Item: AWS Config
Rating: 7
Author: Verified User

Use Cases and Deployment Scope

We use AWS config to set a ground rule of our AWS configuration and resources. Since we are using AWS S3 for a lot of our critical resources, AWS config makes it easy for us to evaluate the configuration of those resources as well as tracking the configuration history to see whenever any configuration changes cause an issue to our service.

Pros and Cons

Track many AWS server configuration
Faster and easier audit process of your AWS services configuration
Keeping history of changes means its easy to spot any issues that occur whenever any changes happened

The interface is not really user friendly and the configuration option is not easy to use either
Only available for resources within AWS
Some service can be quite costly, we need to prioritise which service that we would apply AWS config to and leave the less important service without AWS config monitoring

Return on Investment

A "Big Fish" company that is more concerned about the security of their data came aboard with us more easily since they trust us with the AWS config setup
Less time to debug or finding out issue on infrastructure whenever it happens
Easy and fast to roll back whenever changes that caused issues happen

Alternatives Considered

PaperTrail

Despite the comparison it is not really apples to apples, the main purpose of the service is quite similar which is to monitor your application or services. In terms of AWS services, AWS Config provides more options to monitor and log your service on the infrastructure level which is very useful on that level and overall will give you more information about what is currently happening. Meanwhile PaperTrail is more suited to monitor and log your service and could only give you information on the application level.

Other Software Used

SolarWinds Papertrail

Performance

The performance has never been an issue for us, the dashboard gives us real-time monitoring and the alert sends us the notification within less than a minute of it happening, this applies to all of the monitored resources on AWS. However we can't (or probably haven't figured out how to) integrate with any other third party services, so we can't really evaluate how it integrates with other services

Ease of Integration

For the first time user, the whole configuration options can be really confusing. The explanation and user experiences is not very straightforward and user friendly to use. You need to know at least basic knowledge of how the majority of AWS cloud system works on top of the AWS services that you actually use. The amount of configuration option could be overwhelming when you set it up the first time.

Likelihood to Recommend

It's really good if your infrastructure services is all in AWS, that means everything could be audited and monitored using AWS config. You also can create alarms to notify you or your team about any changes on your AWS resources which is very useful to prevent abuse if you have a fairly large team. It's also very useful whenever some third party wants to audit your AWS resources, if you have a fairly comprehensive AWS config configured, the auditing process will be easy since they only need to look at your AWS config setup.

AWS Config is the only one you need for your AWS infrastructure monitoring

Overall Satisfaction with AWS Config