Viewing Configuration Details
You can view the configuration, relationships, and number of changes made to a resource in the AWS Config console. You can view the configuration history for a resource using AWS CLI.
Viewing Configuration Details (Console)
When you look up resources on the Resource inventory page, choose the resource name or ID in the resource identifier column to view the resource's details page. The details page provides information about the configuration, relationships, and number of changes made to that resource.
To access the resource timeline from the resource details page, choose the Resource Timeline button. The Resource timeline captures
changes as ConfigurationItems over a period of time for a specific
resource. You can filter by Configuration events, Compliance events, or CloudTrail
Events.
Viewing Configuration Details (AWS CLI)
The configuration items that AWS Config records are delivered to the specified delivery channel on demand as a configuration snapshot and as a configuration stream. You can use the AWS CLI to view history of configuration items for each resource.
Viewing Configuration History
Type the get-resource-config-history command and specify the
resource type and the resource ID, for example:
$ aws configservice get-resource-config-history --resource-type AWS::EC2::SecurityGroup --resource-id sg-6fbb3807 { "configurationItems": [ { "configurationItemCaptureTime": 1414708529.9219999, "relationships": [ { "resourceType": "AWS::EC2::Instance", "resourceId": "i-7a3b232a", "relationshipName": "Is associated with Instance" }, { "resourceType": "AWS::EC2::Instance", "resourceId": "i-8b6eb2ab", "relationshipName": "Is associated with Instance" }, { "resourceType": "AWS::EC2::Instance", "resourceId": "i-c478efe5", "relationshipName": "Is associated with Instance" }, { "resourceType": "AWS::EC2::Instance", "resourceId": "i-e4cbe38d", "relationshipName": "Is associated with Instance" } ], "availabilityZone": "Not Applicable", "tags": {}, "resourceType": "AWS::EC2::SecurityGroup", "resourceId": "sg-6fbb3807", "configurationStateId": "1", "relatedEvents": [], "arn": "arn:aws:ec2:us-east-2:012345678912:security-group/default", "version": "1.0", "configurationItemMD5Hash": "860aa81fc3869e186b2ee00bc638a01a", "configuration": "{\"ownerId\":\"605053316265\",\"groupName\":\"default\",\"groupId\":\"sg-6fbb3807\",\"description\":\"default group\",\"ipPermissions\":[{\"ipProtocol\":\"tcp\",\"fromPort\":80,\"toPort\":80,\"userIdGroupPairs\":[{\"userId\":\"amazon-elb\",\"groupName\":\"amazon-elb-sg\",\"groupId\":\"sg-843f59ed\"}],\"ipRanges\":[\"0.0.0.0/0\"]},{\"ipProtocol\":\"tcp\",\"fromPort\":0,\"toPort\":65535,\"userIdGroupPairs\":[{\"userId\":\"605053316265\",\"groupName\":\"default\",\"groupId\":\"sg-6fbb3807\"}],\"ipRanges\":[]},{\"ipProtocol\":\"udp\",\"fromPort\":0,\"toPort\":65535,\"userIdGroupPairs\":[{\"userId\":\"605053316265\",\"groupName\":\"default\",\"groupId\":\"sg-6fbb3807\"}],\"ipRanges\":[]},{\"ipProtocol\":\"icmp\",\"fromPort\":-1,\"toPort\":-1,\"userIdGroupPairs\":[{\"userId\":\"605053316265\",\"groupName\":\"default\",\"groupId\":\"sg-6fbb3807\"}],\"ipRanges\":[]},{\"ipProtocol\":\"tcp\",\"fromPort\":1433,\"toPort\":1433,\"userIdGroupPairs\":[],\"ipRanges\":[\"0.0.0.0/0\"]},{\"ipProtocol\":\"tcp\",\"fromPort\":3389,\"toPort\":3389,\"userIdGroupPairs\":[],\"ipRanges\":[\"207.171.160.0/19\"]}],\"ipPermissionsEgress\":[],\"vpcId\":null,\"tags\":[]}", "configurationItemStatus": "ResourceDiscovered", "accountId": "605053316265" } ], "nextToken": ..........
For detailed explanation of the response fields, see Components of a Configuration Item and Supported Resource Types.
Example Amazon EBS Configuration History from AWS Config
AWS Config generates a set of files that each represent a resource type and lists all configuration changes for the resources of that type that AWS Config is recording. AWS Config exports this resource-centric configuration history as an object in the Amazon S3 bucket that you specified when you enabled AWS Config. The configuration history file for each resource type contains the changes that were detected for the resources of that type since the last history file was delivered. The history files are typically delivered every six hours.
