Document History - AWS Config

Document History

The following table describes the important changes to the documentation for AWS Config. For notification about updates to this documentation, you can subscribe to an RSS feed.

  • API version: 2014-11-12

  • Latest documentation update: October 12, 2021

Change Description Date

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to new Amazon OpenSearch Service resource types. For more information, see Supported Resource Types.

October 12, 2021

AWS Config supports new conformance packs

With this release, AWS Config supports the following conformance pack:

October 12, 2021

AWS Config supports new conformance packs

With this release, AWS Config updates the following conformance packs:

September 30, 2021

Security IAM update

The AWSConfigServiceRolePolicy policy and AWS_ConfigRole policy now grant permission to get details about an Amazon OpenSearch Service (OpenSearch Service) domain/domains and to get a detailed parameter list for a particular Amazon Relational Database Service (Amazon RDS) DB parameter group. This policy also grants permission to get details about Amazon ElastiCache snapshots. For more information, see AWS managed policies for AWS Config.

September 8, 2021

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to new Amazon Elastic Compute Cloud resource types. For more information, see Supported Resource Types.

September 7, 2021

AWS Config supports new conformance packs

With this release, AWS Config updates the following conformance packs:

August 30, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

August 20, 2021

AWS Config supports new conformance packs

With this release, AWS Config supports the following conformance pack:

August 20, 2021

Security Amazon SNS policy update

With this release, AWS Config updates the IAM policy statement for the Amazon SNS topic when using service-linked roles to include security protections that restrict access with sourceARN and/or sourceAccountId in the topic policy. This helps make sure Amazon SNS is accessing your resources on behalf of expected users and scenarios only.

The following page is updated:

August 17, 2021

Security AWS Lambda policy update

With this release, AWS Config updates the AWS Lambda resource-based policy for AWS Config custom rules to include security protections that restrict access with sourceARN and/or sourceAccountId in the invoke request. This helps make sure AWS Lambda is accessing your resources on behalf of expected users and scenarios only.

The following pages are updated:

August 12, 2021

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to Amazon Kinesis resource types. For more information, see Supported Resource Types.

August 6, 2021

AWS Config supports new conformance packs

With this release, AWS Config supports the following conformance pack:

The following conformance packs are updated:

July 30, 2021

Example AWS Lambda Functions for AWS Config Custom Rules

With this release, AWS Config provides Python example functions in Example AWS Lambda Functions for AWS Config Rules (Python).

July 29, 2021

Security IAM update

The AWSConfigServiceRolePolicy policy and AWS_ConfigRole policy now grant permission to list tags for a log group, list tags for a state machine, and list all state machines. These policies now grant permission to get details about a state machine. These policies also now support additional permission for Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, Amazon FSx, Amazon Kinesis Data Firehose, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Relational Database Service (Amazon RDS), Amazon Route 53, Amazon SageMaker, Amazon Simple Notification Service, AWS Database Migration Service, AWS Global Accelerator, and AWS Storage Gateway. For more information, see AWS managed policies for AWS Config.

July 28, 2021

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to AWS Backup resource types. For more information, see Supported Resource Types.

July 14, 2021

AWS Config supports new conformance packs

With this release, AWS Config supports the following conformance packs:

July 9, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

June 25, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

June 10, 2021

Security IAM update

The AWSConfigServiceRolePolicy policy and AWS_ConfigRole policy now grant permission to view the permissions of AWS Systems Manager documents and information about IAM Access Analyzer. These policies now support additional AWS resource types for Amazon Kinesis, Amazon ElastiCache, Amazon EMR, AWS Network Firewall, Amazon Route 53, and Amazon Relational Database Service (Amazon RDS). These permission changes allow AWS Config to invoke the read-only APIs required to support these resource types. These policies also now support filtering Lambda@Edge functions for the lambda-inside-vpc AWS Config managed rule. For more information, see AWS managed policies for AWS Config.

June 8, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

May 19, 2021

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to Amazon Elastic File System resource types. For more information, see Supported Resource Types.

May 13, 2021

Security IAM update

The AWSConfigServiceRolePolicy policy and AWS_ConfigRole policy now grants permission that allow AWS Config to make read-only GET calls to API Gateway to support a Config Rule for API Gateway. These policies also adds permissions that allow AWS Config to invoke Amazon Simple Storage Service (Amazon S3) read-only APIs, which are required to support the new AWS::S3::AccessPoint resource type. For more information, see AWS managed policies for AWS Config.

