AWS Config Alternatives

Save thousands per month on your AWS Config Bill by Leveraging JupiterOne

Differences between AWS Config and JupiterOne

When it comes to managing resource compliance, read how JupiterOne can provide an alternative to AWS Config with lower costs and more flexibility.

Tuning Rules and Alerts with AWS Config

AWS Config rules do not allow you to easily add additional contextual filters into their rule configuration in order to reduce false positives. For example, the “s3-bucket-public-read-prohibited” rule from AWS Config does not take any additional parameters which means even if you have certain S3 buckets that are hosting public resources that are meant to be publicly readable, you will still see alerts.

Tuning Rules and Alerts with JupiterOne

JupiterOne makes it very simple to tune out the noise of AWS Config alerts by adding and combining filters of classifications, properties, production status, versioning, specific users who have been assigned access, devices, etc. The prior example can be easily resolved in JupiterOne by adding the filter “Find aws_s3_bucket with classification != ‘public’ that ALLOWS as grant Everyone where grant.permission=’READ'”

Creating Your Rules and Alerts with AWS Config

AWS Config requires individual rules and alerts to be created for each type of resource, individually. That means if you want to set up an alert for each of your data stores you will need a rule for each: S3 buckets, EC2 instances, EBS volumes, etc. That essentially compounds the noise you have to wade through each day.

Creating Your Rules and Alerts with JupiterOne

JupiterOne’s data model automatically classifies resources it ingests to align with various security and compliance frameworks. That means if you want a rule for all your data stores, you simply create a rule for the class ‘datastore.’ One rule instead of 4 means less noise and more quickly taking action.

Pricing for AWS Config

As your organization’s environment grows, so does your bill with AWS. On top of that, unpredictable changes in your infrastructure can result in significant spikes on your AWS Config bill. That means costs can grow and are not easily predicted on a service with a single functionality. We saw it ourselves.

Pricing for JupiterOne

Pricing is level and predictable. On top of the monthly savings over AWS Config, organizations are also unlocking numerous additional features and benefits with JupiterOne’s Security Platform, including an automatically created and maintained asset inventory, security framework and compliance dashboard, querying capabilities across your entire environment, security policy and procedure builder and more.

Managing Rules and Alerts With AWS Config

In order to receive alerts from the AWS Config evaluations you created, organization must set up CloudWatch. Then they must set up alarms and configure SNS and/or SES to send out notifications. All of this service configuration has to be repeated for each and every environment. This process has to be repeated again for different security controls and then users will have to visit the dashboard/console of each individual system to see them.

Managing Rules and Alerts with JupiterOne

In the JupiterOne Alerts app, easily access alerts, findings, and vulnerabilities from all integrated sources as well as evaluate changes in your environments alerts and findings over time to measure your progress and improvement or easily spot concerns. Creating notifications and the subsequent analysis happens all in one place and can be completed one time for application against your entire environment.

Findings and Other Data with AWS Config

In AWS Config, the scope and applications in which you are able to spot findings and vulnerabilities is limited to whatever is in your AWS environment. In order to manage other data sources you have to log into their UIs.

Findings and Other Data with JupiterOne

JupiterOne enables security teams to visualize findings and vulnerabilities in across both AWS and non-AWS resources, via it’s managed integration or bringing your own data via API/CLI. That means findings in Inspector, GuardDuty, Tenable, Veracode and more can reviewed in a single location.

JupiterOne's Context Driven Rules

By leveraging JupiterOne over AWS Config, cloud-based organizations are able to streamline resource compliance while also saving thousands of dollars per month. The combination brings context to rules and alerting to simplify creation, improve customization and reduce fatigue. All of your ingested resources and your own data can be consolidated into a single location for more efficient monitoring and analysis. Read more about how we did it.

Read the Story

Read More about AWS Config

About AWS Config

AWS Config is a service provided by Amazon that can be used to evaluate the configuration settings of your AWS resources. This is achieved by enabling AWS Config rules in one or multiple of your AWS accounts to check for your configuration settings against best practices or your desired/approved settings. There are several dozen available rules but the specific application to your environment determines how many are relevant.

AWS Config Pricing

AWS Config pricing is based on a pay per use model. Companies are charged based on the number of configuration items recorded and the number of active AWS Config rules in your account. A configuration item is a record of the configuration of a resource, in your AWS account. The price per item is $0.003 and the price per rule starts at $2, tiering down as you add more rules.

AWS Config Limitations

AWS Config rules are not easily adjusted to add additional contextual filters into the rule configuration in order to reduce false positives. AWS Config rules cannot easily lump together resources by their type, thereby consolidating the number of rules and alerts. In order to receive alerts from AWS Config evaluations, organizations must set up CloudWatch to receive the findings, then set up alarms, and last configure SNS and/or SES to send out notifications for each environment and can only review the results of the alerts for each individualized system, rather than across your digital environment.

Streamlined Security Operations

Unlock centralized precision security and manage resource compliance with more flexibility than AWS Config

Powering Security Operations for

ooda health logo
ease applications logo

Mapping more than 10,000,000 relationships between more than 100,000 resources, and counting.