Amazon Config
Amazon Config provides a detailed view of the configuration of Amazon resources in your Amazon Web Services account. This includes how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.
An Amazon resource is an entity that you can work with in Amazon, such as an Amazon Elastic Compute Cloud (Amazon EC2) instance, Amazon Identity and Access Management (IAM) user, or an Amazon Simple Storage Service Amazon S3) bucket.
With Amazon Config, you can do the following:
-
Evaluate your Amazon resource configurations for desired settings.
-
Get a snapshot of the current configurations of the supported resources that are associated with your Amazon Web Services account.
-
Retrieve configurations of one or more resources that exist in your account.
-
Retrieve historical configurations of one or more resources.
-
Receive a notification whenever a resource is created, modified, or deleted.
-
View relationships between resources. For example, you might want to find all resources that use a particular security group.
Topics
Region Availability
Amazon Config is available in the following regions in China:
-
Beijing Region
-
Ningxia Region
Feature Availability and Implementation Differences
The Amazon Web Services in China implementation of Amazon Config is unique in the following ways:
-
Amazon Config does not currently support recording for the following resource types in the Beijing and Ningxia Regions:
ACM Certificate
Amazon VPC customer gateway and VPN connection
-
Amazon Config does not currently support the following rules in the Beijing and Ningxia Regions:
acm-certificate-expiration-check
cmk-backing-key-rotation-enabled
cloud-trail-encryption-enabled
cloud-trail-log-file-validation-enabled
cloudformation-stack-drift-detection-check
codebuild-project-envvar-awscred-check
codebuild-project-source-repo-url-check
codepipeline-deployment-count-check
codepipeline-region-fanout-check
elb-acm-certificate-required
encrypted-volumes
fms-webacl-resource-policy-check
fms-webacl-rulegroup-association-check
guardduty-enabled-centralized
lambda-function-public-access-prohibited
rds-storage-encrypted
root-account-hardware-mfa-enabled
root-account-mfa-enabled
s3-blacklisted-actions-prohibited
s3-bucket-policy-grantee-check
s3-bucket-policy-not-more-permissive
s3-bucket-public-read-prohibited
s3-bucket-public-write-prohibited
s3-bucket-server-side-encryption-enabled
s3-bucket-ssl-requests-only
-
In addition to the above mentioned rules, Amazon Config does not currently support the following rules in the Ningxia Region:
lambda-function-settings-check
cloudformation-stack-notification-check
dynamodb-table-encryption-enable
Guides and References
Amazon Web Services in China user guides are available in HTML and PDF, in both Chinese and English. API references are available in HTML and PDF. Some API references may be available only in English. Currently, not all API references are available in the Beijing and Ningxia Regions. Links to some API references will take you to the global Amazon Web Services site. Note that some features and functionality described in the guides and references may not be available in the current Amazon Web Services in China release.
General Information About Amazon Web Services in China
The following information applies to all Amazon Web Services that are available in the China Regions.
Amazon Web Services Accounts in the China Regions
To use services in the Beijing and Ningxia Regions, you need an account and credentials specific to each of those Regions.
-
Accounts and credentials for other Amazon Regions will not work for services operating in the Beijing and Ningxia Regions.
-
Accounts and credentials for the Beijing and Ningxia Regions will not work for other Amazon Regions.
-
For more information, see Signup, Accounts, and Credentials.
Domain for Amazon Web Services in China
The domain for Amazon Web Services in China is www.amazonaws.cn.
Endpoints & Amazon Resource Names (ARNs)
For information about endpoints and ARNs in Amazon Web Services in China, see Endpoints and ARNs for Amazon Web Services in China.
Availability Zones for the China Regions
-
In the Beijing Region, there are three Availability Zones.
-
In the Ningxia Region, there are three Availability Zones.
General Information for Amazon Web Services in China
The following applies to all Amazon Web Services that are available in the China Regions. For detailed information about specific Amazon Web Services, see the service-specific topic in this guide.
-
Amazon Identity and Access Management (IAM)
-
You can grant or deny a service access to resources using the
Principalpolicy element. -
Service principal values vary by Region.
-
-
EC2-Classic Platform
-
The EC2-Classic platform is not supported.
-
-
Free Usage Tier
-
The free usage tier is supported in the Ningxia Region.
-
The free usage tier is not supported in the Beijing Region.
-
Amazon Web Services Console
The console for Amazon Web Services in China is unique to China. The screenshots in the Amazon Web Services guides might differ from what you see on your console. For information about differences in service functionality, see the topics for each service in this guide.
Code Examples
The Amazon Web Services documentation might include endpoints and ARNs in code examples that are not specific to the Beijing and Ningxia Regions. When using examples, verify you are using the endpoints and ARNs for your Region.