May 10, 2021

AWS Config Custom Rules

The following pages in the developer guide are updated:

April 30, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

April 15, 2021

Security IAM update

The AWSConfigServiceRolePolicy policy and AWS_ConfigRole policy now grant permission to view information about AWS Systems Manager specified documents. These policies also now support additional AWS resource types for AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Kinesis, Amazon SageMaker, AWS Database Migration Service, and Amazon Route 53. These permission changes allow AWS Config to invoke the read-only APIs required to support these resource types. For more information, see AWS managed policies for AWS Config.

April 14, 2021

Conformance Pack Compliance as Configuration Items (CIs)

With this release, AWS Config supports conformance pack compliance as configuration items. This enables you to:

  • View a timeline of changes to the compliance state of your conformance packs

  • Aggregate conformance packs compliance across multiple accounts and regions

  • Use advanced queries to check the compliance of your conformance packs

The following API's are updated:

The following pages in the developer guide are updated:

March 30, 2021

Pagination update

With this release, AWS Config advanced queries feature now supports pagination for queries that contain aggregate functions, such as COUNT and SUM. You can now use advanced queries to get complete results for your aggregate queries through pagination, which were previously limited to 500 rows. For more information, see Querying the Current Configuration State of AWS Resources

March 26, 2021

Region support

With this release, AWS Config and AWS Config Rules is now supported in Asia Pacific (Osaka) Region.

March 4, 2021

AWS Config supports new resources types

With this release, you can use AWS Config to record configuration changes to Amazon Elastic Container Registry, Amazon Elastic Container Service, and Amazon Elastic Kubernetes Service resource types. For more information, see Supported Resource Types.

February 25, 2021

KMS encryption support

With this release, AWS Config allows you to use KMS-based encryption on objects delivered by AWS Config for S3 bucket delivery.

The following API's are updated:

The following pages in the developer guide are updated:

February 16, 2021

AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

February 16, 2021

Saved Query Region support

With this release, saved query is now supported in AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions.

February 15, 2021

Multi-account multi-region data aggregation Region support

With this release, multi-account multi-region data aggregation is now supported in Africa (Cape Town) and Europe (Milan) Regions. For more information, see Multi-Account Multi-Region Data Aggregation.

February 15, 2021

Advanced queries Region support

With this release, advanced queries is now supported in Africa (Cape Town) and Europe (Milan) Regions. For more information, see Querying the Current Configuration State of AWS Resources.

February 15, 2021

AWS Config documentation history notification available through RSS feed

You can now receive notification about updates to the AWS Config documentation by subscribing to an RSS feed.

January 1, 2021

Earlier Updates

The following table describes the documentation release history of AWS Config prior to Dec 31, 2020.

Change Description Release Date
Saved Query support

With this release, AWS Config allows you to save your queries. After you save the query, you can search it, copy it to the query editor, edit it, or delete it. For more information about how to save a query, see the Query Using the SQL Query Editor (Console) and Query Using the SQL Query Editor (AWS CLI).

For more information about APIs, see the AWS Config API Reference:

Also see Service Limits.

December 21, 2020
Process checks support

With this release, AWS Config supports process checks that is a type of AWS Config rule that allows you to track your external and internal tasks that require verification as part of the conformance packs. With process checks, you can list the compliance of requirements and actions at a single location.

For more information about process checks, see the AWS Config Process Checks Within a Conformance Pack topic and the PutExternalEvaluation API.

December 17, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

December 17, 2020
AWS Config supports AWS Network Firewall

With this release, you can use AWS Config to record configuration changes to your AWS Network Firewall FirewallPolicy, RuleGroup, and Firewall resource types. For more information, see Supported Resource Types.

December 4, 2020
Documentation update

AWS Config added support for organization-wide resource data aggregation in a delegated administrator account. You can now use a delegated administrator account to aggregate resource configuration and compliance data from all member accounts of an organization in AWS Organizations.

For more information, see PutConfigurationAggregator, Setting Up an Aggregator Using the Console and Register a Delegated Administrator.

December 4, 2020
AWS Config supports new conformance packs October 30, 2020
AWS Config supports new conformance packs October 22, 2020
AWS Config supports new conformance packs October 15, 2020
AWS Config supports new conformance packs October 8, 2020
AWS Config supports new conformance packs September 30, 2020
AWS Config supports new conformance packs September 28, 2020
Documentation update

The following conformance pack topics are updated.

September 28, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

September 17, 2020
AWS Config supports AWS WAFv2

With this release, you can use AWS Config to record configuration changes to your AWS WAFv2 WebACL, IPSet, RegexPatternSet, RuleGroup, and ManagedRuleSet resource types. For more information, see Supported Resource Types.

September 1, 2020
Documentation update

A note has been added to Granting Custom Permissions for AWS Config Users about creating custom permissions that grant full access.

The documentation has been updated for the following rules:

August 24, 2020
Documentation update

Operational Best Practices for PCI DSS 3.2.1 and Operational Best Practices for NIST CSF templates are updated.

