Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to set up AWS Config with CloudWatch Metrics/Alarms?

0

I'm wanting to have an alarm generate when I have a public rest api, public s3, public dynamodb that is being pulled from Config rule.

Is it possible to generate this from config rule or will it be better to generate from the service itself?

Topics
ServerlessApplication IntegrationManagement & Governance
Tags
Amazon CloudWatch AlarmsAmazon Simple Notification Service (SNS)AWS ConfigAmazon EventBridge
Language
English
asked a year ago947 views
2 Answers
1

While AWS Config is excellent for compliance checks and recording resource configurations over time, it doesn't natively support real-time monitoring or alerting based on operational metrics. For operational monitoring and alerting, CloudWatch is the preferred choice. You can integrate CloudWatch with AWS Config to enhance your monitoring capabilities by using AWS Config rules to trigger CloudWatch alarms based on specific configurations or deviations from expected states.

Here's how you can integrate CloudWatch with AWS Config to enhance your monitoring capabilities:

Use CloudWatch Alarms with AWS Config Rules: You can create CloudWatch alarms that trigger based on the results of AWS Config rules. This allows you to set up real-time alerts for specific configuration changes or deviations from expected states.

Example:

aws cloudwatch put-metric-alarm --alarm-name "EC2InstanceStoppedAlarm"
--metric-name "ConfigComplianceChangeCount"
--namespace "AWS/Config"
--statistic "Sum"
--period 60
--threshold 1
--comparison-operator "GreaterThanOrEqualToThreshold"
--evaluation-periods 1
--alarm-actions "arn:aws:sns:us-west-2:123456789012:my-sns-topic" Publish AWS Config Events to CloudWatch Events: You can configure AWS Config to publish events to Amazon CloudWatch Events, which can then be used to trigger automated actions or notifications based on specific configuration changes.

Visualize AWS Config Data in CloudWatch Dashboards: You can use CloudWatch Dashboards to create custom visualizations and dashboards that combine data from AWS Config and other AWS services, providing a comprehensive view of your environment's operational health and compliance.

By integrating AWS Config with CloudWatch, you can enhance your monitoring and alerting capabilities, enabling you to proactively detect and respond to operational issues and configuration changes in your AWS environment.

I hope this information is helpful. If it is, please consider accepting the answer so that others can benefit from the clarity when searching for similar questions in the community. Thank you!

AWS
EXPERT
answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago
  • AlarmNotificaitons
    a year ago

    Thanks for this answer but I am wondering if there's a way to check the actual AWS Config Rule?

    I see in there there's metrics but it appears to be a generic metric, not one that checks the aws config rule in particular.

1

Hello.

AWS Config can use Amazon SNS to notify you when settings that match a rule are made.
Therefore, it is possible to notify without creating a CloudWatch alarm.
https://docs.aws.amazon.com/config/latest/developerguide/notifications-for-AWS-Config.html

You can use EventBridge for non-compliant rule notifications.
I think the steps in the following document will be helpful for the settings themselves.
https://repost.aws/knowledge-center/config-resource-non-compliant

EXPERT
answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago
  • AlarmNotificaitons
    a year ago

    Thanks, this is heplpful. But i need the message that event bridge sends to SNS to be formatted like a CloudWatch alarm, is there a way to do this without using CloudWatch Alarm or using CloudWatch Alarm or any other service?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content