AWS Config
AWS Config
AWS Config API records AWS resource configuration history — compliance audit, change tracking, and rule-based auto-alerts.
Complete config history for 200+ resource types
Charged by recording count and rule evaluations — enabling all regions can get expensive
PutConfigurationRecorder to enable the recorder. PutConfigRule to add compliance rules. View results in Config Dashboard.
Uptime · 30-day window
GitHub activity
About this API
AWS Config is a configuration management database — treats all your AWS resource configurations as "objects" with continuous recording and versioning on every change. Foundation for compliance and audit: regulator requires "all S3 buckets must be encrypted", Config continuously monitors every S3 bucket company-wide, alerting on violations; after a security incident, "who changed that security group yesterday" — Config provides full change timeline. Two rule types: managed rules (AWS-written, covering common compliance) and custom rules (your Lambda implementing business rules). Combined with Systems Manager Automation or Config remediation, supports auto-remediation — e.g. detect unencrypted S3 bucket, auto-enable encryption. Essential for enterprise AWS governance.
What you can build
- 1Compliance audit (all S3 buckets must be encrypted)
- 2Resource config change tracking (who changed which security group when)
- 3Rule-based auto-alerts (immediate alert on 0.0.0.0/0 inbound)
- 4Periodic compliance reporting
Strengths & limitations
Strengths
- Complete config history for 200+ resource types
- Built-in 100+ compliance rules (HIPAA, PCI, CIS, and other baselines)
- Custom rules supported (Lambda)
- Can pair with auto-remediation
Limitations
- Charged by recording count and rule evaluations — enabling all regions can get expensive
- Rule evaluations have latency (not real-time)
Example request
curl https://github.com/mermade/aws2openapi/<endpoint>Getting started
PutConfigurationRecorder to enable the recorder. PutConfigRule to add compliance rules. View results in Config Dashboard.
FAQ
How expensive is Config?+
By recordings (~$0.003 per resource per change) + rule evaluations (~$0.001 per 1k). Full coverage all regions/types can cost $100-500/month for small companies.
Config vs. CloudTrail?+
CloudTrail records API calls (who called what); Config records resource state (what does the resource look like now). Complementary.
Technical details
- Auth type
- unknown
- Pricing
- unknown
- Protocols
- REST
- SDKs
- python, javascript, go, java, csharp
- Response time
- 21 ms
- Last health check
- 5/12/2026, 7:36:33 AM
More from Amazon Web Services
AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.
Amazon Chime SDK API embeds real-time audio/video calling and chat into apps (meetings, messaging, PSTN calls).
Amazon CloudFront is the AWS CDN and edge service — accelerates static and dynamic content delivery, a standard for web performance.
Amazon CloudSearch is AWS's managed search service (gradually superseded by OpenSearch Service).
CloudWatch Application Insights API auto-detects application problems — intelligently identifies anomalies (slow SQL queries, memory leaks), reducing manual alarm configuration.
AWS Cognito Identity Pools API issues temporary AWS credentials to frontend apps — identity federation, guest users, direct AWS resource access.
Amazon Cognito User Pools deliver managed user signup, login, password reset, and MFA for applications.
Amazon Connect Contact Lens API uses AI to analyze Amazon Connect calls in real time — sentiment, keywords, compliance detection, auto-summary.