If you use large-scale resources, Cloud Config can help you automatically monitor resources and evaluate the configuration compliance of the resources. Cloud Config can help you monitor resources in the following scenarios.
Centralized resource management
The management of resources deployed in different regions poses a huge challenge. Cloud Config aggregates resources of different regions to accelerate the query of resources, and records configuration snapshots of the resources. After you activate Cloud Config, you can view the resources of different regions under your account in Cloud Config. You can search for a resource and view the configuration snapshots of the resource.
Configuration compliance evaluation
After you activate Cloud Config, you can create rules and bind them with specific resource types. You can use managed rules in Cloud Config or create custom rules.
When the configurations of the resources of a specified type change, the rules bound with the resource type are triggered to evaluate the compliance of the configuration changes.
Continuous protection screening based on Baseline for Classified Protection of Cybersecurity 2.0 on the cloud
Cloud Config interprets the specifications of Baseline for Classified Protection of Cybersecurity 2.0 as rules and evaluates resources on the cloud based on the rules. You can enable protection screening based on Baseline for Classified Protection of Cybersecurity 2.0 with one-click. The protection screening feature evaluates resource compliance in a continuous manner. You can also download the protection screening report and provide it as evidence to authorized agencies.
Configuration change tracking and remediation of non-compliant resources
After you activate Cloud Config, Cloud Config records configuration snapshots of your resources every 10 minutes. You can view the configuration changes for each resource.
Cloud Config integrates with ActionTrail. You can view the events for each configuration change. This allows you to quickly locate the time point when a configuration error occurred and view the operations log at that time point. In this way, you can quickly locate and troubleshoot issues.