Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data Using the AWS Command Line Interface
You can authorize aggregator accounts to collect AWS Config data from source accounts and delete aggregator accounts using the AWS Command Line Interface (AWS CLI). To use the AWS Management Console, see Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data Using the Console.
The AWS CLI is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and use scripts to automate them. For more information about the AWS CLI and for instructions on installing the AWS CLI tools, see the following in the AWS Command Line Interface User Guide.
If necessary, type aws configure to configure the AWS CLI to use an AWS
Region where AWS Config conformance packs are available.
Topics
Add Authorization for Aggregator Accounts and Regions
-
Open a command prompt or a terminal window.
-
Type the following command:
aws configservice put-aggregation-authorization --authorized-account-idAccountID--authorized-aws-regionRegion -
Press Enter.
You should see output similar to the following:
{ "AggregationAuthorization": { "AuthorizedAccountId": "AccountID", "AggregationAuthorizationArn": "arn:aws:config:Region:AccountID:aggregation-authorization/AccountID/Region", "CreationTime": 1518116709.993, "AuthorizedAwsRegion": "Region" } }
Delete an Authorization Account
To delete an authorized account using the AWS CLI
-
Type the following command:
aws configservice delete-aggregation-authorization --authorized-account-idAccountID--authorized-aws-regionRegionIf successful, the command executes with no additional output.
Learn More
