You are currently viewing AWS Config Rules With Examples

AWS Config Rules With Examples

AWS Config Rules With Examples

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have enabled the AWS config service and started recording configuration changes.

Today we are going to discuss AWS config rules with some examples. AWS config service can compare your configuration settings with some predefined set of rules to evaluate if the configuration setting is compliant. You can use AWS provided config rules or create a custom config rule as per your need. The idea behind AWS config rule is to detect if a resource is using some non-standard configuration and action/notify them to make your AWS landscape consistence with your organization standard.

AWS Config Rules With Examples:


  • AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.

Step 1: Create a S3 bucket with proper bucket policy to store config recordings.

Step 2: Create an IAM role for AWS config service with proper policy.

Step 3: Enable AWS Config service using AWS CLI

Warning: There is additional cost associated with AWS Config, please refer below documentation for latest AWS Config pricing.

Step 5: Create AWS Config rules

Observe, we have used AWS provided rule “REQUIRED_TAG”. AWS config rule will evaluate a resource non-compliant if it does not have a tag with key=owner and value=debjeet.

Step 5: Create a config delivery channel (S3 in our case) to store all the config recordings.

Step 6: Start Config recordings

Note: AWS Config will take some time to discover all the resources, initial configuration items and deliver them to S3 bucket. Wait for some time and then proceed to next step.

Step 7: Get details for AWS config and config rules.

Observe, we have some non-compliant resources.

AWS Config Rules With Examples

Next, we are going to fix config rule non compliance by creating a tag in our VPC.

Step 8: Remediate non-compliant resource in AWS config.

Observe, now we have a compliant resource under AWS config.

AWS Config Rules With Examples

Since we have created a new tag for the VPC which is recorded by AWS config for any configuration changes. We can view what exactly changed in the VPC (in this case a new tag was created).

Step 9: View configuration history in AWS config.

You can also view the same information from AWS console.

AWS Config Rules With Examples

Step 10: Delete the config rule and disable config service

Hope you have enjoyed this article. To know more about AWS Config, please refer below official documentation

Please refer below documentation for all AWS provided config rule examples.

Leave a Reply