August 14, 2020
Documentation update

Example relationship queries are added. For more information, see Example Relationship Queries.

July 30, 2020
Documentation update

The following API's are updated:

July 23, 2020
AWS Config supports AWS Systems Manager resource type

With this release, you can use AWS Config to record configuration changes to the AWS Systems Manager file data resource type. For more information, see Supported Resource Types.

July 9, 2020
Documentation update

Operational Best Practices for AWS Identity And Access Management and Operational Best Practices for PCI DSS 3.2.1 templates are updated.

July 9, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

July 9, 2020
Multi-account multi-region data aggregation Region support

With this release, multi-account multi-region data aggregation is now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. For more information, see Multi-Account Multi-Region Data Aggregation and Troubleshooting for Multi-Account Multi-Region Data Aggregation.

July 1, 2020
Advanced queries Region support

With this release, advanced queries is now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain) Regions. For more information, see Querying the Current Configuration State of AWS Resources.

July 1, 2020
Documentation update

The documentation has been updated for the following rules:

June 30, 2020
Documentation update

The documentation has been updated with information about security for AWS Config. See Security in AWS Config.

June 24, 2020
Documentation update

AWS Control Tower Detective Guardrails Conformance Pack template is updated. For more information, see AWS Control Tower Detective Guardrails Conformance Pack.

June 4, 2020
AWS Config supports a new conformance pack

With this release, AWS Config supports Operational Best Practices for NIST CSF conformance pack. For more information, see Operational Best Practices for NIST CSF .

May 29, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

May 28, 2020
Delegated administrator support

With this release, you can deploy AWS Config rules and conformance packs from any delegated member account in your organization, in addition to the management account.

For more information about APIs, see the AWS Config API Reference:

For more information, see Service Limits.

May 27, 2020
AWS Config rules Region support

With this release, few AWS Config rules are supported in Africa (Cape Town) and Europe (Milan) regions. For a detailed list of rules and the regions they are supported in, see List of AWS Config Managed Rules.

April 28, 2020
AWS Config supports new conformance packs

With this release, AWS Config supports two conformance packs.

  • AWS Control Tower Detective Guardrails Conformance Pack

  • Operational Best Practices for CIS

For more information, see Conformance Pack Sample Templates.

April 22, 2020
AWS Config supports AWS Secrets Manager

With this release, you can use AWS Config to record configuration changes to your Secrets Manager secret. For more information, see Supported Resource Types.

April 20, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

April 16, 2020
Conformance pack Region support

With this release, conformance packs are now supported in Asia Pacific (Hong Kong) and Middle East (Bahrain). For more information, see Conformance Packs.

April 8, 2020
Documentation update

AWS Config limits are available in this developer guide. For more information, see Service Limits.

April 8, 2020
Documentation update

Third-party resources that are managed (i.e. created/updated/deleted) through AWS CloudFormation registry are automatically tracked in AWS Config as configuration items. For more information, see Record Configurations for Third-Party Resources.

March 30, 2020
Documentation update

The AWS Config Managed Rules are updated to include AWS Region information. For more information, see List of AWS Config Managed Rules.

March 27, 2020
AWS Config supports Amazon SNS resource type

With this release, you can use AWS Config to record configuration changes to your Amazon SNS topic. For more information, see Supported Resource Types.

March 6, 2020
Multi-account multi-region data aggregation Region support

With this release, multi-account multi-region data aggregation is now supported in Europe (Stockholm) Region. For more information, see Multi-Account Multi-Region Data Aggregation.

March 5, 2020
Advanced queries Region support

With this release, advanced queries is now supported in Europe (Stockholm) Region. For more information, see Querying the Current Configuration State of AWS Resources.

March 5, 2020
AWS Config allows you to run advanced queries with configuration aggregators

With this release, AWS Config adds support to run advanced queries based on resource configuration properties with configuration aggregators, enabling you to run the same queries across multiple accounts and Regions. For more information, see Querying the Current Configuration State of AWS Resources.

With this release, AWS Config adds SelectAggregateResourceConfig API. For more information, see SelectAggregateResourceConfig in the AWS Config API Reference:

February 28, 2020
AWS Config supports Amazon SQS resource type

With this release, you can use AWS Config to record configuration changes to your Amazon SQS queue.

For more information, see Supported Resource Types.

February 13, 2020
AWS CloudFormation support for Conformance packs

With this release, AWS CloudFormation support for the following resources was added: AWS::Config::ConformancePack and OrganizationConformancePack.

  • AWS::Config::ConformancePack

    Use the AWS::Config::ConformancePack resource to create a Conformance Pack that is a collection of AWS Config rules that can be easily deployed in an account and a Region and across AWS Organization.

