Image Alt


Components of a Configuration Item AWS Config

When reviewing a list of CIs in the Configuration Items applications, check the Top-level column to identify which ones are top-level CIs. Understanding which CIs are top-level is critical because when you establish authorized CIs by advancing actual CIs, you must select actual CIs that match the top-level authorized CIs for which promotion patterns have been specified. CMMI Service Value Chain mentioned CI as an aggregation of work products designated for configuration management and treated as a single entity in the configuration management process. Configuration management is a necessary tool for managing complex software systems.

configuration item

It provides a single pane of glass for maximum visibility and enables changes in a well-orchestrated manner. The origins of the configuration management discipline can be traced back to the military, particularly the United States Department of Defense, operating in the 1950s. It created configuration management to extend the shelf life of hardware equipment what is configuration item without compromising its integrity over time. A source account is the AWS account from which you want to aggregate AWS Config resource configuration and compliance data. A source account can be an individual account or an organization in AWS Organizations. You can provide source accounts individually or you can retrieve them through AWS Organizations.

Service Lifecycle CI

AWS Security Hub is a security and compliance service that provides security and compliance posture management as a service. It uses AWS Config and AWS Config rules as its primary mechanism to evaluate the configuration of AWS resources. AWS Config rules can also be used to evaluate resource configuration directly. AWS Config rules are also used by other AWS services, such as AWS Control Tower and AWS Firewall Manager. An item or aggregation of hardware or software or both that is designed to be managed as a single entity.

configuration item

Configuration management is focused on managing asset information that can be managed and controlled. This info includes attributes of CIs, like owner, type, version, etc., as well as how these CIs are configured and interact with other CIs when provisioning products and services. A configuration management database is a key component, as it stores CI records and helps manage the CIs directly. The first step in preventing misconfiguration is to collect and keep accurate and organized records of the CIs in your environment. Records of are usually held in configuration management systems or databases. An actual CI represents an item in the environment; its attributes reflect its condition as determined by the discovery process.

Unit test of the flight control system

AWS partners with third-party specialists in logging and analysis to provide solutions that use AWS Config output. For more information, visit the AWS Config detail page at AWS Config. AWS Config runs evaluations for the rule at a frequency that you choose; for example, every 24 hours. ERROR – the one of the required/optional parameters is not valid, not of the correct type, or is formatted incorrectly. NON_COMPLIANT – the rule fails the conditions of the compliance check.

This serviceability is often defined in terms of the amount of usage the component has had since it was new, since fitted, since repaired, the amount of use it has had over its life and several other limiting factors. Understanding how near the end of their life each of these components is has been a major undertaking involving labor-intensive record keeping until recent developments in software. An aggregator is a new resource type in AWS Config that collects AWS Config configuration and compliance data from multiple source accounts and regions. Create an aggregator in the region where you want to see the aggregated AWS Config configuration and compliance data.

Maintenance systems

Joseph is a global best practice trainer and consultant with over 14 years corporate experience. His specialties are IT Service Management, Business Process Reengineering, Cyber Resilience and Project Management. Avoiding misconfiguration starts with configuration management, but it also requires administrators to regularly verify and validate the information stored in the organization’s configuration management system.

configuration item

The lowest-level CI is usually the smallest unit that will be changed independently of other components. Agile software delivery, frequently, configuration values will be added, deleted, or altered. One team member may modify a hardware allocation value to ensure that the program works more effectively on their own computer. This new setting may have a poor impact or fail when the program is eventually deployed to the production environment.

AWS Config rules

It helps to verify that proposed changes are systematically considered to minimize adverse effects. Changes to the system are proposed, evaluated, and implemented using a standardized, systematic approach that ensures consistency, and proposed changes are evaluated in terms of their anticipated impact on the entire system. CM verifies that changes are carried out as prescribed and that documentation of items and systems reflects their true configuration. A complete CM program includes provisions for the storing, tracking, and updating of all system information on a component, subsystem, and system basis.

configuration item

A configuration item is any service element, infrastructure part, or other elements that must be controlled for services to be delivered successfully. Preventing misconfiguration begins with configuration management, but managers must also examine and verify the data recorded in the organization’s configuration management system regularly. DevOps configuration also brings system administration responsibility under the umbrella of software engineering.

Why is configuration management important?

Authorization is not required if you are aggregating source accounts that are part of AWS Organizations. Aggregators provide a read-only view into the source accounts and regions that the aggregator is authorized to view. Aggregators do not provide mutating access into the source account or region. For example, this means that you cannot deploy rules through an aggregator or pull snapshot files from the source account or region through an aggregator. For a list of managed rules that support proactive evaluation, see List of AWS Config Managed Rules by Evaluation Mode.

  • This governance should involve gathering baseline data and comparing it to snapshots, which will allow for faster troubleshooting and implementing and monitoring modifications.
  • The first step in preventing misconfiguration is to collect and keep accurate and organized records of the CIs in your environment.
  • Process checks is a type of AWS Config rule that allows you to track your external and internal tasks that require verification as part of the conformance packs.
  • In ITIL terminology, configuration items are components of an infrastructure that currently is, or soon will be under configuration management.
  • Too little information is not beneficial to related processes; too much detail results in excessive overhead and inefficient or ineffectual management.

Imagine numerous post-it notes with passwords and URLs blowing around an office. Configuration management solves this challenge by creating a “source of truth” with a central location for configuration. Can be linked to the behavioral and hosting components of the PA, as well as to physical links and ports.


Process checks is a type of AWS Config rule that allows you to track your external and internal tasks that require verification as part of the conformance packs. These checks can be added to an existing conformance pack or a new conformance pack. You can track all compliance that includes AWS Configurations and manual checks in a single location. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations. AWS Config Managed Rules are predefined, customizable rules created by AWS Config. A custom Configuration Item is the CI for a third-party or custom resource.