/
AWS Config Collection Settings

AWS Config Collection Settings

AWS Config Integration Guide

To track configuration changes and check compliance for AWS resources through CloudXper's 'Compliance' feature, you must additionally configure AWS Config integration settings.

1. Overview

To track configuration changes and ensure compliance for resources in AWS Config,
Make sure that Recorder is started in Config and that the delivery channel (Delivery Channel ~ S3 bucket) configuration is complete.

To check if AWS Config is enabled, please refer to the AWS guide link below.

https://docs.aws.amazon.com/config/latest/developerguide/gs-cli-verify-subscribe.html

CloudXper is designed to safely collect configuration information from customer clouds without affecting existing operational management.

Link S3 Config Delivery events via EventBridge, a method of linking events between other accounts.



  1. After the Config information in the customer cloud is recorded (Delivery Completed) in the S3 Config Bucket, the event is delivered to CXP via EventBridge.

  2. The Record Completed Event (Snapshot/History Delivery Completed) includes the S3 Config Bucket, Object Key, and the record time information.

  3. CXP Collection Lambda authenticates based on the authentication method of the pre-configured customer account and queries the S3 Config Bucket of the customer account using the S3 API.


2. Event Bus Settings (Optional)

Event Bus receives/links only events that match the Rule (Event Pattern) among events generated from various sources in the cloud account.
If you want to create a Rule on an Event Bus other than the default Event Bus,

You can create it in Custom Event Bus as below. (See below) Create Custom Event Bus for this.





  1. Enter a Name for the Event bus.

  2. Resource-based policy is not set because it only receives events within the customer cloud.


3. Create a Rule

Create a rule to associate an event (Delivery Event) that records Snapshot and History files in the S3 Config Bucket.

The Event targets to be linked are Snapshot and History. If the Snapshot Delivery setting in Config is not set, only the History event linkage setting is set.

However, if Snapshot is not set up or is set to record only some resources, there may be limitations in tracking changes.

 

The rule creation/change process consists of five steps, and the required steps 1-3 are as follows:

  1. Define Rule Detail : Rule Default Settings

  2. Build Event Pattern : Setting the Event Pattern to Link

  3. Select Target(s) : Setting Event Link Target

  4. Configure Tags

  5. Review and create

If you created a Custom Event Bus earlier, select it from the Event Bus list in Select event bus.

3.1. Snapshot Delivery Event Rule Settings

Create a Rule to link the Snapshot recording completion event in the S3 Config Bucket to CloudXper's EventBridge.

3.1.1. Enter basic rule information

Enter a name and description for the Rule to be created.




  • Name: Rule name

  • Description: Rule Description

  1. Select the Event Bus where the Rule will be set. If you created a separate Event Bus earlier, select the created Event Bus.

  2. Because Rule Type links events that occurred in AWS Config Service, Rule with an event pattern Select .

3.1.2. Event Pattern Setting

Set up Event Source and Pattern to link Delivery Events generated from AWS Config Service.






  1. Event Source: Among the AWS Service list Config Select .

  2. Event type: “ as the Event type to receiveConfig Configuration Snapshot Delivery Status" is selected.

  3. Specific message typeSpecify “Specific message type(s)” and then select “ from the message type list below.ConfigurationSnapshotDeliveryCompleted" is selected.