  • AWS::Config::OrganizationConformancePack

    Use the AWS::Config::OrganizationConformancePack resource to create an Organization Conformance Pack that has information about 
 conformance packs that AWS Config creates in the member accounts.

February 13, 2020
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

December 20, 2019
Record configurations for custom resource types

With this release, AWS Config introduces support to record configurations for custom resource types. You can publish the configuration data of third-party resources into AWS Config and view and monitor the resource inventory and configuration history using AWS Config console and APIs. For more information, see Record Configurations for Third-Party Resources.

For more information about APIs, see the AWS Config API Reference:

November 20, 2019
Conformance packs

With this release, AWS Config introduces conformance packs. Conformance packs enable you to package a collection of AWS Config rules and remediation actions that can then be deployed together as a single entity across an entire AWS Organization. For more information, see Conformance Packs.

For more information about APIs, see the AWS Config API Reference:

November 19, 2019
AWS Config supports Amazon OpenSearch Service and AWS Key Management Service resource types

With this release, you can use AWS Config to record configuration changes to your Amazon OpenSearch Service domain and AWS Key Management Service key.

For more information, see Supported Resource Types.

November 11, 2019
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

October 10, 2019
AWS Config supports Amazon RDS resource type

With this release, you can use AWS Config to record configuration changes to your Amazon Relational Database Service (Amazon RDS) DBCluster and DBClusterSnapshot.

For more information, see Supported Resource Types.

September 17, 2019
AWS Config supports Amazon QLDB resource type

With this release, you can use AWS Config to record configuration changes to Amazon Quantum Ledger Database (QLDB) ledger resource type.

For more information, see Supported Resource Types.

September 10, 2019
AWS Config allows you to apply auto remediation on noncompliant resources as evaluated by AWS Config Rules

With this release, AWS Config introduces support to apply auto remediation using AWS Systems Manager automation documents on noncompliant resources as evaluated by AWS Config Rules. For more information, see Remediating Noncompliant AWS Resources by AWS Config Rules.

With this release, AWS Config adds the following new APIs. For more information, see the AWS Config API Reference :

September 5, 2019
AWS Config updates managed rules

With this release, AWS Config supports the following managed rules:

For more information, see List of AWS Config Managed Rules.

August 22, 2019
AWS Config updates managed rules

With this release, AWS Config updates the following managed rules:

For more information, see List of AWS Config Managed Rules.

July 31, 2019
AWS Config supports Amazon EC2 resource types

With this release, you can use AWS Config to record configuration changes to the following Amazon EC2 resources; VPCEndpoint, VPCEndpointService, and VPCPeeringConnection.

For more information, see Supported Resource Types.

July 12, 2019
AWS Config allows you to manage AWS Config rules across all AWS accounts within an organization

With this release, AWS Config introduces support for managing AWS Config rules across all AWS accounts within an organization. You can centrally create, update, and delete AWS Config rules across all accounts in your organization. For more information, see Enabling AWS Config Rules Across all Accounts in Your Organization.

For more information about APIs, see the AWS Config API Reference:

July 9, 2019
AWS Config supports Amazon S3 and Amazon EC2 resource types

With this release, you can use AWS Config to record configuration changes to the Amazon S3 AccountPublicAccessBlock resource and the following Amazon EC2 resources; NatGateway, EgressOnlyInternetGateway, and FlowLog.

For more information, see Supported Resource Types.

May 17, 2019
AWS Config updates managed rules

With this release, AWS Config updates the following managed rules:

For more information, see List of AWS Config Managed Rules.

May 7, 2019
AWS Config allows you to delete a remediation action using AWS Management Console.

With this release, AWS Config introduces support to delete a remediation action using AWS Management Console. For more information, see Remediating Noncompliant AWS Resources by AWS Config Rules.

April 24, 2019
AWS Config supports new managed rules

This release supports a new managed rule: fms-shield-resource-policy-check.

For more information, see List of AWS Config Managed Rules.

April 7, 2019
AWS Config supports Amazon API Gateway resource type

With this release, you can use AWS Config to record configuration changes to the following Amazon API Gateway resources; Api (WebSocket API), RestApi (REST API), Stage (WebSocket API stage), and Stage (REST API stage).

For more information, see Supported Resource Types.

March 20, 2019
AWS Config allows you to run advanced queries

With this release, AWS Config adds support to run advanced queries based on resource configuration properties. For more information, see Querying the Current Configuration State of AWS Resources.

