Auditing Resource Compliance with AWS Config

1.75 hours
  • 4 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we’ll implement AWS Config rules and use AWS Config for compliance auditing and remediation. We will configure compliance rules for evaluating the EC2 instance type, if S3 Versioning is enabled, EC2 instances in a VPC, and if CloudTrail is enabled. These rules will give you firsthand knowledge about how the AWS Config service works. We will then explore the configuration management aspect of AWS Config.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable AWS Config

Set up AWS Config so that it uses an existing AWS Config service-linked role. Ensure the delivery method creates an S3 bucket.

Configure Rules for Resources
  1. Add an AWS managed rule for cloudtrail-enabled.
  2. Add an AWS managed rule for desired-instance-type that checks whether your EC2 instances are t2.micro.
  3. Add an AWS managed rule for ec2-instances-in-vpc that checks whether your EC2 instances belong to the VPC provided with the lab.
  4. Add an AWS managed rule for s3-bucket-versioning-enabled.
Configure the Non-Compliant Resources to Comply
  1. Open CloudTrail, and create a new trail named ConfigTrail. Store it in a new S3 bucket.
  2. Open S3, and edit the settings on your buckets to make the s3-bucket-versioning-enabled rule compliant.
Re-Evaluate the Non-Compliant Rules in AWS Config
  1. Re-evaluate the S3 bucket rule.
  2. Wait for the S3 rule to become compliant.
  3. Re-evaluate the CloudTrail rule.
  4. Wait for the CloudTrail rule to become compliant.

Additional Resources

Use the N. Virginia (us-east-1) Region throughout the lab.

Note: You may see other resources detected by Config; you can safely disregard those extra resources such as an AWS Trail called AWS-COST. Config takes a long time to show correctly, especially in us-east-1 Region. Often stopping and starting AWS Config will speed up the results.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?