Getting visibility of resource changes and the relationship between different AWS resources is the key to tracking compliance in your AWS infrastructure. AWS offers Config and it helps to ease the burden of implementing and tracking compliance control. Config is a managed service that simplifies compliance reporting. Config help you to get the inventory of AWS resources, discover new resources, track deleted AWS resources, continuous recording of configuration changes, and to be notified when those configuration changes occur.
Overall, AWS Config does five things, as shown in the preceding diagram. It records changes to your AWS resources and then normalizes them into the consistent format called configuration items. It then stores the data in the data store managed by AWS. Config Rules are another feature within Config, which can help you to focus on compliance issues...