With this release, AWS Config adds SelectResourceConfig API. For more information, see SelectResourceConfig in the AWS Config API Reference:

March 19, 2019
AWS Config allows you to assign tags your AWS Config resources

With this release, AWS Config introduces support for tag based access control for three AWS Config resources—ConfigRule, ConfigurationAggregator, and AggregationAuthorization. For more information, see Tagging Your AWS Config Resources.

With this release, you can add, remove or list tags from your AWS Config resources using the following APIs. For more information, see the AWS Config API Reference:

March 14, 2019
AWS Config allows you to apply remediation on noncompliant resources as evaluated by AWS Config Rules

With this release, AWS Config introduces support to apply remediation using AWS Systems Manager automation documents on noncompliant resources as evaluated by AWS Config Rules. For more information, see Remediating Noncompliant AWS Resources by AWS Config Rules.

With this release, AWS Config adds the following new APIs. For more information, see the AWS Config API Reference :

March 12, 2019
AWS Config supports AWS Config Rules in China (Ningxia) Region

This release only supports 54 AWS Config Rules in the China (Ningxia) Region. For more information, see List of AWS Config Managed Rules.

However, AWS Config does not currently support the following rules in the China (Ningxia) Region:

  • acm-certificate-expiration-check

  • cmk-backing-key-rotation-enabled

  • cloudformation-stack-drift-detection-check

  • cloudformation-stack-notification-check

  • cloud-trail-encryption-enabled

  • cloud-trail-log-file-validation-enabled

  • codebuild-project-envvar-awscred-check

  • codebuild-project-source-repo-url-check

  • codepipeline-deployment-count-check

  • codepipeline-region-fanout-check

  • dynamodb-table-encryption-enabled

  • elb-acm-certificate-required

  • encrypted-volumes

  • fms-webacl-resource-policy-check

  • fms-webacl-rulegroup-association-check

  • guardduty-enabled-centralized

  • lambda-function-public-access-prohibited

  • lambda-function-settings-check

  • rds-storage-encrypted

  • root-account-mfa-hardware-mfa-enabled

  • root-account-mfa-enabled

  • s3-bucket-blacklisted-actions-prohibited

  • s3-bucket-policy-grantee-check

  • s3-bucket-policy-not-more-permissive

  • s3-bucket-public-read-prohibited

  • s3-bucket-public-write-prohibited

  • s3-bucket-server-side-encryption-enabled

  • s3-bucket-ssl-requests-only

March 12, 2019
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

January 21, 2019
AWS Config supports AWS Service Catalog resource type

With this release, you can use AWS Config to record configuration changes to the following AWS Service Catalog resources; CloudFromation product, provisioned product, and portfolio. For more information, see Supported Resource Types.

January 11, 2019
Service-linked AWS Config rules support

With this release, AWS Config adds a new managed config rule that supports other AWS services to create AWS Config Rules in your account. For more information, see Service-Linked AWS Config Rules.

November 20, 2018
AWS Config allows you to aggregate configuration data of AWS resources

With this release, AWS Config introduces support for aggregating the configuration data of AWS resources. For more information, see Viewing Compliance Data in the Aggregator Dashboard.

With this release, AWS Config adds the following new APIs. For more information, see the AWS Config API Reference :

November 19, 2018
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

November 19, 2018
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

November 12, 2018
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

October 24, 2018
Compliance history support

With this release, AWS Config now supports storing compliance history of resources as evaluated by AWS Config Rules. For more information, see Viewing Compliance History Timeline for Resources.

October 18, 2018
Multi-account multi-region Data Aggregation Region support

With this release, multi-account multi-region Data Aggregation is now supported in six new Regions. For more information, see Multi-Account Multi-Region Data Aggregation.

October 4, 2018
AWS Config supports resource-level permissions for AWS Config Rules APIs actions

With this release, AWS Config supports resource-level permissions for certain AWS Config Rules API actions. For more information about the supported APIs, see Supported Resource-Level Permissions for AWS Config Rules APIs Actions.

October 1, 2018
AWS Config supports CodePipeline resource type

With this release, you can use AWS Config to record configuration changes to the AWS CodePipeline resource type. For more information, see Supported Resource Types.

September 12, 2018
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

September 5, 2018
AWS Config supports AWS Systems Manager resource type

With this release, you can use AWS Config to record configuration changes to the AWS Systems Manager patch compliance and association compliance resource types. For more information, see Supported Resource Types.

August 9, 2018
AWS Config allows you to delete your AWS Config data using AWS Management Console

With this release, AWS Config introduces support for retention period using AWS Management Console. In the AWS Management Console, you can select a custom data retention period for your ConfigurationItems . For more information, see Deleting AWS Config Data.

August 7, 2018
AWS Config supports AWS Shield resource type

With this release, you can use AWS Config to record configuration changes to the AWS Shield Protection resource type. For more information, see Supported Resource Types.

