Multi-Account Multi-Region Data Aggregation
An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from the following:
-
Multiple accounts and multiple regions.
-
Single account and multiple regions.
-
An organization in AWS Organizations and all the accounts in that organization which have AWS Config enabled.
Use an aggregator to view the resource configuration and compliance data recorded in AWS Config. The following image displays how an aggregator collects AWS Config data from multiple accounts and regions.
Aggregators provide a read-only view into the source accounts and regions that the aggregator is authorized to view. Aggregators do not provide mutating access into the source account or region. For example, this means that you cannot deploy rules through an aggregator or pull snapshot files from the source account or region through an aggregator.
For more information about concepts, see Multi-Account Multi-Region Data Aggregation section in the Concepts topic.
To collect your AWS Config data from source accounts and regions, start with:
-
Adding an aggregator to aggregate AWS Config configuration and compliance data from multiple accounts and regions.
-
Authorizing aggregator accounts to collect AWS Config configuration and compliance data.
Note There are two types of aggregators: Individual accounts aggregator and Organization aggregator
For the individual accounts aggregator, authorization is required for any included source account regions including external account regions or Organization member account regions.
For the organization aggregator, authorization is not required for Organization member account regions since authorization is integrated with the Organizations service.
-
Monitoring compliance data for rules and accounts in the aggregated view.
Region Support
Currently, multi-account multi-region data aggregation is supported in the following regions:
| Region Name | Region | Endpoint | Protocol |
|---|---|---|---|
| US East (Ohio) | us-east-2 | config.us-east-2.amazonaws.com | HTTPS |
| US East (N. Virginia) | us-east-1 | config.us-east-1.amazonaws.com | HTTPS |
| US West (N. California) | us-west-1 | config.us-west-1.amazonaws.com | HTTPS |
| US West (Oregon) | us-west-2 | config.us-west-2.amazonaws.com | HTTPS |
| Africa (Cape Town) | af-south-1 | config.af-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Hong Kong) | ap-east-1 | config.ap-east-1.amazonaws.com | HTTPS |
| Asia Pacific (Jakarta) | ap-southeast-3 | config.ap-southeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Mumbai) | ap-south-1 | config.ap-south-1.amazonaws.com | HTTPS |
| Asia Pacific (Osaka) | ap-northeast-3 | config.ap-northeast-3.amazonaws.com | HTTPS |
| Asia Pacific (Seoul) | ap-northeast-2 | config.ap-northeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Singapore) | ap-southeast-1 | config.ap-southeast-1.amazonaws.com | HTTPS |
| Asia Pacific (Sydney) | ap-southeast-2 | config.ap-southeast-2.amazonaws.com | HTTPS |
| Asia Pacific (Tokyo) | ap-northeast-1 | config.ap-northeast-1.amazonaws.com | HTTPS |
| Canada (Central) | ca-central-1 | config.ca-central-1.amazonaws.com | HTTPS |
| Europe (Stockholm) | eu-north-1 | config.eu-north-1.amazonaws.com | HTTPS |
| Europe (Frankfurt) | eu-central-1 | config.eu-central-1.amazonaws.com | HTTPS |
| Europe (Ireland) | eu-west-1 | config.eu-west-1.amazonaws.com | HTTPS |
| Europe (London) | eu-west-2 | config.eu-west-2.amazonaws.com | HTTPS |
| Europe (Milan) | eu-south-1 | config.eu-south-1.amazonaws.com | HTTPS |
| Europe (Paris) | eu-west-3 | config.eu-west-3.amazonaws.com | HTTPS |
| Middle East (Bahrain) | me-south-1 | config.me-south-1.amazonaws.com | HTTPS |
| Middle East (UAE) | me-central-1 | config.me-central-1.amazonaws.com | HTTPS |
| South America (São Paulo) | sa-east-1 | config.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-East) | us-gov-east-1 | config.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (US-West) | us-gov-west-1 | config.us-gov-west-1.amazonaws.com | HTTPS |
Learn More
