Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data Using the AWS Command Line Interface
You can authorize aggregator accounts to collect AWS Config data from source accounts and delete aggregator accounts using the AWS Command Line Interface (AWS CLI). To use the AWS Management Console, see Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data Using the Console.
The AWS CLI is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and use scripts to automate them.
To install the AWS CLI on your local machine, see Installing the AWS CLI in the AWS CLI User Guide.
If necessary, type aws configure
to configure the AWS CLI to use an AWS
Region where AWS Config aggregators are available.
Topics
Add Authorization for Aggregator Accounts and Regions
-
Open a command prompt or a terminal window.
-
Type the following command:
aws configservice put-aggregation-authorization --authorized-account-id
AccountID
--authorized-aws-regionRegion
Press Enter.
You should see output similar to the following:
{ "AggregationAuthorization": { "AuthorizedAccountId": "
AccountID
", "AggregationAuthorizationArn": "arn:aws:config:Region
:AccountID
:aggregation-authorization/AccountID
/Region
", "CreationTime": 1518116709.993, "AuthorizedAwsRegion": "Region
" } }
Delete an Authorization Account
To delete an authorized account using the AWS CLI
Type the following command:
aws configservice delete-aggregation-authorization --authorized-account-id
AccountID
--authorized-aws-regionRegion
If successful, the command executes with no additional output.