It's incredibly frustrating too, because the Config recorder builds a nice graph of related objects for you (although it would be nice if they added ARN references rather than just IDs) and the Config rules 'marketplace' could be a nice place for vendors to ship a variety of regulatory and standards compliance kits.
We have hundreds of AWS accounts and all but ignore the service in favor of third party, open source and in-house built products with appropriate coverage.
This is welcome. I got a rude awakening the first time I turned config rules on when the bill came in, and it kept coming even after they were killed in the UI. I had racked up over $100 in a few months in config bills with the rules being disabled but in an odd state. Thankfully AWS gave us a credit, but I haven't really wanted to mess with them since. I'll give them another look now that the pricing is more in line with a usage model.
I honestly don't understand how AWS expects folks to take Config seriously when it's missing support for the majority of the AWS services portfolio.
https://docs.aws.amazon.com/config/latest/developerguide/res...
It's incredibly frustrating too, because the Config recorder builds a nice graph of related objects for you (although it would be nice if they added ARN references rather than just IDs) and the Config rules 'marketplace' could be a nice place for vendors to ship a variety of regulatory and standards compliance kits.
We have hundreds of AWS accounts and all but ignore the service in favor of third party, open source and in-house built products with appropriate coverage.
What tools do you find useful?
I won't go into detail for us but there are some good tools on this page - https://asecure.cloud/tools/#Security%20Assessment
What is the benefit of running this instead of using tools like Chef InSpec (https://github.com/inspec/inspec) or Cloud Custodian (https://github.com/cloud-custodian/cloud-custodian)?
This is welcome. I got a rude awakening the first time I turned config rules on when the bill came in, and it kept coming even after they were killed in the UI. I had racked up over $100 in a few months in config bills with the rules being disabled but in an odd state. Thankfully AWS gave us a credit, but I haven't really wanted to mess with them since. I'll give them another look now that the pricing is more in line with a usage model.
We shut down AWS config after one month once we saw the exorbitant price tag. Good to see them cutting it back.
>AWS Config helps you assess and maintain compliance over your AWS resource configurations.
Well that's pretty cheeky, calling all us developers asses! ;)
What, that word was "assess"? Oh, never mind.
-The Emily Litella of the Net