The following is an example of the contents of the Amazon S3 object that describes the
configuration history of all the Amazon Elastic Block Store volumes in the current region for your
AWS account. The volumes in this account include vol-ce676ccc and
vol-cia007c. Volume vol-ce676ccc had two configuration
changes since the previous history file was delivered while volume
vol-cia007c had one change.
{ "fileVersion": "1.0", "requestId": "asudf8ow-4e34-4f32-afeb-0ace5bf3trye", "configurationItems": [ { "snapshotVersion": "1.0", "resourceId": "vol-ce676ccc", "arn": "arn:aws:us-west-2b:123456789012:volume/vol-ce676ccc", "accountId": "12345678910", "configurationItemCaptureTime": "2014-03-07T23:47:08.918Z", "configurationStateID": "3e660fdf-4e34-4f32-afeb-0ace5bf3d63a", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adb69edbb1e4", "c376e30d-71a2-4694-89b7-a5a04ad92281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Volume", "resourceCreationTime": "2014-02-27T21:43:53.885Z", "tags": {}, "relationships": [ { "resourceId": "i-344c463d", "resourceType": "AWS::EC2::Instance", "name": "Attached to Instance" } ], "configuration": { "volumeId": "vol-ce676ccc", "size": 1, "snapshotId": "", "availabilityZone": "us-west-2b", "state": "in-use", "createTime": "2014-02-27T21:43:53.0885+0000", "attachments": [ { "volumeId": "vol-ce676ccc", "instanceId": "i-344c463d", "device": "/dev/sdf", "state": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } ], "tags": [ { "tagName": "environment", "tagValue": "PROD" }, { "tagName": "name", "tagValue": "DataVolume1" } ], "volumeType": "standard" } }, { "configurationItemVersion": "1.0", "resourceId": "vol-ce676ccc", "arn": "arn:aws:us-west-2b:123456789012:volume/vol-ce676ccc", "accountId": "12345678910", "configurationItemCaptureTime": "2014-03-07T21:47:08.918Z", "configurationItemState": "3e660fdf-4e34-4f32-sseb-0ace5bf3d63a", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-ad229edbb1e4", "c376e30d-71a2-4694-89b7-a5a04w292281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Volume", "resourceCreationTime": "2014-02-27T21:43:53.885Z", "tags": {}, "relationships": [ { "resourceId": "i-344c463d", "resourceType": "AWS::EC2::Instance", "name": "Attached to Instance" } ], "configuration": { "volumeId": "vol-ce676ccc", "size": 1, "snapshotId": "", "availabilityZone": "us-west-2b", "state": "in-use", "createTime": "2014-02-27T21:43:53.0885+0000", "attachments": [ { "volumeId": "vol-ce676ccc", "instanceId": "i-344c463d", "device": "/dev/sdf", "state": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } ], "tags": [ { "tagName": "environment", "tagValue": "PROD" }, { "tagName": "name", "tagValue": "DataVolume1" } ], "volumeType": "standard" } }, { "configurationItemVersion": "1.0", "resourceId": "vol-cia007c", "arn": "arn:aws:us-west-2b:123456789012:volume/vol-cia007c", "accountId": "12345678910", "configurationItemCaptureTime": "2014-03-07T20:47:08.918Z", "configurationItemState": "3e660fdf-4e34-4f88-sseb-0ace5bf3d63a", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adjhk8edbb1e4", "c376e30d-71a2-4694-89b7-a5a67u292281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Volume", "resourceCreationTime": "2014-02-27T20:43:53.885Z", "tags": {}, "relationships": [ { "resourceId": "i-344e563d", "resourceType": "AWS::EC2::Instance", "name": "Attached to Instance" } ], "configuration": { "volumeId": "vol-cia007c", "size": 1, "snapshotId": "", "availabilityZone": "us-west-2b", "state": "in-use", "createTime": "2014-02-27T20:43:53.0885+0000", "attachments": [ { "volumeId": "vol-cia007c", "instanceId": "i-344e563d", "device": "/dev/sdf", "state": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } ], "tags": [ { "tagName": "environment", "tagValue": "PROD" }, { "tagName": "name", "tagValue": "DataVolume2" } ], "volumeType": "standard" } } ] }
