2. WHO AM I
• Sumo Logic - SaaS-based Log Management & Analytics Startup
• Product Manager, Analytics
• Built the AWS CloudTrail integration for AWS re:Invent 2013
3. TERMINOLOGY
• AWS Resources - Entity that can be independently created,
updated and deleted directly by a user. For example, EC2
instances and EBS volumes (not OS installations)
• Configuration Item - Captures the state of the resource at a
specific time. Contains common attributes, relationships, related
events, metadata
• Configuration Change - Opening a port within a security group
attached to an Amazon EC2 instance could affect all other
instances also atached to this security group
4. WHAT IS AWS CONFIG?
• Provides visibility into the configuration of AWS resources
• How different AWS resources are related to each other
• How these configuration and relationships have changed over
time
• AWS Config is a complementary service to AWS CloudTrail
• CloudTrail logs - Who has done the action (API calls)
• Config logs - What configuration changes have been done!
5. MAIN CAPABILITIES
• Retrieve an up-to-date blueprint of your AWS resources at any time
• Troubleshoot unintended side effects of a recent configuration change
• Evaluate potential impacts before making a change
• Retrieve a log of configuration changes for auditing purposes
• Monitor configuration changes when resources are created, updated or
modified
6. ADMINS
• Administrators can use this stream to learn when restricted AWS resources are
created or modified and to ensure that new resources created automatically are
properly configured
• Administrators can request a snapshot of all resources in the account to that they
can review what resources exist and how they are currently configured
8. IMPORTANT USE CASES (AWS CISO KEYNOTE)
• Security Analysis: Am I safe?
• Continuously monitor the configuration of your resources
• Audit Compliance: Where is the evidence?
• Access to the state of your systems (PCI, HIPAA), a complete inventory of all resources and
their configuration attributed is available at any time
• Change Management: What will this change affect?
• Relationships between resources are understood, so that you can proactively assess change
impact
• Troubleshooting: What has changed?
• Identify recent configuration changes to your resources
9. AUDIT HISTORY
• Access to the AWS resource configuration history to audit previous changes,
troubleshoot configuration issues, and comply with internal policies
• You can get full history of a resource’s configurations
10. GETTING THE DATA
• The service delivers an Amazon S3 object every six hours that contains all
the configuration changes captured for the resource (SNS notification)
• Also by providing a resource ID in the console (or CLI/API), you can
determine what a critical resource looked like at a time in the past
11. HOW IT WORKS WITH AWS CLOUDTRAIL
• Using Config CI to detect that a security group allows unrestricted access to
your environment, through port X
• From CloudTrail info (in the CI), you can identify the user who modified the
security group