August 7, 2018
AWS Config supports AWS PrivateLink

With this release, AWS Config supports AWS PrivateLink, enabling you to route data between your Amazon Virtual Private Cloud (VPC) and AWS Config entirely within the AWS network. For more information, see Using AWS Config with Interface Amazon VPC Endpoints.

July 31, 2018
AWS Config allows you to delete your AWS Config data

With this release, AWS Config introduces support for retention period. AWS Config allows you to delete your data by specifying a retention period for your ConfigurationItems . For more information, see Deleting AWS Config Data.

With this release, AWS Config adds the following new APIs. For more information, see the AWS Config API Reference :

May 25, 2018
AWS Config supports new managed rules

This release supports the following two new managed rules:

For more information, see List of AWS Config Managed Rules.

May 10, 2018
AWS Config supports AWS X-Ray resource type

With this release, you can use AWS Config to record configuration changes to the AWS X-Ray EncryptionConfig resource type. For more information, see Supported Resource Types.

May 1, 2018
AWS Config supports AWS Lambda resource type and one new managed rule

With this release, you can use AWS Config to record configuration changes to the AWS Lambda function resource type. For more information, see Supported Resource Types.

This release also supports the lambda-function-public-access-prohibited managed rule. For more information, see AWS Config Managed Rules.

April 25, 2018
AWS Config supports AWS Elastic Beanstalk resource type

With this release, you can use AWS Config to record configuration changes to the AWS Elastic Beanstalk Application, Application Version, and Environment resources.

For more information, see Supported Resource Types.

April 24, 2018
AWS Config supports new managed rules

This release supports the following two new managed rules:

For more information, see List of AWS Config Managed Rules.

April 4, 2018
Multi-account multi-region data aggregation

With this release, AWS Config introduces multi-account multi-region data aggregation. This feature allows you to aggregate AWS Config data from multiple accounts or an organization and multiple regions into an aggregator account. For more information, see Multi-Account Multi-Region Data Aggregation.

With this release, AWS Config adds the following new APIs. For more information, see the AWS Config API Reference :

April 4, 2018
Monitoring AWS Config with Amazon CloudWatch Events

With this release, use Amazon CloudWatch Events to detect and react to changes in the status of AWS Config events.

For more information, see Monitoring AWS Config with Amazon CloudWatch Events.

March 29, 2018
New API operation

With this release, AWS Config adds support for BatchGetResourceConfig API, allowing you to batch-retrieve the current state of one or more of your resources.

March 20, 2018
AWS Config supports AWS WAF RuleGroup resource type

With this release, you can use AWS Config to record configuration changes to the AWS WAF RuleGroup and AWS WAF RuleGroup Regional resources.

For more information, see Supported Resource Types.

February 15, 2018
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

January 25, 2018
AWS Config supports Elastic Load Balancing resource type

With this release, you can use AWS Config to record configuration changes to your Elastic Load Balancing classic load balancers.

For more information, see Supported Resource Types.

November 17, 2017
AWS Config supports the Amazon CloudFront and AWS WAF resource type

With this release, you can use AWS Config to record configuration changes to your CloudFront distribution and streaming distribution.

With this release, you can use AWS Config to record configuration changes to the following AWS WAF and AWS WAF Regional resources; rate based rule, rule, and Web ACL.

For more information, see Supported Resource Types.

November 15, 2017
AWS Config supports the AWS CodeBuild resource type

With this release, you can use AWS Config to record configuration changes to your AWS CodeBuild projects.

For more information, see Supported Resource Types.

October 20, 2017
AWS Config supports Auto Scaling resources and one new managed rule

With this release, you can use AWS Config to record configuration changes to the following Auto Scaling resources; groups, launch configuration, scheduled action, and scaling policy.

For more information, see Supported Resource Types.

This release also supports the following managed rule:

For more information, see AWS Config Managed Rules.

September 18, 2017
AWS Config supports the AWS CodeBuild resource type

With this release, you can use AWS Config to record configuration changes to your AWS CodeBuild projects.

For more information, see Supported Resource Types.

October 20, 2017
AWS Config supports Auto Scaling resources and one new managed rule

With this release, you can use AWS Config to record configuration changes to the following Auto Scaling resources; groups, launch configuration, scheduled action, and scaling policy.

For more information, see Supported Resource Types.

This release also supports the following managed rule:

For more information, see AWS Config Managed Rules.

September 18, 2017
AWS Config supports the DynamoDB table resource type and one new managed rule

With this release, you can use AWS Config to record configuration changes to your DynamoDB tables.

For more information, see Supported Resource Types.

This release supports the following managed rule:

For more information, see AWS Config Managed Rules.

