Resoto vs. AWS Config
Resoto is an open-source alternative to AWS Config.
AWS Config provides an overview of the configuration of AWS resources in your AWS account, including an overview of how resources are related to one another.
Similarities Between Resoto and AWS Config
Both AWS Config and Resoto offer cloud asset inventory functionality to assess, audit, and evaluate configurations of your AWS resources.
With either tool, you can:
- Create an inventory of your AWS resources
- Track changes and manage compliance
- Filter and find resources that match different criteria
- Automate remediation
Differences Between Resoto and AWS Config
AWS Config is a native AWS service, and as such it only covers AWS resources and is optimized for integrating with the AWS product ecosystem.
|Resource Coverage||Supports over 200 AWS resource types and supports all AWS regions.||Covers about 200 AWS resource types, not all of which are supported in every AWS region.|
|Multi-Cloud||Cloud agnostic and can be used as a single control plane for multiple clouds.|
Open source and offers an SDK that makes it easy to add support for additional platforms and resources (e.g., on-prem or SaaS).
|Purpose-built for AWS and lacks support for other clouds.|
|Full-Text Search||Creates an inventory of discovered resources and offers full-text search as an easy way to explore your cloud inventory.||Does not offer full-text search.|
|Resource Visualization||Offers dashboards for visual exploration of resources and their relationships.|
Also includes a graph view, which depicts how resources are connected.
|Part of the general AWS Console experience.|
To visualize data, needs to be integrated with S3 for storage, Athena for querying, and Quicksight for dashboards.
|Remediation||Integrates analytics and governance into a single product to enforce policies and perform actions on resources.|
Offers commands and jobs to automate remediation.
Can be used to write custom code and rules for any resource in a cloud-agnostic way.
|Offers remediation in combination with AWS Systems Manager and AWS Security Hub.|
Requires writing custom or using predefined runbooks maintained by AWS.
|Pricing||Open-source and free to use.|
To deploy Resoto to AWS, you just need an EKS cluster running on an EC2 instance.
|Complex pricing matrix based on the number of configuration items recorded, rules evaluated, and conformance packs enabled.|
There are additional costs for data storage in S3, notifications through Amazon SNS, running custom rules using AWS Lambda, and usage of QuickSight dashboards.
|Limits||No limits on the number of accounts to collect inventory data from or the number of searches, checks, and jobs you can run on the inventory.||Has hard and soft quota limits (see AWS Config Service Limits).|
Hard quotas that cannot be increased