Posted On: Nov 19, 2018
The multi-account, multi-Region data aggregation capability in AWS Config now supports aggregating the configuration data of AWS resources. Aggregation of resource configuration data complements AWS Config rule compliance data aggregation, which launched earlier this year. With this launch, IT administrators can centrally monitor both configuration and compliance data from multiple accounts and Regions. This helps you reduce the time and overhead needed to gather an enterprise-wide view of your resource inventory and AWS Config rule compliance status.
With this capability, you can view the AWS resource inventory from multiple accounts and Regions in the AWS Config console through a central account. You can also use AWS Config aggregator APIs to retrieve data for display in your internal dashboards. The data aggregation capability is also integrated with AWS Organizations, so you can centrally retrieve this data for any account within your organization.
You can get started by enabling AWS Config and AWS Config rules in your accounts. Next, create an aggregator and provide a list of AWS account IDs. For AWS Organizations customers, provide the organization’s details instead of AWS account IDs. This specifies the accounts whose configuration and compliance data needs to be aggregated. For each aggregator, the “Aggregated View” section in the AWS Config console will display the total count of resources that are currently being recorded by AWS Config, the top 20 resource types by resource count, and the top five accounts by resource count. If you have enabled AWS Config rules, you can also see a count of compliant and non-compliant rules, the top five non-compliant rules by number of resources, and the top five AWS accounts by number of non-compliant rules. You can then click on any of these widgets and drill down to view additional details such as the current configuration of a resource or the resources that are violating a particular AWS Config rule.
The multi-account, multi-Region data aggregation capability is available in all public AWS Regions where AWS Config is offered.