AWS::Config::ConfigurationAggregator
The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Config::ConfigurationAggregator", "Properties" : { "AccountAggregationSources" :[ AccountAggregationSource, ... ], "ConfigurationAggregatorName" :String, "OrganizationAggregationSource" :OrganizationAggregationSource, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::Config::ConfigurationAggregator Properties: AccountAggregationSources:- AccountAggregationSourceConfigurationAggregatorName:StringOrganizationAggregationSource:OrganizationAggregationSourceTags:- Tag
Properties
AccountAggregationSources-
Provides a list of source accounts and regions to be aggregated.
Required: No
Type: List of AccountAggregationSource
Maximum:
1Update requires: No interruption
ConfigurationAggregatorName-
The name of the aggregator.
Required: No
Type: String
Minimum:
1Maximum:
256Pattern:
[\w\-]+Update requires: Replacement
OrganizationAggregationSource-
Provides an organization and list of regions to be aggregated.
Required: No
Type: OrganizationAggregationSource
Update requires: No interruption
Tags-
An array of tag object.
Required: No
Type: List of Tag
Maximum:
50Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the ConfigurationAggregatorName, such as myConfigurationAggregator.
For more information about using the Reffunction, see Ref.
Fn::GetAtt
Examples
Configuration Aggregator With Multiple Accounts Multiple Regions
The following example creates a ConfigurationAggregator.
JSON
"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "AccountAggregationSources": [ { "AccountIds": [ "123456789012", "987654321012" ], "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false } ], "ConfigurationAggregatorName": "MyConfigurationAggregator" } }
YAML
ConfigurationAggregator: Type: 'AWS::Config::ConfigurationAggregator' Properties: AccountAggregationSources: - AccountIds: - '123456789012' - '987654321012' AwsRegions: - us-west-2 - us-east-1 AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator
Configuration Aggregator for an Organization
The following example creates a ConfigurationAggregator for an organization.
JSON
"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "OrganizationAggregationSource": { "RoleArn": { "Fn::GetAtt" : [ "MyRole", "Arn" ] }, "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false }, "ConfigurationAggregatorName": "MyConfigurationAggregator" } } "MyRole": { "Type": "AWS::IAM::Role", "Properties": { "ManagedPolicyArns": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", "Path": "/service-role/", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "config.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
YAML
ConfigurationAggregator: Type: 'AWS::Config::ConfigurationAggregator' Properties: OrganizationAggregationSource: RoleArn: !GetAtt MyRole.Arn AwsRegions: - us-west-2 - us-east-1 AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator MyRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations Path: "/service-role/" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - config.amazonaws.com Action: - 'sts:AssumeRole'
