Help! How do you turn off AWS config!


I wanted to learn about AWS config so I started it with some rules. Then I got the bill so I decided to stop the service but I can't seem to. I stopped recording and I have no rules running but I still get billed for $4.00 per month.

It seems like config is easy to turn on but not so easy to off.

asked 5 years ago12266 views
6 Answers
  1. Turn off Recording for that region using the console

  2. Delete the Rule by going to actions, delete rule

  3. Use the AWS CLI and delete the default recording by

aws configservice delete-configuration-recorder --configuration-recorder-name default --region <region-name>

  1. Delete the service linked role created for AWS Config

Refresh the Config home page to make it appear fresh.

If necessary delete the config bucket and its objects.

Edited by: ecooper on Sep 18, 2021 10:28 AM

answered 3 years ago

aws configservice describe-config-rules | grep ConfigRuleName | cut -d":" -f2 | cut -d"," -f1 | xargs -L1 aws configservice delete-config-rule --config-rule-name

answered 3 years ago
  • It worked very well. Thank you, iothreat1.


I had to use CLI to remove all the rules. Just executed - will see how it affects billing tonight.

P.S. instead of grep/awk feel free to use --query parameter of aws command

aws configservice describe-config-rules | grep ConfigRuleName | gawk &#39;match($0, /:.+"(.+)"/, a) {print a[1]}&#39; | while read rule_name; 
	echo $rule_name; 
	aws configservice delete-config-rule --config-rule-name $rule_name
answered 4 years ago

In your billing console, you can view what charges are still being applied. It is possible that the Config recording is still turned on. This is the capability that records the resource configuration changes and provides the trigger for change triggerd/ hybrid rules to evaluate when there are resource specific changes.

You can find steps to manage the Config recorder .

answered 4 years ago

One last thing that was needed in my case was to disable trusted access with AWS Config, from Organization. Basically:

aws organizations disable-aws-service-access --service-principal

And apparently CloudTrail needs to be disabled as well:

answered 9 months ago

In Console,

  1. Go to the setting page of config and disable recorder.
  2. Delete all the config rules you will be fine now
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions