Auditing Resource Compliance with AWS Config

1.75 hours
  • 4 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we’ll implement AWS Config rules and use AWS Config for compliance auditing and remediation. We will configure compliance rules for evaluating the EC2 instance type, whether S3 versioning is enabled, EC2 instances in a VPC, and whether CloudTrail is enabled. These rules will give us firsthand knowledge of how the AWS Config service works. We will then explore the configuration management aspect of AWS Config.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable AWS Config
  • Set up AWS Config so that it uses an existing AWS Config service-linked role. Ensure the delivery method creates an S3 bucket.
Configure Rules for Resources
  1. Add an AWS managed rule for cloudtrail-enabled.
  2. Add an AWS managed rule for desired-instance-type that checks whether your EC2 instances are t2.micro.
  3. Add an AWS managed rule for ec2-instances-in-vpc that checks whether your EC2 instances belong to the VPC provided with the lab.
  4. Add an AWS managed rule for s3-bucket-versioning-enabled.
Configure the Non-Compliant Resources to Comply
  1. Open CloudTrail and create a new trail named ConfigTrail. Store it in a new S3 bucket.
  2. Open S3 and edit the settings on your buckets to make the s3-bucket-versioning-enabled rule compliant.
Reevaluate the Non-Compliant Rules in AWS Config
  1. Reevaluate the S3 bucket rule.
  2. Wait for the S3 rule to become compliant.
  3. Reevaluate the CloudTrail rule.
  4. Wait for the CloudTrail rule to become compliant.

Additional Resources

Use the N. Virginia (us-east-1) Region throughout the lab.

Note: You may see other resources detected by Config; you can safely disregard those extra resources. Config takes a long time to show correctly, especially in us-east-1 Region. Stopping and starting AWS Config typically speeds up the results.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?