{"slug":"iam-aws-config","cloud":"aws","service":"config","title":"AWS Config (IAM)","description":"AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.","category":"management","common_permissions":["config:DescribeConfigRules","config:ListDiscoveredResources","config:GetResourceConfigHistory","config:PutEvaluations","config:StartConfigRulesEvaluation","config:DescribeConformancePacks","config:ListStoredQueries","config:GetStoredQuery"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"config:DescribeConfigRules\",\n        \"config:ListDiscoveredResources\",\n        \"config:GetResourceConfigHistory\",\n        \"config:PutEvaluations\",\n        \"config:StartConfigRulesEvaluation\",\n        \"config:DescribeConformancePacks\",\n        \"config:ListStoredQueries\",\n        \"config:GetStoredQuery\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid config:* — grants full control including rule deletion and configuration recorder changes","Avoid config:DeleteConfigRule and config:DeleteConfigurationRecorder — can break compliance monitoring"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/config/config.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:49:42.270Z","updated_at":"2026-06-14T04:49:42.270Z"}