- 최신
- 최다 투표
- 가장 많은 댓글
AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
When you turn on AWS Config, it first discovers the supported AWS resources that exist in your account and generates a configuration item for each resource. AWS Config also generates configuration items when the configuration of a resource changes, and it maintains historical records of the configuration items of your resources from the time you start the configuration recorder.
By default, AWS Config creates configuration items for every supported resource in the region. Also, AWS Config keeps track of all changes to your resources by invoking the Describe or the List API call for each resource in your account.
It seems config is not updating Configuration Item for resources due to which Config is still showing those resources as Non-Compliant even when they are either remediated or deleted. Hence, I would request you to kindly validate if Config Recorder is 'Enabled' or not [1]. Also, I would request you to validate Service Linked role [2] for Config as it should have enough permissions to record changes for applicable resources.
With that being said, if you still see issue after validating above configuration details, I would request you to open Support case to further investigate the issue.
==== Reference ====
[1] https://docs.aws.amazon.com/config/latest/developerguide/stop-start-recorder.html [2] https://docs.aws.amazon.com/config/latest/developerguide/using-service-linked-roles.html
After setting Config Recorder to 'Enabled' as you suggested, I saw that several items were displayed as "compliant". I'll have to check the remaining items again to see if the settings are incorrect. Thanks for your advice!