AWS Config setup

0

Hi AWS, we are planning to delete all the AWS resources created outside of the four approved AWS regions i.e. us-east-1, us-east-2, us-west-1 and us-west-2. The AWS services/resources are CloudWatch, EC2, Security Groups, RDS, EFS, KMS, S3, Lambda, SNS, VPC, SQS, DynamoDB and SageMaker.

Do I need to create AWS config rule which will trigger a lambda under-the-hood to do the activity and also how can I figure out which all resources are actively running for an AWS service and how to delete them in one go?

Please help

profile picture
asked 2 months ago142 views
1 Answer
0

AWS Config's intended role in what you're working on would be to map out the existence, locations, and configurations of your resources. If you have AWS Config enabled in all the regions you want to get rid of, you could query the configuration snapshots you can set it to deliver to your S3 bucket with a tool such as Athena to discover which resources you have in the non-preferred regions.

There's a blog post with a step-by-step walkthrough for setting up AWS Config snapshot delivery to S3 and querying the configuration snapshots in your central S3 bucket for AWS Config with SQL in Amazon Athena: https://aws.amazon.com/blogs/mt/how-to-query-your-aws-resource-configuration-states-using-aws-config-and-amazon-athena/

Deleting your resources, such as databases, I would think you'd want to do very carefully and under human review and control, rather than having a script wiping out entire databases, servers, encryption keys required for accessing data and backups, and other resources.

EXPERT
Leo K
answered 2 months ago
profile pictureAWS
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions