File of a ManagedInstance in Config



Is it possible to record any changes of a file of a SSM:ManagedInstance in Config ?

I have SSM and Config that are configured. My instance is running SSM agent. In Config, I record the three types for SSM (SSM:ManagedInstanceInventory, SSM:PatchCompliance, and SSM:AssociationCompliance). The global inventory in SSM is configured with every possible parameters, and I also target a file, /etc/ssh/sshd_config. I can see a new record in Config's timeline of my instance when I install a new application (for instance, nmap), but I have no new record for any renaming of the file nor when I edit the file (for instance, changing "PermitRootLogin no" -> "PermitRootLogin yes"). I know that the file is targeted because it is in SSM's inventory.

Am I doing something wrong ? Is it even possible to record any changes in a file through SSM inventory and Config ? For the information, I am in Stockholm's region (eu-north-1).

Thanks !

Edited by: acaitr on Jan 28, 2019 4:54 PM

已提問 5 年前檢視次數 235 次
2 個答案

We do not support recording changes to "files" in AWS Config. We only collect SSM inventory for the following types: installed applications, network configuration and AWS software components.


已回答 5 年前

It would be great to track Files. This would essentially allow an easy setup for file integrity monitoring.

已回答 5 年前

您尚未登入。 登入 去張貼答案。

