Configuration for enabling AWS Config **Cost Consideration:** AWS Config charges are based on: - Configuration items recorded - Configuration change evaluations Typical cost: $0.003 per configuration item **When to enable:** - Compliance auditing requirements - Change tracking for security/operational purposes - Configuration drift detection **Note:** AWS Config must be enabled via AWS Console or CLI Use this as documentation and manual setup guide

Configuration for enabling GuardDuty threat detection **Cost Consideration:** GuardDuty charges are based on: - CloudTrail events analyzed - VPC Flow Logs analyzed - DNS logs analyzed Typical cost: $4-5 per million events **When to enable:** - Production environments with sensitive data - Compliance requirements (PCI-DSS, HIPAA) - Environments requiring threat detection **Note:** GuardDuty must be enabled via AWS Console or CLI, not CloudFormation Use this as documentation and manual setup guide