AWS Config Recordings and Rules act as guardrails, ensuring users’ actions align with the Cloud Governance team’s policies. While they are crucial for maintaining control, it’s vital to monitor them because each recording costs $0.003, and a large volume can significantly increase your bill.
If your AWS account has lot of auto scaling instances then it will lead to lot of config recordings which will definitely put a dent in your billing, so it’s necessary to reduce the config costs. Though you can see the config recordings via cost explorer it won’t display the details like count of config recordings for different resources like volume, ec2 etc., That’s where a CloudWatch Config Dashboard comes in handy for monitoring the config recordings
CloudWatch Config Dashboard
CloudWatch Config Dashboard can be used to track the count of config recording a particular count. To setup a dashboard follow the below steps
- Go to the CloudWatch service in your AWS console.
- Select “Create Dashboard”.
- In the widget configuration, choose “DataTable” as the metric and click “Next”.
- In the “Add metric Graph” pop-up, choose “Start with Empty Expression”.
- Then add the below query in the empty expression
SORT(SEARCH('{AWS/Config,ResourceType}MetricName="ConfigurationItemsRecorded" NOT ResourceType="All"',"Sum",86400),SUM,DESC,40)
- After adding the query then click on Update Widget
- Then this will show you list of config recordings for the account for different resources
The dashboard will then display a table showing the number of config recordings for various resources in your account.Using the above CloudWatch metrics Dashboard, you can further download the metrics CSV file and analyze it further to see which resource is contributing to lot of config recordings.
Config Dashboard Results
The below CloudWatch Dashboard will display config recordings along with max and min count and also we can see datewise count of config recordings by different resource types as shown below., For e.g AWS::EC2:Instance recording indicates config recordings against EC2 instance., Whenever an EC2 instance is started/stopped/terminated this count will increase by one
