AWS Config is a service that maintains an inventory of AWS resources. It keeps record of deleted AWS resources as well as the links between resources. This was especially helpful to me the other day during a deployment. Cloudformation would report that it was failing to delete a security group. I was unable to locate any instances or load balancers that were using the security group. Only after using the config service to look it up I was able to see that an AWS Lambda had been manually set up (by myself) a few months ago with that security group attached. This was done as part of the process to allow the Lambda to connect to a Virtual Private Cluster (VPC).

To set up Config go to: https://console.aws.amazon.com/config/home?region=us-east-1#/welcome

And click the blue “Get Started” button. get-started

Next you will want to ensure all resource types are selected as well as all regions. resource-types-to-record

The Config service sends all change information to an Simple Storage Service (S3) bucket. This is helpful if you are looking to ingest this data to Elasticsearch or some other service. Create a new bucket in this section to enable that. s3-bucket

Once done with the S3 bucket you will then be able to set up an Simple Notification Service (SNS) topic. This is also helpful for ingesting data into Elasticsearch using a Lambda to stream the data into Elasticsearch or some other service. sns-topic

Lastly you will set up a role. AWS sets up the permissions for you if use click “Create a role”. This enables the Config service to properly and securely access each AWS resource. config-role

On the next page you will be given a chance to set up Config Rules. At this point I am not ready to set these up but they are as follows: config-rules I clicked “Skip” but I fully intend to set these up later.

Review the settings and click “Confirm”.

On the next page you will see "Resource inventory". To lookup resources click the dropdown for "Resource type" and select the type of resource you want to lookup. resource-inventory-selection

For testing purposes I have selected "S3: Bucket" and in the optional "Resource identifier" box next to the drop down I entered my bucket name and clicked "Look up".

At this point you will be able to click on the link for the "Config timeline". config-lookup

The timeline allows you to view the various configurations the resource had over the period of time selected. timeline


AWS Codebuild and Static Sites

Fri 03 February 2017 by Patrick Pierson

Simple play by play of how I deploy this site

read more

OpenVpn via Cloudformation

Sat 27 February 2016 by Patrick Pierson

Using OpenVPN to create a randomized VPN on AWS.

read more

SSH proxy for Firefox

Sat 13 June 2015 by Patrick Pierson

Working from home? Need an alternative to VPN?

read more

More S3 analysis

Sat 23 May 2015 by Patrick Pierson

I wrote a script to do additional analysis on s3 logs via python.

read more

S3 Log Analysis

Thu 21 May 2015 by Patrick Pierson

Simple S3 Log analysis using aws cli and bash.

read more

Migrated site to Pelican

Tue 19 May 2015 by Patrick Pierson

Migrated from Wordpress to Pelican.

read more

AWS re:Invent 2014

Tue 16 December 2014 by Patrick Pierson

Visualize Shellshock Detectify Testing

Thu 25 September 2014 by Patrick Pierson

Used ELK to visualize shellshock detectify testing.

read more

Elasticsearch, Logstash, and Kibana to visualize logs

Tue 16 September 2014 by Patrick Pierson

ELK to visualize logs

read more