AWS Config is a a service that provides a detailed view of the configuration of your AWS Resources. Not only current configuration but also past configurations so you can see how that particular resource might have been compliant or not at any moment of time. Resources can be almost any type of AWS resources like S3 buckets, security groups, instances and so on. You can also perform automatic remediation for the resources that are not compliant.
In this video you can see how to audit resource compliance and perform remediation (manual or automatic) for the following use cases:
1) Security groups that allow access on port 22 for the whole world
2) S3 buckets that are public
3) Instances that use the wrong instance type