AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::Config::ConfigurationAggregator

The AWS::Config::ConfigurationAggregator resource is an AWS Config resource type that collects AWS Config data from multiple accounts and regions. Use an aggregator to view the resource configuration and compliance data recorded in AWS Config for multiple accounts and regions.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Config::ConfigurationAggregator", "Properties" : { "AccountAggregationSources" : [ AccountAggregationSource, ... ], "OrganizationAggregationSource" : OrganizationAggregationSource, "ConfigurationAggregatorName" : String } }

Properties

AccountAggregationSources

A collection of accounts and regions.

Required: No

Type: List of AWS Config ConfigurationAggregator AccountAggregationSource property types

Update requires: No interruption

OrganizationAggregationSource

A collection of regions and IAM role to retrieve AWS Organizations details.

Required: No

Type: AWS Config ConfigurationAggregator OrganizationAggregationSource

Update requires: No interruption

ConfigurationAggregatorName

The name of the configuration aggregator.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of an AWS::Config::ConfigurationAggregator resource to the intrinsic Ref function, the function returns the ConfigurationAggregatorName, such as myConfigurationAggregator.

For more information about using the Ref function, see Ref.

Examples

ConfigurationAggregator with multiple accounts and multiple regions.

The following example creates a ConfigurationAggregator

JSON

"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "AccountAggregationSources": [ { "AccountIds": [ "123456789012", "987654321012" ], "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false } ], "ConfigurationAggregatorName": "MyConfigurationAggregator" } }

YAML

ConfigurationAggregator: Type: "AWS::Config::ConfigurationAggregator" Properties: AccountAggregationSources: - AccountIds: - "123456789012" - "987654321012" AwsRegions: - "us-west-2" - "us-east-1" AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator

ConfigurationAggregator for organization.

The following example creates a ConfigurationAggregator for an organization.

JSON

"ConfigurationAggregator": { "Type": "AWS::Config::ConfigurationAggregator", "Properties": { "OrganizationAggregationSource": { "RoleArn": "arn:aws:iam::012345678912:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations", "AwsRegions": [ "us-west-2", "us-east-1" ], "AllAwsRegions": false } "ConfigurationAggregatorName": "MyConfigurationAggregator" } }

YAML

ConfigurationAggregator: Type: "AWS::Config::ConfigurationAggregator" Properties: OrganizationAggregationSource: RoleArn: "arn:aws:iam::012345678912:role/aws-service-role/organizations.amazonaws.com/AWSServiceRoleForOrganizations" AwsRegions: - "us-west-2" - "us-east-1" AllAwsRegions: false ConfigurationAggregatorName: MyConfigurationAggregator