aslamnotes

ssm compliance vs aws config

1 min read

FeatureAWS ConfigSSM Compliance
PurposeTracks and evaluates configuration of AWS resourcesMonitors compliance of managed instances with patch, association, and custom baselines
ScopeAWS resources (e.g., S3, EC2, IAM, etc.)EC2 instances (managed by SSM)
GranularityResource-level complianceOS-level (patches, configs)
RulesUses Config Rules (AWS-managed or custom Lambda)Uses Patch Baselines, Associations, and Custom Inventory
RemediationSupports automatic remediationCan use SSM Automation for remediation
Data SourceAWS API (resource configuration snapshots)SSM Agent (installed on instances)
Use CaseCloud governance, audit, security compliancePatch management, software configuration compliance

Graph View