AWS Config is a fully managed service that provides you with a configuration history, and configuration change notifications to enable security and governance.
With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time.
AWS CONFIG VS CLOUDTRAIL
AWS CloudTrail records user API activity on your account and allows you to access information about this activity.
AWS Config records point-in-time configuration details for your AWS resources as Configuration Items (CIs).
You can use an AWS Config to answer “What did my AWS resource look like?” at a point in time.
You can use AWS CloudTrail to answer “Who made an API call to modify this resource?”
CONFIG RULES
- A Config Rule represents desired configurations for a resource and is evaluated against
- configuration changes on the relevant resources, as recorded by AWS Config.
- AWS Config Rules can check resources for certain desired conditions and if violations are found the resources are flagged as “noncompliant”
Examples of Config Rules:
A Config Rule represents desired configurations for a resource and is evaluated against
configuration changes on the relevant resources, as recorded by AWS Config.
AWS Config Rules can check resources for certain desired conditions and if violations are found the resources are flagged as “noncompliant”
Examples of Config Rules:
Is backup enabled on RDS?
Is CloudTrail enabled on the AWS account?
Are EBS volumes encrypted.
SSM Parameter Store
SSM Parameter Store provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords.
This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily.
For example, you can use the same parameter name, “db-string”, with a different hierarchical path, “dev/db-string” or “prod/db-string”, to store different values.
It is integrated with AWS Key Management Service (KMS), allowing you to automatically encrypt the data you store.
You can also control user and resource access to parameters using AWS Identity and Access Management (IAM). Parameters can be referenced through other AWS services, such as Amazon Elastic Container Service, AWS Lambda, and AWS CloudFormation
OPSWORKS
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet two very popular automation platforms.
So if an organization is already using chef and puppet and want to move to the cloud still using these types of Automation platforms.
KINESIS
Kinesis Data Streams, Kinesis Video Streams, Kinesis Data Firehose, Kinesis Data Analytics
KINESIS DATA STREAMS
Amazon Kinesis makes it easy to collect (ingest) real-time, streaming data so you can get timely insights and react quickly to new information.
Producers send data into a Kinesis stream.
Streams can scale from low to near infinite data rates
It scales by using a shard architecture
Streams Store a 24-hour moving window of data, can be extended to 7 days with extra cost
Multiple consumers can access data from that moving window.
KINESIS VIDEO STREAMS
Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), and other processing.
Durably stores, encrypts, and indexes video data streams, and allows access to data through easy-to-use APIs.
Stores data for 24 hours by default, up to 7 days.
KINESIS DATA FIREHOSE
Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools.
Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose.
Firehose Destinations include:
Amazon S3
Amazon Redshift
Amazon Elasticsearch Service
Splunk
KINESIS DATA ANALYTICS
Amazon Kinesis Data Analytics is the easiest way to process and analyze real-time, streaming data.
Provides real-time analysis.
Can ingest data from Kinesis Streams and Kinesis Firehose.
Output to S3, RedShift, Elasticsearch and Kinesis Data Streams.
Use Cases
Feed real-time dashboards.
Create real-time alerts and notifications.
Is CloudTrail enabled on the AWS account?
Are EBS volumes encrypted.
Top comments (0)