Amazon Web Services GxP Systems on AWS
45
Configuration Management
Going hand in hand with change management is configuration management.
Configuration items (CIs) are the components that make up a system and CIs should
only be modified through the change management process.
Infrastructure as Code brings automation to the provisioning process through tools like
AWS CloudFormation. Rather than relying on manually performed steps, both
administrators and developers can instantiate infrastructure using configuration files.
Infrastructure as Code treats these configuration files as software code. These files can
be used to produce a set of artifacts, namely the compute, storage, network, and
application services that comprise an operating environment. Infrastructure as Code
eliminates configuration drift through automation, thereby increasing the speed and
agility of infrastructure deployments.
AWS Tagging and Resource Groups lets you organize your AWS landscape by
applying tags at different levels of granularity. Tags allow you to label, collect, and
organize resources and components within services.
The Tag Editor lets you manage tags across services and AWS Regions. Using this
approach, you can globally manage all the application, business, data, and technology
components of your target landscape.
A Resource Group is a collection of resources that share one or more tags. It can be
used to create an enterprise architecture view of your IT landscape, consolidating AWS
resources into a per-project (that is, the on-going programs that realize your target
landscape), per-entity (that is, capabilities, roles, processes), and per-domain (that is,
Business, Application, Data, Technology) view.
AWS Config is a service that lets you assess, audit, and evaluate the configurations of
AWS resources. AWS Config continuously monitors and records your AWS resource
configurations and lets you automate the evaluation of recorded configurations against
desired configurations. With AWS Config, you can review changes in configurations and
determine their overall compliance against the configurations specified in your internal
guidelines. This enables you to simplify compliance auditing, security analysis, change
management, and operational troubleshooting. In addition, AWS provides conformance
packs for AWS Config to provide a general-purpose compliance framework designed to
enable you to create security, operational or cost-optimization governance checks using
managed or custom AWS Config rules and AWS Config remediation actions, including a
conformance pack for 21 CFR 11.
You can use AWS CloudFormation, AWS Config, Tagging, and Resource Groups to
see exactly what cloud assets your company is using at any moment. These services