How to check the AWS Config configuration status for each region enabled in your account

How to check the AWS Config configuration status for each region enabled in your account

2026.07.03

This page has been translated by machine translation. View original

What I was struggling with

I want to make configuration changes to AWS Config, but I need to check which regions have AWS Config enabled.
Is there a way to retrieve this information all at once?

How to handle it

I created an AWS CLI command and verified that it can retrieve a list of regions where AWS Config is enabled or disabled.

What I tried

This time, I created a command for AWS Config by referencing the "Reference: Security Hub enablement check" command from the blog post below, along with reference information [1] [2] [3] [4].

Security Hubで個人的によく使うAWS CLIコマンドをまとめてみた | DevelopersIO
https://dev.classmethod.jp/articles/security-hub-my-command-list/

Below is the command I created.

aws ec2 describe-regions --query "Regions[].[RegionName]" --output text \
| while read region; do
  recorder_status=$(aws configservice describe-configuration-recorder-status \
    --region ${region} \
    --query "ConfigurationRecordersStatus[].[recording]" \
    --output text 2>/dev/null)

  if [ "${recorder_status}" = "True" ]; then
    echo "ENABLED ${region}"
  else
    echo "DISABLED ${region}"
  fi
done | awk '
  /^ENABLED/  && !enabled_header  { print "### AWS Config is ENABLED";  enabled_header=1  }
  /^DISABLED/ && !disabled_header { print "### AWS Config is DISABLED"; disabled_header=1 }
  { print $2 }
'

I used the created command to run it with the AWS CLI.
This time, I verified it in an environment where Config is enabled in the following 17 regions.

us-east-1
us-east-2
us-west-1
us-west-2
ap-south-1
ap-northeast-3
ap-northeast-2
ap-southeast-1
ap-southeast-2
ap-northeast-1
ca-central-1
eu-central-1
eu-west-3
eu-west-2
eu-west-1
eu-north-1
sa-east-1

The result was as follows, showing the 17 regions where Config is enabled.

###AWS Config is ENABLED
ap-south-1
eu-north-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
ca-central-1
sa-east-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
us-west-2

Next, I disabled Config only in the Oregon region (us-west-2) and ran the command again, which returned the following result.

###AWS Config is ENABLED
ap-south-1
eu-north-1
eu-west-3
eu-west-2
eu-west-1
ap-northeast-3
ap-northeast-2
ap-northeast-1
ca-central-1
sa-east-1
ap-southeast-1
ap-southeast-2
eu-central-1
us-east-1
us-east-2
us-west-1
###AWS Config is DISABLED
us-west-2

The Oregon region (us-west-2), which I had disabled, was displayed as DISABLED.

Summary

Since AWS Config is configured per region, it's convenient to be able to view the enabled/disabled status all at once.
While this is a simple piece of content, I hope this verification is helpful to someone.

References

[1] Verify that AWS Config started successfully with the AWS CLI - AWS Config
https://docs.aws.amazon.com/ja_jp/config/latest/developerguide/gs-cli-verify-subscribe.html

[2] describe-regions — AWS CLI 2.35.15 Command Reference
https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-regions.html

[3] describe-configuration-recorder-status — AWS CLI 2.35.15 Command Reference
https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorder-status.html

[4] describe-configuration-recorders — AWS CLI 2.35.15 Command Reference
https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html


AWSテクニカルサポートノートについて

過去にクラスメソッドのAWS総合支援サービスで頂いたお問合せの中から、通常のAWS利用時でも有益になりうる情報をテクニカルサポートチームがTIPSとしてご紹介しています。技術サポートは、無料でご提供しております。詳細は下記ボタンからご覧ください。

クラスメソッドのAWSサポートの詳細を見る

Share this article

AWSのお困り事はクラスメソッドへ