AWS Config is a service designed to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. By starting a configuration recorder, AWS Config will capture changes to supported resource types as configuration items—without the need to modify any of the existing resources. This provides a full history of configuration changes and is specifically intended for exactly this use case.
AWS Documentation Extract:
“AWS Config provides a detailed view of the configuration of AWS resources in your AWS account. This includes how the resources are related to one another and how they were configured in the past so you can see how the configurations and relationships change over time.”
“You can start the configuration recorder, which will record the configuration changes of the supported resources in your AWS account.”
(Source: AWS Config documentation, What is AWS Config?)
Other options:
B: CloudFormation drift detection only works for resources created and managed by CloudFormation and requires stacks.
C: Amazon Detective is used for analyzing and investigating security findings, not for resource configuration tracking.
D: AWS Audit Manager is used for automating evidence collection to help with audits, not for tracking resource configurations.
[Reference: AWS Certified Solutions Architect – Official Study Guide, Chapter on Monitoring and Auditing., ]
