This is the second part of the series discussing AWS Config service. In the first part, we discussed the AWS Config concepts and what is needed to deploy it.

In the second part of the series, we will see how the changes are recorded and displayed to the user by adding resources and changing some of the resources.

VMware Training – Resources (Intense)

So let’s have a recap of where we ended the first part of the series. We have multiple resources that have a tag called “Name” that we can use to filter out the resources and we saw the details of an EC2 instance:

In this part, we will:

  • Configure notifications
  • Trigger a configuration snapshot
  • Stop the EC2 instance
  • Create a new volume, attach it to the EC2 instance and start the EC2 instance

Before we move further, let’s configure the notifications that need to be sent when a configuration change happens to a recorded resource. We created the SNS topic during AWS Config launching, but we need to configure so it will send an email whenever a change will happen.

From the SNS console, select “Topics” from the left menu and you should see the topic that we created. Copy the ARN:

Then from the Subscription menu, create a new subscription. Fill in the ARN that you copied earlier and fill in the email address that should receive the notifications:

Once you create the subscription, you should receive an email asking for subscription confirmation. Once you confirm this, you are done and, from now on, you will receive the notifications from the AWS Config:

Now that this is done, let’s move further and see how the other tasks can be done.

First, let’s trigger a configuration snapshot. A configuration snapshot contains the configuration of all resources that are recorded at the moment when the snapshot was triggered. The configuration snapshot is saved in the S3 bucket. To trigger the configuration snapshot, you need to use the AWS CLI and, more exactly, the command “aws configservice deliver-config-snapshot –delivery-channel-name default.” I’m doing this from another EC2 instance, which is in another AWS region, hence I need to use “–region eu-central-1”:

[ec2-user@ip-172-31-39-6 ~]$ aws configservice deliver-config-snapshot --delivery-channel-name default --region eu-central-1
{
    "configSnapshotId": "ca55850f-6428-45f2-ab61-b1e0a5c4701e"
}
[ec2-user@ip-172-31-39-6 ~]$

Once I did this, I received an email notifying me that the snapshot delivery was started:

And when it was finished, I received another one:

Now, if you are going to check the status of the service, you will see when the configuration snapshot was taken:

You can see that the file containing the configuration snapshot was created in the S3 bucket in a new folder. The only way to see the configuration snapshot is to download the file from the S3 bucket and open it:

As said in the beginning of the article, we will stop the EC2 instance, create another volume, attach it to the EC2 instance, and then start the EC2 instance. The only visible difference after these steps is that we have another volume that was named STORAGE_VOLUME with the volume ID vol-73763191, so I can differentiate between the two volumes:

Again, I filtered based on the tag and selected the EC2 instance. As you can see, there were two events where changes happened:

So let’s check the first event where three changes were recorded. As you can see, the state of the instance changed from running to stopping because I initiated it:

As expected, I received an email where I can see that the EC2 instance state changed from running to stopping:

After this event, the next one contains the EC2 instance starting, volume creation, and attaching:

Now, we have a change in the relationships. Now the second volume is attached to the EC2 instance: as you can see, the number of EC2 volumes increased:

Next, there are multiple changes, configuration changes and relationship changes.

As you can see, the network interfaces changed, the launch time (due to stop/start events), the EC2 state has changed from stopping to running. The addition of the second volume is also recorded. You can see the device name where is attached, the volume id and other details. You can also see that there is a new relationship created and that is the relationship between the EC2 instance and the new volume because the new volume was attached to the EC2 instance:

If you select the new EC2 volume to see the configuration and relationship changes, this will be seen:

Once the EC2 volume was created, you should have received a notification containing relevant information:

Now, let’s trigger another configuration snapshot:

[ec2-user@ip-172-31-39-6 ~]$ aws configservice deliver-config-snapshot –delivery-channel-name default –region eu-central-1
{
“configSnapshotId”: “ba5444ec-be5a-4d87-a8cb-f53d480e892e”
}
[ec2-user@ip-172-31-39-6 ~]$

Once it is done, you should see it in the S3 bucket:

Meanwhile, configuration history was saved for each resource. Each file identifies the specific resource and contains all the complete configurations after each change. The configuration history file can be seen either by downloading the file from the S3 bucket or by using the AWS CLI command “aws configservice get-resource-config-history”. To this command you will need specify the resource type and the resource id:

Of course, configuration history triggers a notification:

You can check when the last configuration history or snapshot was triggered by checking the service status:

You can turn off the recording of the resource by using the “Turn off” button. Once you do this, there is no recording of the resources changes:

And by reaching this point of the article, we actually reach the end of the series that discusses the AWS Config service.

Throughout the two parts of the series, we discussed the purpose of the AWS Config service, how it can be deployed, and what it means to deploy the service. We also configured SNS topic and subscription.

Next, we added new resources and changed the existing resources so we can trigger configuration and relationship changes so we can visualize using AWS Config.

References