Learn the Tools for Governing Accounts

Intermediate

231 students completed the lab in ~45m

Total available time: 1h:0m

100+ students rated this lab!

Do you know what is going on within your AWS account? As deployments become increasingly complex and businesses allow developers more freedom to work with the AWS Cloud, understanding what users are doing becomes even more important.

Governance on AWS is the practice of using AWS tools to ensure that the way AWS is used meets strategic goals for a company. More concretely, this usually refers to a set of practices and techniques to monitor usage of AWS APIs and services. In this Lab, we will review methods for monitoring how developers use AWS.

Learn about the basic techniques and technologies for governance of enterprise AWS accounts. This Lab covers how to use AWS Config Rules, IAM monitoring techniques, AWS CloudTrails, and core reporting tools.

You will set up AWS Config to monitor changes to resources within an AWS account, subscribe to updates on these resources via email, create an audit trail of AWS API calls using AWS CloudTrail, learn how to read an AWS Config Resource Change Timeline, and pull an AWS IAM report for an account.

You'll build and learn following these steps:

Log In to the Amazon Web Service Console

Your first step to start the laboratory experience

Set Up AWS Config

First, we are going to set up AWS Config, a service AWS provides to track configurations in AWS on a resource basis.

Email Notifications With AWS SNS

In this Lab Step, you will subscribe your email to the SNS Topic that AWS Config is publishing Resource Change Events to.

Make An AWS CloudTrail

In addition to AWS Config's ability to track AWS Resources, we also need to be able to track AWS API calls to move to a more complete picture of your AWS account. AWS CloudTrail does exactly this, providing a simple way to track calls to a majority of AWS tools.

Config Timelines

In this step, you will view AWS API calls in the CloudTrail console, then view the CloudTrail Trail Resource history in the AWS Config Timeline Console view.

Inspect Timeline Changes

After you got a chance to see what AWS Config gives you on a timeline, we should create some changes on the same CloudTrail resource. This will have a two-fold purpose: we will learn about a new configuration for the CloudTrail resource that is important for governance and auditability, but we will also be able to see the change appear on the AWS Config Timeline for the CloudTrail.

Pull An IAM Report

After you got a chance to see what AWS Config gives you on a timeline, we should create some changes on the same CloudTrail resource. This will have a two-fold purpose: we will learn about a new configuration for the CloudTrail resource that is important for governance and auditability, but we will also be able to see the change appear on the AWS Config Timeline for the CloudTrail.