AWS::Config::ConfigurationAggregator
The
AWS::Config::ConfigurationAggregator
resource is an AWS Config resource type that collects AWS Config data from multiple
accounts and regions. Use an aggregator to view the resource configuration and compliance
data recorded in AWS Config for multiple accounts and regions.
Topics
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Config::ConfigurationAggregator", "Properties" : { "
AccountAggregationSources
" : [AccountAggregationSource
, ... ], "OrganizationAggregationSource
" :OrganizationAggregationSource
, "ConfigurationAggregatorName
" :String
} }
YAML
Type: "AWS::Config::ConfigurationAggregator" Properties:
AccountAggregationSources
: -AccountAggregationSource
OrganizationAggregationSource
:OrganizationAggregationSource
ConfigurationAggregatorName
:String
Properties
AccountAggregationSources
-
A collection of accounts and regions.
Required: No
Type: List of AWS Config ConfigurationAggregator AccountAggregationSource property types
Update requires: No interruption
OrganizationAggregationSource
-
A collection of regions and IAM role to retrieve AWS Organizations details.
Required: No
Type: AWS Config ConfigurationAggregator OrganizationAggregationSource
Update requires: No interruption
ConfigurationAggregatorName
-
The name of the configuration aggregator.
Required: Yes
Type: String
Update requires: Replacement
Return Values
Ref
When you pass the logical ID of an
AWS::Config::ConfigurationAggregator
resource to the intrinsic
Ref
function, the function returns the
ConfigurationAggregatorName, such as
myConfigurationAggregator
.
For more information about using the
Ref
function, see
Ref.
Examples
ConfigurationAggregator with multiple accounts and multiple regions.
The following example creates a ConfigurationAggregator
JSON
"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "AccountAggregationSources": [ { "AccountIds": [ "123456789012", "987654321012" ], "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false } ], "ConfigurationAggregatorName": "MyConfigurationAggregator" } }
YAML
ConfigurationAggregator: Type: "AWS::Config::ConfigurationAggregator" Properties: AccountAggregationSources: - AccountIds: - "123456789012" - "987654321012" AwsRegions: - "us-west-2" - "us-east-1" AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator
ConfigurationAggregator for organization.
The following example creates a ConfigurationAggregator for an organization.
JSON
"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "OrganizationAggregationSource": { "RoleArn": "arn:aws:iam::012345678912:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations", "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false } "ConfigurationAggregatorName": "MyConfigurationAggregator" } }
YAML
ConfigurationAggregator: Type: "AWS::Config::ConfigurationAggregator" Properties: OrganizationAggregationSource: RoleArn: "arn:aws:iam::012345678912:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations" AwsRegions: - "us-west-2" - "us-east-1" AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator