Organizations face complex compliance requirements in a rapidly evolving landscape, especially with a multicloud strategy. AWS offers tools like AWS Config to automate compliance processes, monitor configuration changes, and assess resource configurations across multiple clouds. Two approaches, the trigger-based and periodic evaluation approaches, can be used to monitor non-AWS resources with AWS Config.
In the trigger-based approach, events from services like AWS and non-AWS are centralized onto a central event bus, filtered, and checked for compliance using AWS Lambda functions. The periodic evaluation approach, on the other hand, involves creating a schedule to invoke Lambda functions to describe resources and evaluate compliance.
In a walkthrough example, AWS Config is used to monitor the encryption status of Azure Blob Storage blobs within a container using periodic evaluation. Azure Event Hubs can be leveraged to centralize events related to network security groups, filtering and monitoring compliance changes. Lambda functions are invoked to record configuration details in AWS Config and evaluate compliance against specific rules.
With AWS Config, organizations can continually assess, audit, and evaluate configurations of resources across AWS, on-premises, and multicloud environments. The authors, Gabriel Costa, Pranjal Gururani, Karan Edikala, and Snehal Nahar, provide insights on using AWS Config for multicloud compliance and invite readers to explore AWS Config documentation for further information.
Article Source
https://aws.amazon.com/blogs/mt/simplify-compliance-management-of-multicloud-or-hybrid-resources-with-aws-config/