3.2 Setup AWS Config via console

AWS Config uses Amazon Simple Notification Service (SNS) to stream configuration changes and notifications. Config uses Amazon Simple Storage Service (S3) to store configuration items; they are delivered in a configuration stream. Permissions to the AWS Config service is managed through AWS IAM. All AWS Config API calls are logged via CloudTrail.

When setting up AWS Config, you can configure settings such as turning on/off Config recording, which AWS resources are recorded, data retention, S3 bucket, SNS Topic, and IAM Role. These settings from the AWS console are shown below.

Enable AWS Config Recording

In this exercise, you will configure the settings for AWS Config which includes turning on the Config recorder along with a delivery channel. If you have already configured AWS Config, this section is optional. Here are the steps:

1. Go to the AWS Config console.
2. If it is your first time using Config, click the Get Started button.
3. Select the Include global resources (e.g., AWS IAM resources) checkbox.
4. In the Amazon SNS topic section, select the Stream configuration changes and notifications to an Amazon SNS topic checkbox.
5. Choose the Create a topic radio button in the Amazon SNS topic section
6. In the Amazon S3 bucket section, select the Create a bucket radio button
7. In the AWS Config role section, select the Use an existing AWS Config service-linked role radio button
8. Click the Next button
9. Click the Skip button on the AWS Config rules page
10. Click the Confirm button on the Review page