What does AWS Config primarily monitor?

AWS Config primarily monitors resource configuration changes across your AWS environment. It provides a detailed view of the configuration of AWS resources, maintains a history of those configurations, and helps ensure compliance with organizations' policies by tracking changes in configuration. Each time a resource changes – whether due to a user action, AWS services, or automation tools – AWS Config captures the change, records what it was before the change, and what it is after.

This monitoring ability allows organizations to audit their resources, comply with best practices, and quickly identify configuration drifts that might lead to security vulnerabilities or misconfigurations. Furthermore, users can create rules to evaluate the compliance of their configurations against desired configurations, enabling proactive management of their AWS environments. The specificity and focus on configuration changes make AWS Config a critical tool for maintaining security and compliance within AWS infrastructure.