Amazon AWS Config

The AWS Config service provides configuration information about all catalog items in your AWS environment, including configuration changes.

Setting up the AWS Config service

The instructions for enabling the AWS Config service are provided in Amazon’s documentation. An overview is provided here.

  1. Create an AWS SNS Topic called AWSConfig_topic.
    • Log in to the AWS Console.
    • Navigate to the SNS tab.
    • Click the “Create and Add” button, and select “Create new topic”.
    • In the dialog, enter “AWSConfig_topic” as the topic name.
    • Click “Create topic” to close the dialog.
  2. Create an AWS S3 bucket for AWS Config.
    • Navigate to the S3 tag in the AWS Console.
    • Click the “Actions” button, and select “Create Bucket…”.
    • In the dialog, enter a bucket name in the “Bucket Name” field.
    • Select the region appropriate for your AWS account.
    • Click “Create” to close the dialog.
  3. Enable the AWS Config service.
    • Navigate to the Config tab.
    • Click the gear icon next to the “Status” link.
    • Under the “Amazon SNS Topic” heading, select “Choose a topic from your. account” and select the AWSConfig_topic.
    • Under the “Amazon S3 Bucket” heading, select “Choose a bucket from my. account” and select the correct bucket name.
    • Enter an optional subdirectory.
    • Click “Allow” to allow the AWS Config service read resource configurations.

How ManageIQ Uses AWS Config

ManageIQ supports AWS Config by using the service as the source for events. Configuration changes published by AWS Config are consumed by ManageIQ and treated as events. These events are processed by the normal ManageIQ event handler mechanisms.

When the ManageIQ AWS Event Catcher starts for the first time, it will create a new AWS SQS Queue that subscribes to the AWS SNS Topic used by the AWS Config service. It is important to use the AWS SNS Topic name of AWSConfig_topic when setting up the AWS Config service so that ManageIQ can find the topic when creating the SQS Queue.

The SQS Queue is used to receive AWS resource configuration diffs generated by the AWS Config service. The ManageIQ AWS Event Catcher connects to the SQS Queue and receives all of the AWS resource configuration diffs.