Verifying that AWS Config is Successfully Started with the AWS CLI
After you have started AWS Config, you can use AWS CLI commands to check that the AWS Config is running and that AWS Config has created a configuration recorder and a delivery channel. You can also confirm that AWS Config has started recording and delivering configurations to the delivery channel.
Topics
Step 1: Check that the Delivery Channel Is Created
Use the describe-delivery-channels
command to check that your Amazon S3
bucket and Amazon SNS topic is configured.
$ aws configservice describe-delivery-channels { "DeliveryChannels": [ { "snsTopicARN": "arn:aws:sns:us-west-2:0123456789012:my-config-topic", "name": "my-delivery-channel", "s3BucketName": "my-config-bucket" } ] }
When you use the CLI, the service API, or the SDKs to configure your delivery channel and
do not specify a name, AWS Config automatically assigns the name "default
".
Step 2: Check that the Configuration Recorder Is Created
Use the describe-configuration-recorders
command to check that a
configuration recorder is created and that the configuration recorder has assumed an IAM
role. For more information, see Step 3: Creating an IAM Role.
$ aws configservice describe-configuration-recorders { "ConfigurationRecorders": [ { "roleARN": "arn:aws:iam::012345678912:role/myConfigRole", "name": "default" } ] }
Step 3: Check that AWS Config has started recording
Use the describe-configuration-recorder-status
command to check that the AWS Config has
started recording the configurations of the supported AWS resources existing in your
account. The recorded configurations are delivered to the specified delivery channel.
$ aws configservice describe-configuration-recorder-status { "ConfigurationRecordersStatus": [ { "name": "default", "lastStatus": "SUCCESS", "lastStopTime": 1414511624.914, "lastStartTime": 1414708460.276, "recording": true, "lastStatusChangeTime": 1414816537.148, "lastErrorMessage": "NA", "lastErrorCode": "400" } ] }
The value true
in the recording
field confirms that the
configuration recorder has started recording configurations of all your resources. AWS Config
records the time in UTC. The output is displayed as a Unix timestamp.
For information about looking up the resources existing in your account and understanding the configurations of your resources, see Looking up Resources, Viewing Compliance Informance, and Viewing Compliance History.