File of a ManagedInstance in Config



Is it possible to record any changes of a file of a SSM:ManagedInstance in Config ?

I have SSM and Config that are configured. My instance is running SSM agent. In Config, I record the three types for SSM (SSM:ManagedInstanceInventory, SSM:PatchCompliance, and SSM:AssociationCompliance). The global inventory in SSM is configured with every possible parameters, and I also target a file, /etc/ssh/sshd_config. I can see a new record in Config's timeline of my instance when I install a new application (for instance, nmap), but I have no new record for any renaming of the file nor when I edit the file (for instance, changing "PermitRootLogin no" -> "PermitRootLogin yes"). I know that the file is targeted because it is in SSM's inventory.

Am I doing something wrong ? Is it even possible to record any changes in a file through SSM inventory and Config ? For the information, I am in Stockholm's region (eu-north-1).

Thanks !

Edited by: acaitr on Jan 28, 2019 4:54 PM

gefragt vor 5 Jahren235 Aufrufe
2 Antworten

We do not support recording changes to "files" in AWS Config. We only collect SSM inventory for the following types: installed applications, network configuration and AWS software components.


beantwortet vor 5 Jahren

It would be great to track Files. This would essentially allow an easy setup for file integrity monitoring.

beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen