AWS Config is yet another managed service, under the security and governance wing of services, that provides a detailed view of the configurational settings of each of your AWS resources. Configurational settings here can be anything, from simple settings made to your EC2 instances or VPC subnets, to how one resource is related to another, such as how an EC2 instance is related with an EBS volume, an ENI, and so on. Using AWS Config, you can actually view and compare such configurational changes that were made to your resource in the past, and take the necessary preventative actions if needed.

Here's a list of things that you can basically achieve by using AWS Config:

• Evaluate your AWS resource configurations against a desired setting
• Retrieve and view historical configurations of one or more resources
• Send notifications whenever a particular resource is created, modified, or deleted
• Obtain a configuration snapshot of your resource that you can later use as a blueprint or template
• View relationships and hierarchies between resources, such as all the instances that are part of a particular network subnet, and so on

Using AWS Config enables you to manage your resources more effectively by setting governing policies and standardizing configurations for your resources. Each time a configuration change is violated, you can trigger off notifications or even perform a remediation against the change. Furthermore, AWS Config also provides out-of-the-box integration capabilities with the likes of AWS CloudTrail, as well to providing you with a complete end-to-end auditing and compliance monitoring solution for your AWS environment.

Before we get started by setting up AWS Config for our own scenario, let's first take a quick look at some of its important concepts and terminologies.