By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Basic AWS Config S3 set-up

0

I am just getting started with using AWS Config. I have followed the instructions for manual set-up here - https://docs.aws.amazon.com/config/latest/developerguide/manual-setup.title.html - and am initially just trying to log configuration changes to S3. In the configuration screens I had it set up a new S3 bucket and set it to log all events for US-east-1. Having set it up, I proceeded to make some minor configuration changes - I launched an EC2 instance and then shut it down. In the AWS Config dashboard I see events in the "Configuration Items Recorded" graph at the time I was using the EC2 console, and the "Change Notifications Delivery Failed" graph shows no activity for that time. However, I do not see any entries in the S3 bucket associated with the changes. The AWS Config set up appears to have set up the new bucket correctly but the only entry/object I see in it is named "ConfigWritabilityCheckFile". That file's time stamp corresponds to when I was setting up the AWS Config general settings. I checked the bucket permissions with this documentation - https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html - and the permissions seem correct - which is not surprising because I picked defaults and the syste should have set things up correctly.

How can I further research what is going on here or is there something I missed?

Thank you.

Topics
StorageManagement & Governance
Tags
Amazon Simple Storage ServiceAWS Config
Language
English
seank
asked 10 months ago250 views
3 Answers
0
Accepted Answer

Humm - seems like I was too impatient - as of this morning my time a set of configuration records have been delivered including changes from 12 hours ago- it seems it just took time for the AWS Config service to be fully active.

seank
answered 10 months ago
0

You can check cloudtrail events for accessdenied messages.

You will not necessarily see S3 data event failures. What you could see is KMS denied errors.

Can you provide a copy of your s3 policy, service linked role and Kms policy to clarify it’s accurate?

profile picture
EXPERT
Gary Mclean
answered 10 months ago
0

Thank you for the follow up.

Here is a snapshot of the AWS Config set up: Enter image description here

Here is the Cloudtrail log showing I created a new EC2 instance and not showing any errors: Enter image description here

And here is the AWS COnfig dashboard showing that it "saw" the events associated with the launching of the EC2 instance and indicating it had no errors in transmitting the information at that time: Enter image description here

Any suggestions?

seank
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content