In this hands-on lab, we’ll implement AWS Config rules and use AWS Config for compliance auditing and remediation. We will configure compliance rules for evaluating the EC2 instance type, if S3 Versioning is enabled, EC2 instances in a VPC, and if CloudTrail is enabled. These rules will give you firsthand knowledge about how the AWS Config service works. We will then explore the configuration management aspect of AWS Config.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Enable AWS Config
- Navigate to the AWS Config Console.
- Create S3 bucket.
- Create AWS Config.
- Configure Rules for Resources
- Select the
cloudtrail-enabled
card. - Add the rules.
- Select the
desired-instance-type
card. - Add the rules.
- Select the
ec2-instances-in-vpc
card. (Use "t2.micro) - Add the rules.
- Select the
s3-bucket-versioning-enabled
card. - Add the rules.
- Save configuration settings.
- Select the
- Configure the Non-Compliant Resources to Comply
- Open S3.
- Edit settings and save.
- Open CloudTrail and create a new trail named
ConfigTrail
. - Create a new S3 bucket and give it a unique name.
- Re-Evaluate the Non-Compliant Rules in AWS Config
- Re-evaluate the S3 bucket rules.
- Wait for the S3 rule to become compliant.
- Re-evaluate the CloudTrail rules.
- Wait for the CloudTrail rule to become compliant.