September 8, 2017
AWS Config supports two new managed rules for Amazon S3

This release supports two new managed rules:

For more information, see AWS Config Managed Rules.

August 14, 2017
New page in the AWS Config console

You can use the Dashboard in the AWS Config console to see the following:

  • Total number of resources

  • Total number of rules

  • Number of noncompliant resources

  • Number of noncompliant rules

For more information, see Viewing the AWS Config Dashboard.

July 17, 2017
New API operation

You can use the GetDiscoveredResourceCounts operation to return the number of resource types, the number of each resource type, and the total number of resources that AWS Config is recording in a Region for your AWS account.

July 17, 2017
AWS Config supports the AWS CloudFormation stack resource type and one new managed rule

With this release, you can use AWS Config to record configuration changes to your AWS CloudFormation stacks.

For more information, see Supported Resource Types.

This release supports the following managed rule:

For more information, see AWS Config Managed Rules.

July 6, 2017
New and updated content

This release adds support for AWS Config Rules in the Canada (Central) Region and South America (São Paulo) Region.

For all regions that support AWS Config and Config Rules, see AWS Regions and Endpoints in the AWS General Reference.

July 5, 2017
New and updated content

AWS Config Rules is available in the AWS GovCloud (US) Region. For more information, see the AWS GovCloud (US) User Guide.

For regions that support AWS Config, see AWS Regions and Endpoints in the AWS General Reference.

June 8, 2017
AWS Config supports the Amazon CloudWatch alarm resource type and three new managed rules

With this release, you can use AWS Config to record configuration changes to your Amazon CloudWatch alarms.

For more information, see Supported Resource Types.

This release supports three new managed rules:

For more information, see AWS Config Managed Rules.

June 1, 2017
New and updated content

This release supports specifying the application version number for the following managed rules:

For more information, see AWS Config Managed Rules.

June 1, 2017
New and updated content

This release adds support for AWS Config Rules in the Asia Pacific (Mumbai) Region. For more information, see AWS Regions and Endpoints in the AWS General Reference.

April 27, 2017
New and updated content

This release supports an updated console experience for adding AWS Config managed rules to your account for the first time.

When you set up AWS Config Rules for the first time or in a new Region, you can search for AWS managed rules by name, description, or label. You can choose Select all to select all rules or choose Clear all to clear all rules.

For more information, see Setting Up AWS Config Rules with the Console.

April 5, 2017
AWS Config supports new managed rules

This release supports the following new managed rules:

For more information, see List of AWS Config Managed Rules.

February 21, 2017
New and updated content

This release adds support for AWS Config Rules in the Europe (London) Region. For more information, see AWS Regions and Endpoints in the AWS General Reference.

February 21, 2017
New and updated content

This release adds AWS CloudFormation templates for AWS Config managed rules. You can use the templates to create managed rules for your account. For more information, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

February 16, 2017
New and updated content

This release adds support for a new test mode for the PutEvaluations API. Set the TestMode parameter to true in your custom rule to verify whether your AWS Lambda function will deliver evaluation results to AWS Config. No updates occur to your existing evaluations, and evaluation results are not sent to AWS Config.

For more information, see PutEvaluations in the AWS Config API Reference.

February 16, 2017
New and updated content

This release adds support for AWS Config Rules in the Asia Pacific (Seoul), and US West (N. California) Regions. For more information, see AWS Regions and Endpoints in the AWS General Reference.

December 21, 2016
New and updated content

This release adds support for AWS Config in the Europe (London) Region. For more information, see AWS Regions and Endpoints in the AWS General Reference.

December 13, 2016
New and updated content

This release adds support for AWS Config in the Canada (Central) Region. For more information, see AWS Regions and Endpoints in the AWS General Reference.

December 8, 2016
AWS Config supports Amazon Redshift resource types and two new managed rules

With this release, you can use AWS Config to record configuration changes to your Amazon Redshift clusters, cluster parameter groups, cluster security groups, cluster snapshots, cluster subnet groups, and event subscriptions.

For more information, see Supported Resource Types.

This release supports two new managed rules:

For more information, see List of AWS Config Managed Rules.

December 7, 2016
New and updated content

This release adds support for a new managed rule:

For more information, see List of AWS Config Managed Rules.

December 7, 2016
New and updated content This release adds support for creating up to 50 rules per Region in an account. For more information, see AWS Config Limits in the AWS General Reference. December 7, 2016
AWS Config supports the managed instance inventory resource type for Amazon EC2 Systems Manager and three new managed rules

With this release, you can use AWS Config to record software configuration changes on your managed instances with support for managed instance inventory.

For more information, see Recording Software Configuration for Managed Instances.

This release supports three new managed rules:

For more information, see List of AWS Config Managed Rules.

