I have just started with AWS config. I had set up the AWS config with ec2 instance as resource and I am receiving notification for any changes that are happening with AWS ec2 in my region.
a) my first question whether I can record only for any specific vpc related ec2 or only specific ec2?
since I have quite a few vpc and ec2 in my account region, I am getting a lot of change notification .
b)whether the AWS is recording all the changes happened in the ec2 instance in my region even though I turn off the recorder and I am getting a notification once I turn on the recorder with different settings i.e I change the resources to ec2::EIP?
You can choose to record all resource types supported by AWS Config or specific resource types such as EC2::Instance, EC2::NetworkInterface, IAM::User etc. AWS Config does not offer a capability to only record resources that are associated with a particular VPC. For example, if you choose to record EC2::Instance, AWS Config will start recording configuration changes to all EC2 instances in your AWS account.
If you choose to record only selective resource types, AWS Config will send you notifications when resources of the specified types get created, modified or deleted. For other resources that are not specified in the recorder, AWS Config only sends notifications when they are created or deleted.
If you are using an email client to receive notifications, you can use email filters to select the notifications of your interest. Alternatively, you can write a lambda function that subscribes to your SNS topic to filter notifications.