Check that AWS Config Is On - AWS Config

Check that AWS Config Is On

Once you have turned on AWS Config, you can use AWS CLI commands to check that the AWS Config is running and that AWS Config has created a configuration recorder and a delivery channel. You can also confirm that AWS Config has started recording and delivering configurations to the delivery channel.

Check that the Delivery Channel Is Created

Use the describe-delivery-channels command to check that your Amazon S3 bucket and Amazon SNS topic is configured.

$ aws configservice describe-delivery-channels { "DeliveryChannels": [ { "snsTopicARN": "arn:aws:sns:us-west-2:0123456789012:my-config-topic", "name": "my-delivery-channel", "s3BucketName": "my-config-bucket" } ] }

When you use the CLI, the service API, or the SDKs to configure your delivery channel and do not specify a name, AWS Config automatically assigns the name "default".

Check that the Configuration Recorder Is Created

Use the describe-configuration-recorders command to check that a configuration recorder is created and that the configuration recorder has assumed an IAM role. For more information, see Creating an IAM Role.

$ aws configservice describe-configuration-recorders { "ConfigurationRecorders": [ { "roleARN": "arn:aws:iam::012345678912:role/myConfigRole", "name": "default" } ] }

Check that AWS Config has started recording

Use the describe-configuration-recorder-status command to check that the AWS Config has started recording the configurations of the supported AWS resources existing in your account. The recorded configurations are delivered to the specified delivery channel.

$ aws configservice describe-configuration-recorder-status { "ConfigurationRecordersStatus": [ { "name": "default", "lastStatus": "SUCCESS", "lastStopTime": 1414511624.914, "lastStartTime": 1414708460.276, "recording": true, "lastStatusChangeTime": 1414816537.148, "lastErrorMessage": "NA", "lastErrorCode": "400" } ] }

The value true in the recording field confirms that the configuration recorder has started recording configurations of all your resources. AWS Config records the time in UTC. The output is displayed as a Unix timestamp.

For information about looking up the resources existing in your account and understanding the configurations of your resources, see Viewing AWS Resource Configurations and History.