I know it can check if resources become non-compliant. But can we use Config rules to check for already non-compliant resources?
i.e I have 100’s of resources already live in production, and want to check which ones have a non-compliant security group? Can I use config to do this?
Yes I’m pretty sure you can do that. Config will report noncompliant resources that are evaluated by the AWS Config Rules that you set up.