Setting up Automatic Resource Remediation with AWS Config
Welcome to this AWS hands-on lab, Setting up Automatic Resource Remediation with AWS Config.
This activity provides you with the opportunity to get hands-on experience creating rules in AWS Config and implementing remediations using Lambda functions. This approach helps maintain a highly-secure networking architecture inside of AWS.
Good luck and enjoy the hands-on lab!
Resources for this activity are on the Github Repository.
NOTE: We use a pool of shared AWS accounts for our lab environments. Once the previous user's lab is terminated, we have a cleaner that reclaims any AWS resources, including EC2 instances, S3 buckets, etc. This prepares the environment for you to use it next. However, because Config uses CloudTrail as the source of its data, and CloudTrail records can't be deleted, Config sometimes sees resources that no longer exist. To resolve it, we recommend you turn Config off and back on again in Config's settings. Please see the note on this in the lab instructions to help. Also please note that Config can take a very long time to synchronize, possibly 20 minutes or more.