Skip to main content

Prometheus exporter for AWS Config

Project description

Prometheus exporter for AWS Config


Heavily based upon Spreaker's Guard Duty exporter


  • Exports the number of compliant and non-compliant resources from AWS Config, labelled by region and resource type
  • Supports multiple AWS regions

Exported metrics

The exporter exports the following metrics:

Metric name Type Labels Description
aws_config_exporter_up gauge None Always 1: can be used to check if the exporter is running
aws_config_current_resources guage region,resource_type The total number of resources recorded by AWS Config
aws_config_compliant_resources guage region,resource_type The number of compliant resources recorded by AWS Config
aws_config_noncompliant_resources guage region,resource_type The number of non-compliant resources recorded by AWS Config
aws_config_scrape_errors_total counter region The total number of scrape errors

How to run it

You have two options to run it:

  1. Manually install and run the prometheus-aws-configservice-exporter Python package

    pip3 install prometheus-aws-configservice-exporter
    prometheus-aws-configservice-exporter --region us-east-1
  2. Use the Docker image available on Docker hub

    docker run --env AWS_ACCESS_KEY_ID="id" --env AWS_SECRET_ACCESS_KEY="secret" airwalkconsulting/prometheus-aws-configservice-exporter --region us-east-1

The cli supports the following arguments:

Argument Required Description
--region REGION [REGION ...] yes AWS Config region (can specify multiple space separated regions)
--throttle SECONDS The number of seconds to wait between AWS Config API requests. Float, eg 0.5. Defaults to 1.0
--exporter-host The host at which the Prometheus exporter should listen to. Defaults to
--exporter-port The port at which the Prometheus exporter should listen to. Defaults to 9100
--log-level LOG_LEVEL Minimum log level. Accepted values are: DEBUG, INFO, WARNING, ERROR, CRITICAL. Defaults to INFO

Required IAM privileges

In order to successfully run, this application requires the following IAM privileges:

  "Version": "2012-10-17",
  "Statement": [
      "Sid":    "ConfigServiceGetOnly",
      "Effect": "Allow",
      "Action": [
      "Resource": "*"


Run the development environment:

docker-compose build dev && docker-compose run --rm dev

Run tests in the dev environment (Warning: See

python3 -m unittest


This software is released under the MIT license.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page