Submit feedback on
Unnecessarily High Recording Granularity in AWS Config
We've received your feedback.
Thanks for reaching out!
Oops! Something went wrong while submitting the form.
Close
back arrow
Go back
Unnecessarily High Recording Granularity in AWS Config
Tom Cross
Service Category
Other
Cloud Provider
AWS
Service Name
AWS Config
Inefficiency Type
Suboptimal Recording Configuration
Explanation

Organizations frequently inherit continuous recording by default (e.g., through landing zones) without validating the business need for per-change granularity across all resource types and environments. In change-heavy accounts (ephemeral resources, CI/CD churn, autoscaling), continuous mode drives very high CIR volumes with limited additional operational value. Selecting periodic recording for lower-risk resource types and/or non-production environments can maintain necessary visibility while reducing CIR volume and cost. Recorder settings are account/region scoped, so you can apply continuous in production where required and periodic elsewhere.

Relevant Billing Model

Configuration Item Recorded (CIR)–based pricing: charges accrue for each configuration item that AWS Config records. Continuous recording captures a configuration item for every change event, while periodic recording captures state at fixed intervals (e.g., daily). Although the unit price for periodic items may differ, reducing recording frequency can materially lower total CIR volume and spend when per-change granularity isn’t required.

*Note:* AWS Config also has other pricing dimensions (e.g., rule and conformance pack evaluations). This entry focuses specifically on the CIR component.

Detection
  • Identify accounts where AWS Config spend is dominated by configuration items recorded relative to overall cloud spend and risk profile.
  • Confirm whether continuous recording is enabled broadly by default versus selectively by resource type/environment.
  • Determine which resource categories experience frequent state changes and contribute disproportionately to recorded items.
  • Validate with Security/Compliance/SRE whether per-change visibility is truly required for those categories.
  • Assess whether observed recording volume aligns with actual investigative or audit needs.
Remediation
  • Shift suitable resource types and/or non-production environments from continuous to periodic recording where real-time change tracking isn’t required.
  • Scope recording frequency by environment: continuous for production or high-risk resources; periodic for development/test or low-risk resources.
  • Document the rationale and ownership (e.g., security vs. platform) to ensure shared expectations on visibility vs. cost.
  • Monitor post-change configuration-item volume and spend to confirm expected reductions and adjust coverage as needed.
Relevant Documentation
Submit Feedback
Powered by
Copyright © PointFive | All Rights Reserved 2025
Privacy Policy
Terms & Conditions
Cookie Policy
Cookies Preferences