By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

File of a ManagedInstance in Config

0

Hello,

Is it possible to record any changes of a file of a SSM:ManagedInstance in Config ?

I have SSM and Config that are configured. My instance is running SSM agent. In Config, I record the three types for SSM (SSM:ManagedInstanceInventory, SSM:PatchCompliance, and SSM:AssociationCompliance). The global inventory in SSM is configured with every possible parameters, and I also target a file, /etc/ssh/sshd_config. I can see a new record in Config's timeline of my instance when I install a new application (for instance, nmap), but I have no new record for any renaming of the file nor when I edit the file (for instance, changing "PermitRootLogin no" -> "PermitRootLogin yes"). I know that the file is targeted because it is in SSM's inventory.

Am I doing something wrong ? Is it even possible to record any changes in a file through SSM inventory and Config ? For the information, I am in Stockholm's region (eu-north-1).

Thanks !

Edited by: acaitr on Jan 28, 2019 4:54 PM

Topics
Management & Governance
Tags
AWS Config
Language
English
acaitr
asked 5 years ago213 views
2 Answers
0

We do not support recording changes to "files" in AWS Config. We only collect SSM inventory for the following types: installed applications, network configuration and AWS software components.

Thanks,
Sid

AWS-User-2424938
answered 5 years ago
0

It would be great to track Files. This would essentially allow an easy setup for file integrity monitoring.

Forums-User-7813077
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content