Auditing CloudWatch telemetry configurations
You can use Amazon CloudWatch to discover and understand the state of telemetry configuration for your AWS resources from a central view in the CloudWatch console. This simplifies the process of auditing your telemetry collection configurations across multiple resource types within an account or across multiple accounts in Organizations. With a consolidated view, you can easily review and manage telemetry settings, helping you to ensure proper monitoring and data collection across your AWS environment.
CloudWatch can help you identify telemetry configuration for the following types of AWS resource types:
Amazon EC2 instances that provide detailed metrics. For more information, see Manage detailed monitoring for your EC2 instances in the Amazon EC2 User Guide.
Amazon VPC virtual networks that provide flow logs. For more information, see Logging IP traffic using VPC Flow Logs in the Amazon VPC User Guide.
Lambda functions that provide traces. For more information, see Visualize Lambda function invocations using AWS X-Ray in the AWS X-Ray Developer Guide.
To begin auditing your telemetry configurations, you must first turn on the telemetry auditing experience for your AWS account or organization. Enabling this feature creates AWS Config service-linked configuration recorders that discover resources and their associated telemetry configuration metadata. For more information, see Configuration Recorder in the AWS Config Developer Guide.
Note
AWS Config periodically takes inventory of, or discovers, all the resources in your account as an anti-entropy behavior, regardless of the resource types in scope for your configuration recorders. The inventory includes deleted resources and resources that AWS Config is not currently recording. This behavior helps maintain data consistency.
This means that although the service-linked configuration recorder for the CloudWatch telemetry auditing feature is configured to record three
resource types (Amazon EC2 instances, Amazon EC2 VPC virtual networks, and Lambda functions), you might see describe calls from
ConfigResourceCompositionSession and AWSConfig-Describe in AWS CloudTrail. For more information, see Non-recorded Resources in the AWS Config Developer Guide.
The telemetry auditing experience uses this information and offers visibility into the configuration status, at the resource type level and at more granular telemetry detail levels. You can customize your view of the resources or telemetry details using filters, and modify the telemetry configuration directly from the resource's console page.
Turning on the telemetry auditing experience does not incur any additional costs.
Topics
