AWS Config
Developer Guide

Controlling Permissions for AWS Config

AWS Config integrates with AWS Identity and Access Management (IAM), which allows you to create permission policies to attach to your IAM role, Amazon S3 buckets and Amazon Simple Notification Service (Amazon SNS) topics. You can use AWS Identity and Access Management to create AWS Config permission policies to attach to the IAM roles. A policy is a set of statements that grants AWS Config permissions.


We consider it a best practice not to use root account credentials to perform everyday work in AWS. Instead, we recommend that you create an IAM administrators group with appropriate permissions, create IAM users for the people in your organization who need to perform administrative tasks (including for yourself), and add those users to the administrative group. For more information, see IAM Best Practices in the IAM User Guide guide.

The first two topics control user permissions for AWS Config followed by topics that provide accurate configuration information about permissions needed for AWS Config. The topics provide examples of recommended IAM policies to use with the AWS Config console and the AWS Command Line Interface.