When AWS Config evaluates a resource against a rule, what determines if the resource is marked as compliant?
Think about how AWS Config rules check resource settings automatically.
AWS Config marks a resource as compliant only if it meets the conditions defined in the rule during evaluation. Manual tagging or region alone does not affect compliance status.
You want to monitor compliance across multiple AWS accounts in your organization. Which AWS Config setup allows centralized compliance management?
Think about a way to see all compliance data in one place.
AWS Config aggregator collects compliance and configuration data from multiple accounts and regions into one account for centralized viewing and analysis.
Which IAM policy condition best restricts AWS Config data access to only users connecting from your corporate network's IP range?
Restrict access based on IP addresses.
The IpAddress condition with aws:SourceIp limits access to requests coming from specified IP ranges, such as your corporate network.
You notice AWS Config rule evaluations are causing high costs. Which approach best reduces unnecessary evaluations?
Think about when rules run evaluations.
Triggering evaluations only on configuration changes reduces the number of rule runs and lowers costs compared to frequent periodic evaluations.
After enabling AWS Config and a custom rule, you notice some resources show non-compliant immediately, even though they meet the rule criteria. What is the most likely reason?
Think about how AWS Config processes initial data.
When AWS Config and rules are first enabled, it takes time to evaluate all resources. Until then, some resources may temporarily show non-compliant.