your resources at specific points in time. You can use these snapshots to see how resource configurations have changed over time.
4. Rule Evaluation: AWS Config allows you to define custom rules that specify the desired configuration state for your resources. These rules can be based on security policies, compliance requirements, or operational best practices. AWS Config continuously evaluates resources against these rules.
5. Rule Results and Compliance Reporting: When AWS Config evaluates resources, it generates rule results. If a resource violates a rule (i.e., it doesn't meet the desired configuration state), AWS Config marks it as non-compliant. You can view compliance reports to see which resources are compliant and which are not.
6. Event Notifications: AWS Config can be configured to send notifications when rule evaluations result in non-compliant resources. These notifications can trigger alerts or automated remediation actions using AWS Lambda functions.
7. Change Tracking: AWS Config tracks changes to resource configurations in near real-time. This allows you to detect unauthorized changes and understand how resources have evolved over time. It can also be integrated with AWS CloudTrail for detailed API activity logging.
8. Multi-Account and Multi-Region Support: AWS Config can be extended to work across multiple AWS accounts and regions, providing a centralized view of configurations and compliance.
9. Data Retention: AWS Config retains historical configuration data and compliance history for a configurable period. This historical data is valuable for auditing, troubleshooting, and forensic analysis.
10. Data Query and Analysis: You can use AWS Config's query capabilities to search and analyze configuration data. This can help you answer specific questions about your resource configurations.

AWS Config now supports 21 more resource types for services, including AWS Amplify, AWS App Mesh, AWS App Runner, Amazon AppStream 2.0, Amazon Keyspaces (for Apache Cassandra), AWS CodeArtifact, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic Container Service (Amazon ECS), Amazon CloudWatch Evidently, Amazon Forecast, AWS Identity and Access Management (IAM), Amazon Kinesis Data Firehose, Amazon Pinpoint, AWS Signer, Amazon SageMaker, and AWS Transfer Family. With this launch, customers can now use AWS Config to monitor configuration data for the following newly supported resource types in all AWS Regions where the supported services are available:

1. AWS::Amplify::App
2. AWS::AppMesh::VirtualNode
3. AWS::AppMesh::VirtualService
4. AWS::AppRunner::VpcConnector
5. AWS::AppStream::Application
6. AWS::Cassandra::Keyspace
7. AWS::CodeArtifact::Repository
8. AWS::EC2::PrefixList
9. AWS::EC2::SpotFleet
10. AWS::ECS::TaskSet
11. AWS::Evidently::Project
12. AWS::Forecast::Dataset
13. AWS::IAM::SAMLProvider
14. AWS::IAM::ServerCertificate
15. AWS::KinesisFirehose::DeliveryStream
16. AWS::Pinpoint::Campaign
17. AWS::Pinpoint::InAppTemplate
18. AWS::Signer::SigningProfile
19. AWS::SageMaker::Domain
20. AWS::Transfer::Agreement
21. AWS::Transfer::Connector

Step 1. First setup If this is the first time you are opening the AWS Config console or you are setting up AWS Config in a new region, the AWS Config console page looks like the following:     Choose 1-click setup to launch AWS Config based on AWS best practices. You can also choose Get started to go through a more detailed setup process.   1-click setup: The set up page includes three steps, but through the 1-click setup workflow, you are automatically directed to Step 3 (Review). The following provides a breakdown of that procedure. Settings: To select the manner by which the AWS Config console records resources and roles, and choose where configuration history and configuration snapshot files are sent. Rules: For regions that support rules, this subsection is available for you to configure initial AWS managed rules that you can add to your account. Review: Review your AWS Config setup details. You can go back to edit changes for each section. Choose Confirm to finish setting up AWS Config.     Step 2. Adding rule Go to AWS Config service → navigate to Rules → choose Add rule:     On the Specify rule type page, specify the rule type by completing the following steps: Type in the search field to filter the list of managed rules by rule name, description, and label:      

• Choose the options in Rules table and click to next.

On the Configure rule page, configure your rule by completing the following steps:

• For Name, type a unique name for the rule.
• For Description, type a description for the rule.
• For Evaluation mode, choose when in the resource creation and management process you want AWS Config to evaluate your resources.

  On the Review and create page, review all your selections before adding the rule to your AWS account. Then you can click to Save.   Step 3. Viewing rule The Rules page shows all the rule that are currently in your AWS account. It lists the name, associated remediation action, and compliance status of each rule. Choosing a rule to see its settings, or choose a rule and View details.     Step 4. Updating rule Choose a rule and Edit rule for the rule that you want to update. Modify the settings on the Edit rule page to change your rule as needed.     Step 5. Deleting rule Choose a rule from the table that you want to delete. From the Actions dropdown list, choose Delete rule.     With DevOps knowledge: 2-3 hours Without DevOps knowledge: 1-2 days

With PrismScaler you can save more time, instead of manipulating multiple steps on the AWS console, with just one step per form, just fill in the necessary information and press the create button. We have provided templates of rules that are common in most of cases.       5-15 minutes (without DevOps knowledge)  

1-click setup - AWS Config  Adding, Updating, and Deleting AWS Config Rules - AWS Config