Getting Started with AWS Config: Monitor, Detect, and Remediate Non-Compliant Resources

AWS Config is a service that monitors and records AWS resource configurations to ensure compliance. This lab guides users through setting up AWS Config to enforce EC2 security group compliance. The process begins with creating an IAM role for AWS Config to grant it necessary permissions. Next, users configure AWS Config to record changes specifically for security groups in the us-east-1 region. Subsequently, they define and apply AWS managed rules, such as "restricted-ssh," to evaluate compliance. The lab involves intentionally creating a non-compliant security group that allows public SSH access. AWS Config will then detect and report this non-compliant resource. Users will then set up a remediation action using AWS Systems Manager Automation to automatically fix the violation. This remediation involves disabling public SSH access for the identified security group. Executing the remediation action will remove the non-compliant resource from the list and update the security group's inbound rules. The lab concludes by confirming the security group is now compliant and that public SSH access has been removed. By completing this lab, users gain the ability to monitor resources, detect configuration drift, and automatically enforce security and governance policies using AWS Config.