December 1, 2016
AWS Config supports the Amazon S3 bucket resource and two new managed rules

With this release, you can use AWS Config to record configuration changes to your Amazon S3 buckets. For more information, see Supported Resource Types.

This release supports two new managed rules:

For more information, see AWS Config Managed Rules.

October 18, 2016
New and updated content

This release adds support for AWS Config and AWS Config Rules in the US East (Ohio) Region. For more information, see AWS Regions and Endpoints in the AWS General Reference.

October 17, 2016
New and updated managed rules

This update adds support for eight new managed rules:

You can specify multiple parameter values for the following rules:

For more information, see List of AWS Config Managed Rules.

October 4, 2016
New and updated content for the AWS Config console This update adds support for viewing AWS CloudTrail API activity in the AWS Config timeline. If CloudTrail is logging for your account, you can view create, update, and delete API events for configuration changes to your resources. For more information, see Viewing Configuration Details. September 06, 2016
AWS Config supports Elastic Load Balancing resource type With this release, you can use AWS Config to record configuration changes to your Elastic Load Balancing application load balancers. For more information, see Supported Resource Types. August 31, 2016
New and updated content

This release adds support for AWS Config Rules in the Asia Pacific (Singapore), and Asia Pacific (Sydney) Regions. For more information, see AWS Regions and Endpoints in the AWS General Reference.

August 18, 2016
New and updated content for AWS Config Rules

This update adds support for creating a rule that can be triggered by both configuration changes and at a periodic frequency that you choose. For more information, see Specifying Triggers for AWS Config Rules.

This update also adds support for manually evaluating your resources against your rule and deleting evaluation results. For more information, see Evaluating Your Resources.

This update also adds support for evaluating additional resource types using custom rules. For more information, see Evaluating Additional Resource Types.

July 25, 2016
AWS Config supports Amazon RDS and AWS Certificate Manager (ACM) resource types

With this release, you can use AWS Config to record configuration changes to your Amazon Relational Database Service (Amazon RDS) DB instances, DB security groups, DB snapshots, DB subnet groups, and event subscriptions. You can also use AWS Config to record configuration changes to certificates provided by ACM.

For more information, see Supported Resource Types.

July 21, 2016
Updated information about managing the configuration recorder This update adds steps for renaming and deleting the configuration recorder to Managing the Configuration Recorder. July 07, 2016
Simplified role creation and updated policies With this update, creating an IAM role for AWS Config is simplified. This enhancement is available in regions that support Config rules. To support this enhancement, the steps in Setting Up AWS Config with the Console are updated, the example policy in Permissions for the Amazon S3 Bucket is updated, and the example policy in Granting Custom Permissions for AWS Config Users is updated. March 31, 2016
Example functions and events for Config rules This update provides updated example functions in Example AWS Lambda Functions for AWS Config Rules (Node.js), and this update adds example events in Example Events for AWS Config Rules. March 29, 2016
AWS Config Rules GitHub repository This update adds information about the AWS Config Rules GitHub repository to Evaluating Resources with AWS Config Rules. This repository provides sample functions for custom rules that are developed and contributed by AWS Config users. March 1, 2016
AWS Config Rules This release introduces AWS Config Rules. With rules, you can use AWS Config to evaluate whether your AWS resources comply with your desired configurations. For more information, see Evaluating Resources with AWS Config Rules. December 18, 2015
AWS Config supports IAM resource types With this release, you can use AWS Config to record configuration changes to your IAM users, groups, roles, and customer managed policies. For more information, see Supported Resource Types. December 10, 2015
AWS Config supports EC2 Dedicated host With this release, you can use AWS Config to record configuration changes to your EC2 Dedicated hosts. For more information, see Supported Resource Types. November 23, 2015
Updated permissions information This update adds information about the following AWS managed policies for AWS Config:
October 19, 2015
AWS Config Rules preview This release introduces the AWS Config Rules preview. With rules, you can use AWS Config to evaluate whether your AWS resources comply with your desired configurations. For more information, see Evaluating Resources with AWS Config Rules. October 7, 2015
New and updated content

This release adds the ability to look up resources that AWS Config has discovered. For more information, see Looking Up Resources That Are Discovered by AWS Config.

August 27, 2015

New and updated content

This release adds the ability to select which resource types AWS Config records. For more information, see Selecting Which Resources AWS Config Records.

June 23, 2015

New and updated content

This release adds support for the following regions: Asia Pacific (Tokyo), Asia Pacific (Singapore), Europe (Frankfurt), South America (São Paulo), and US West (N. California). For more information, see AWS Regions and Endpoints.

April 6, 2015

New guide

This release introduces AWS Config.

November 12, 2014