How to audit the support level of your AWS accounts using AWS Config
Blog
This article explains how to audit AWS Support plan levels across all accounts in an AWS Organization using AWS Config and CloudFormation Registry.
- Create custom AWS Config resource using CloudFormation Registry private extension
- Deploy schema package to S3 and distribute via CloudFormation StackSets
- Custom Lambda function checks each account's support level against desired plan
- View compliance results in AWS Config console and aggregator
- Use Advanced Query to identify non-compliant accounts across organization
- Support level displayed as tag on custom configuration item
- Estimated cost approximately $3 USD monthly per 100 accounts
This solution enables Enterprise customers with hundreds of accounts to centrally audit and enforce consistent AWS Support plan coverage without manual per-account verification.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.