Posted On: Apr 4, 2018
AWS Config now includes multi-account, multi-region data aggregation, enabling centralized auditing and governance. This feature reduces the time and overhead needed to gather an enterprise-wide view of your compliance status.
Previously, you had to gather information individually from each account and each region using APIs or custom tools to view your enterprise-wide compliance status. Now, you can monitor your Config rule compliance status across your enterprise through a central dashboard, without the need to navigate between multiple consoles. You can also dive deeper to view status for a specific region or a specific account across regions, helping you identify non-compliant accounts.
You can get started by enabling Config and Config rules in your accounts. Next, create an aggregator and provide a list of AWS account IDs or, if you are an AWS Organizations customer, your organization details. This specifies the accounts whose compliance data needs to be aggregated. The aggregated dashboard in AWS Config will display the total count of non-compliant rules across the organization, the top five non-compliant rules by number of resources, and the top five AWS accounts that have the most number of non-compliant rules. You can then drill down to view details about the resources that are violating the rule, and the list of rules that are being violated by an account.
The multi-account, multi-region data aggregation capability is available in the following nine regions: US East (N.Virginia), US East (Ohio), US West (Oregon), US West (San Francisco), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Singapore).