Amazon rolls out Config to manage cloud resources

Today, Amazon announced general availability for an infrastructure automation service and configuration manager that oversees every piece of one’s AWS resources. Called AWS Config, the service was originally announced in November and is only now being moved to general availability. With it, Amazon is inviting third parties to build new crops of analytics and management tools. It’s also giving Amazon users reason to feel more adventurous with their own setups (and maybe spend more money on them).

AWS Config does two main jobs. It takes a snapshot of the state of your AWS resources and how they are wired together, then tracks changes that take place between them. Anything added, deleted, or manipulated gets logged, with changes recorded in AWS CloudTrail. The resulting dataset can be queried either through Amazon’s UI or its APIs, and the changes can be made through the Web portal for one’s AWS account, via an API set, or through AWS’s own CLI.

Most third-party expansion opportunities are in offering a better interface for both making and browsing changes. AWS’s native UIs are rudimentary but not very inventive; browsing the list of changes between resources in AWS Config isn’t good for more than a cursory overview of the data. The original announcement for AWS Config listed a slew of third-party partners with newly created analytics and management tools at the ready, among them products from log-analytics mavens Splunk and cloud security compliance firm CloudCheckr.

AWS Config also follows on a long-standing Amazon tradition of working with AWS via highly specific services. AWS CloudFormation, for instance, uses templates to let users stand up sets of AWS services and make modifications to them by applying templates. But it doesn’t provide details about how the changes have taken place or to what end; that job has now been delegated to Config. This makes sense from a design standpoint — separation of concerns; having each tool do one job well — but it also gives Amazon individual, granular ways to monetize AWS use.

The way Amazon plans to monetize Config is simple enough: $3 for every 1,000 configuration changes recorded, with additional S3 storage fees incurred for the recorded data. Right now, the captured state only covers EC2 instances and “related items,” although there are plans for adding other kinds of change-tracking.

The next likely step is to have third-party automation tools use AWS Config as an extension of what they already do. Chef and Puppet, for instance, already connect to AWS CloudFormation, so for those tools to work next with AWS Config seems certain. Likewise, OpenStack’s Heat orchestration module is compatible with the AWS CloudFormation format (and with Puppet and Chef, too), so it isn’t hard to see Config added as part of the feature mix in Heat as well.