(sec315) new launch: get deep visibility into resource configurations | aws re:invent 2014
DESCRIPTION
AWS Config is a new cross-resource service that allows you to discover new resources, how they're configured, and how these configurations changed over time. The service defines and captures relationships an dependencies between resources, helping you determine if a change to one resource affects other resources.TRANSCRIPT
![Page 1: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/1.jpg)
November 12, 2014
Prashant Prahlad, Amazon Web Services
![Page 2: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/2.jpg)
![Page 3: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/3.jpg)
Change /CHānj/ (v)….to make the form and future course
different from what it is or from what it would be if left alone
![Page 4: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/4.jpg)
“Currently we are scanning AWS and collecting a set of resource configurations
and store those information in an in-our-data-center database – this is a giant
effort on our part.” – AWS Customer
![Page 5: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/5.jpg)
“We poll critical resources, such as our production security groups, at a higher
frequency to ensure we don’t miss changes.” – AWS Customer
![Page 6: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/6.jpg)
“Infrastructure configuration management is designed for infrequent, controlled
changes.”– AWS Customer
![Page 7: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/7.jpg)
“Normalizing different resources just makes understanding them so much
simpler.”– AWS Customer
![Page 8: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/8.jpg)
![Page 9: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/9.jpg)
![Page 10: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/10.jpg)
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
![Page 11: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/11.jpg)
![Page 12: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/12.jpg)
![Page 13: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/13.jpg)
![Page 14: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/14.jpg)
![Page 15: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/15.jpg)
Infrastructure
Change Log
Audits
Regulatory
Compliance
Engine
Changes
![Page 16: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/16.jpg)
![Page 17: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/17.jpg)
![Page 18: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/18.jpg)
![Page 19: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/19.jpg)
![Page 20: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/20.jpg)
![Page 21: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/21.jpg)
![Page 22: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/22.jpg)
![Page 23: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/23.jpg)
![Page 24: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/24.jpg)
![Page 25: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/25.jpg)
Amazon EC2Instance, ENI...
Amazon EBSVolumes
AWS CloudTrailLog
Amazon VPCVPC, Subnet...
![Page 26: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/26.jpg)
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon EBS EBS Volume
Amazon VPC VPCs
Network ACLs
Route Table
Subnet
VPN Connection
Internet Gateway
Customer Gateway
VPN Gateway
AWS CloudTrail Trail
![Page 27: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/27.jpg)
![Page 28: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/28.jpg)
Resource Relationship Related Resource
CustomerGateway is attached to VPN Connection
Elastic IP (EIP) is attached to Network Interface
is attached to Instance
Instance contains Network Interface
is attached to ElasticIP (EIP)
is contained in Route Table
is associated with Security Group
is contained in Subnet
is attached to Volume
is contained in Virtual Private Cloud (VPC)
InternetGateway is attached to Virtual Private Cloud (VPC)
… …. …..
![Page 29: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/29.jpg)
![Page 30: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/30.jpg)
Component Description Contains
Metadata Information about this configuration item
Version ID, Configuration item ID,Time when the configuration item was captured, State ID indicating the ordering of the configuration items of a resource, MD5Hash, etc.
Common Attributes Resource attributes Resource ID, tags, Resource type. Amazon Resource Name (ARN)Availability Zone, etc.
Relationships How the resource is related to other resources associated with the account
EBS volume vol-1234567 is attached to an EC2 instance i-a1b2c3d4
Current Configuration Information returned through a call to the Describe or List API of the resource
e.g. for EBS VolumeState of DeleteOnTermination flagType of volume. For example, gp2, io1, or standard
Related Events The AWS CloudTrail events that are related to the current configuration of the resource
AWS CloudTrail event ID
![Page 31: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/31.jpg)
![Page 32: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/32.jpg)
![Page 33: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/33.jpg)
![Page 34: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/34.jpg)
![Page 35: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/35.jpg)
![Page 36: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/36.jpg)
![Page 37: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/37.jpg)
Snapshot @ 2014-11-05,
11:30pm
Snapshot @ 2014-11-12,
2:30pm
![Page 38: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/38.jpg)
![Page 39: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/39.jpg)
![Page 40: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/40.jpg)
![Page 41: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/41.jpg)
![Page 42: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/42.jpg)
![Page 43: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/43.jpg)
![Page 44: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/44.jpg)
![Page 45: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/45.jpg)
![Page 46: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/46.jpg)
![Page 47: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/47.jpg)
![Page 48: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/48.jpg)
![Page 49: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/49.jpg)
![Page 50: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/50.jpg)
![Page 51: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/51.jpg)
Resource Type Resource
Amazon EC2 EC2 Instance
EC2 Elastic IP (VPC only)
EC2 Security Group
EC2 Network Interface
Amazon EBS EBS Volume
Amazon VPC VPCs
Network ACLs
Route Table
Subnet
VPN Connection
Internet Gateway
Customer Gateway
VPN Gateway
AWS CloudTrail Trail
![Page 52: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/52.jpg)
![Page 53: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/53.jpg)
![Page 54: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/54.jpg)
![Page 55: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/55.jpg)
![Page 56: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/56.jpg)
![Page 57: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/57.jpg)
![Page 58: (SEC315) NEW LAUNCH: Get Deep Visibility into Resource Configurations | AWS re:Invent 2014](https://reader033.vdocument.in/reader033/viewer/2022060118/5589e75fd8b42a870c8b46e4/html5/thumbnails/58.jpg)