# Config **Introduction** * Regional Auditing and recording compliance of your AWS resources. **Feature** * Can be aggregated accross regions and accounts. * Recording record configurations and changes over time. * Doesn't prevent actions from happening (no deny). * Can send SNS notification for changes. * Config Rules * Can use AWS managed config rules (over 75) * Can make custom config rules (must be defined in AWS Lambda) * Evaluate if each EBS disk is of certain type. * Evaluate if each EC2 instance is of certain type. * Rules can be evaluated / triggered: * For each config change. * And / or: at regular time intervals. * Can trigger CloudWatch events if the rule is not compliant (and chain with Lambda). * Rules can have auto remediations: * If a resource is not compliant, you can trigger an auto remediation. * Define the remediation through SSM Automations. * Ex. remediate security group rules, or stop instances with non-approved tags. **Scenario** * Unrestricted SSH access to a Security Group * S3 Policy for public access * ALB configuration changes over time --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ysfang82.gitbook.io/development-notes/aws-notes/service/management-tools/config.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.