Note: AWS Config records and evaluates configurations of your AWS resources.
You set up a bucket, a SNS topic and some rules.
The state of your AWS resources are stored and, if a non-compliant resource gets created, you get notified via the SNS topic.
Example rules might be:
- Only SSL requests on S3 buckets
- Logging enabled on S3 buckets
- Versioning enabled on S3 buckets
- Volumes are encrypted
- SSH restricted: i.e. only a restricted set of IPs are allowed to access via SSH
Note: AWS Config is expensive.