Posted On: Feb 4, 2020

AWS Config now supports multi-account, multi-region data aggregation capability in AWS GovCloud (US). This feature enables you to aggregate resource configuration and Config rule compliance data into a single account and Region, which reduces the time and overhead needed to gather an enterprise-wide view of your resource inventory and compliance status for governance. The data aggregation capability is also integrated with AWS Organizations, so you can centrally retrieve this data for any account within your organization.  

You can start by enabling AWS Config and AWS Config rules in your accounts. Next, create an aggregator and provide a list of AWS account IDs. For AWS Organizations customers, provide the organization’s details instead of AWS account IDs. This specifies the accounts whose configuration and compliance data needs to be aggregated. For each aggregator, the Aggregated view section in the AWS Config console displays the total count of resources that are currently being recorded by AWS Config, the top 20 resource types by resource count, and the top five accounts by resource count. If you enabled AWS Config rules, you can also see a count of compliant and non-compliant rules, the top five non-compliant rules by number of resources, and the top five AWS accounts by number of non-compliant rules. You can then click any of these widgets to view additional details, such as the current configuration of a resource or the resources that violate a specific AWS Config rule. 

The multi-account, multi-region data aggregation capability is now available in both AWS GovCloud (US) Regions. For a full list of regions where the data aggregation capability is offered, see our documentation.