AWS Config - track resource unsupported in a region

0

In AWS documentation to Config I stumbled on the following statement:

If a resource type is supported by AWS Config in at least one Region, you can enable the recording of that resource type in all Regions supported by AWS Config, even if the specified resource type is not supported in the AWS Region where you set up AWS Config.

I think I need more explanation. E.g. according to the doc Resoruce Coverage by Region Availability, the AWS::EC2::LaunchTemplate resource is not supported in sa-east-1 (Sao Paulo) region. I created a configuration recorder and created the resource. It took some time for the configuration recorder to register the launch template in the Sao Paulo region, but now I can see it in the "Resource" and I can see its configuration history. This brings the question of what the support in the Resoruce Coverage by Region Availability documentation really mean?

If a resource can be recorded even in a region where it is supposedly unsupported, what does the original statement mean?

EDIT: Deekshitha Urs answer clarified why unsupported resource is tracked by Config. Now, assuming the resource is not supported and not tracked in the region, i can I enable this "recording of that resource type in all Regions" functionality?

profile picture
feita há um mês73 visualizações
1 Resposta
1

AWS Config can potentially record resources across all regions, even if the resource type is not officially supported in a particular region according to the "Resource Coverage by Region Availability" documentation.

When you create a resource in a region where it is not officially supported, AWS Config may still attempt to record it. This can explain why you see the resource (like AWS::EC2::LaunchTemplate) being recorded in the sa-east-1 (São Paulo) region, despite it not being listed as supported there. However, this behavior might not be consistent or reliable, and AWS does not guarantee that all configuration changes or details will be captured as thoroughly as they would be in a region where the resource type is officially supported.

You mentioned it took some time for the configuration recorder to register the launch template. This delay can occur because the support for recording in an unsupported region might not be optimized, and AWS Config might take longer to process the resource data.

Official support in the documentation means that AWS guarantees the resource type will be fully tracked and recorded in those regions. The ability to record a resource type in unsupported regions is a flexible feature of AWS Config, but it comes with no guarantee of completeness or timeliness.

profile pictureAWS
ESPECIALISTA
Deeksha
respondido há um mês
profile picture
ESPECIALISTA
avaliado há um mês
profile pictureAWS
ESPECIALISTA
avaliado há um mês
  • Thank you for your answer. This make it more clear. However, now I would want to ask how to enable the mentioned cross-region tracking, when the resource is indeed not supported. For example assuming the Launch template would not be tracked in the São Paulo region. How can I enable tracking of that resource in São Paulo region from e.g. Ireland? I couldn't find any option on configuration recorder and aggregators, as far as I understand, are only read-only and consume data from recorders from within that region.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas