Top / Amazon Web Service / AWS Config / Configuration Aggregator

AWS Config Configuration Aggregator

This page shows how to write Terraform and CloudFormation for AWS Config Configuration Aggregator and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_config_configuration_aggregator (Terraform)

The Configuration Aggregator in AWS Config can be configured in Terraform with the resource name aws_config_configuration_aggregator. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

negative.tf#L1
resource "aws_config_configuration_aggregator" "negative1" {
  name = "example"

  account_aggregation_source {
    all_regions = true
positive.tf#L1
resource "aws_config_configuration_aggregator" "positive1" {
  name = "example"

  account_aggregation_source {
    all_regions = false
config_aggregator.tf#L1
resource "aws_config_configuration_aggregator" "organization" {

  name = "config-aggregator"

  organization_aggregation_source {
    all_regions = true
negative.tf#L1
resource "aws_config_configuration_aggregator" "negative1" {
  name = "example"

  account_aggregation_source {
    all_regions = true
positive.tf#L1
resource "aws_config_configuration_aggregator" "positive1" {
  name = "example"

  account_aggregation_source {
    account_ids = ["123456789012"]
    regions     = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"]

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for aws_config_configuration_aggregator

There is 1 setting in aws_config_configuration_aggregator that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure to enable AWS Config in all Regions

It's better to enable AWS Config in all Regions. AWS Config can aggregate configurations from all regions. It will reduce the risk that unmonitored configurations might cause.

Review your AWS Config settings

You can check if the aws_config_configuration_aggregator setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an AWS Config Configuration Aggregator

>> from Terraform Registry

AWS::Config::ConfigurationAggregator (CloudFormation)

The ConfigurationAggregator in Config can be configured in CloudFormation with the resource name AWS::Config::ConfigurationAggregator. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

security-resource.yml#L67
    Type: AWS::Config::ConfigurationAggregator
    Properties:
      AccountAggregationSources:
        - AccountIds: !Split [",", !Ref Accounts]
          AllAwsRegions: true
      ConfigurationAggregatorName: !Sub ${ManagedResourcePrefix}-ConfigAggregator
config-aggregation.yml#L34
    Type: AWS::Config::ConfigurationAggregator
    OrganizationBinding: !Ref ConfigAdminBinding
    Properties:
      AccountAggregationSources:
        - AccountIds: Fn::EnumTargetAccounts ConfigEnableBindingPrimary '${account}'
          AwsRegions: !Ref allGovCloudRegions
aws-config-aggregator.yml#L32
    Type: AWS::Config::ConfigurationAggregator
    Properties:
      OrganizationAggregationSource:
        RoleArn: !GetAtt ConfigAggregatorRole.Arn
        AllAwsRegions: false
        AwsRegions: !Ref Regions
configuration-aggregator.yml#L29
    Type: 'AWS::Config::ConfigurationAggregator'
    Properties:
      AccountAggregationSources:
        - AccountIds:
            - !Ref AggregatorAccountId
            - !Ref MemberAccountId
aggregator.yml#L15
    Type: AWS::Config::ConfigurationAggregator
    Properties:
      AccountAggregationSources:
        - AccountIds: !Ref SourceAccounts
          AllAwsRegions: True
      ConfigurationAggregatorName: ConfigurationAggregator
accountaggregation.json#L6
      "Type": "AWS::Config::ConfigurationAggregator",
      "Properties": {
        "AccountAggregationSources": [
          {
            "AccountIds": [
              "123456789012",
positive2.json#L4
      "Type": "AWS::Config::ConfigurationAggregator",
      "Properties": {
        "AccountAggregationSources": [
          {
            "AccountIds": [
              "123456789012",
negative2.json#L4
      "Type": "AWS::Config::ConfigurationAggregator",
      "Properties": {
        "AccountAggregationSources": [
          {
            "AccountIds": [
              "123456789012",
negative2.json#L4
      "Type": "AWS::Config::ConfigurationAggregator",
      "Properties": {
        "AccountAggregationSources": [
          {
            "AccountIds": [
              "123456789012",
positive2.json#L4
      "Type": "AWS::Config::ConfigurationAggregator",
      "Properties": {
        "AccountAggregationSources": [
          {
            "AccountIds": [
              "123456789012",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.

>> from AWS CloudFormation Documentation

The Other Related AWS Config Resources

Frequently asked questions

What is AWS Config Configuration Aggregator?

AWS Config Configuration Aggregator is a resource for Config of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Config Configuration Aggregator?

For Terraform, the leonidweinbergcx/mykics, leonidweinbergcx/mykics and ifunky/terraform-generator source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the matsuura0831/aws, org-formation/org-formation-us-gov-cloud-reference and takomo-io/takomo-organization source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents