If you are looking a way to monitor the AWS Resources in your account for optimal settings, be it for cost reasons or security reasons AWS Config your friend.

But wait? is it not storing my configs? No, Shame on AWS for poor naming. But lets focus on the positive, the amazing service it delivers.

AWS Config is a powerful service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

It keeps a track of the configuration of resources over time providing an easy and maintainable way to enforce certain settings for compliance, security or cost optimization reasons

What are certain use cases one might wanna use AWS Config for? For example when using in detective mode, there is a complete list of evaluations provided by default from AWS that one can use it.

• You wanna check if AWS Certificate Manager Certificates in your account are marked for expiration within the specified number of days? AWS Config is your friend

• Want to make sure that your load balancer is rejecting the http traffic? Use this managed rule for example.

• Want to enforce that EC2 instances should not have a public IP address? No problem at all. AWS Config is here to help you.

Until now we have seen that AWS Config finds if our resource is compliant or not, but can it also act and fix stuff for us? Yes absolutely.

AWS Config - Detect and Fix

AWS Config doesn’t just identify configuration issues—it empowers you to fix them automatically using custom Lambda functions or AWS Systems Manager (SSM) Documents. Whether you’re enforcing security policies or streamlining operations, these flexible remediation options let you tailor solutions to your environment, ensuring compliance with minimal effort.

For instance, if AWS Config detects an EC2 instance with overly permissive settings, it can trigger a Lambda function to tighten those permissions instantly. Alternatively, an SSM Automation Document can apply necessary patches or updates. This proactive “detect-and-fix” approach strengthens your security guardrails, minimizes human error, and slashes response times, keeping your AWS environment compliant and efficient.

Another classic example is s3 buckets for non-compliance, such as public s3 buckets and trigger a remediation.

Conclusion

AWS Config is your gateway to mastering cloud resource management. From tracking changes to enforcing policies with Lambda or SSM Documents, it empowers you to keep your AWS environment secure and efficient.

But there’s more to explore—like advanced features such as periodic mode for scheduled evaluations. Stay tuned for our next post, where we’ll dive deeper into these capabilities and show you how to harness AWS Config’s full power. Start your journey today and take control of your cloud!