Posted On: Mar 6, 2020

AWS Config now supports multi-account, multi-region data aggregation and advanced query in the AWS Europe (Stockholm) Region. This feature enables you to aggregate & query resource configuration and AWS Config rule compliance data into a single account and Region, which reduces the time and overhead needed to gather an enterprise-wide view of your resource inventory and compliance status. The data aggregation capability is also integrated with AWS Organizations, so you can centrally retrieve this data for any account within your organization.

You can start by enabling AWS Config and AWS Config rules in your accounts. Next, create an aggregator and provide a list of AWS account IDs. For AWS Organizations customers, provide the organization’s details instead of AWS account IDs. This specifies the accounts whose configuration and compliance data needs to be aggregated. For each aggregator, the aggregated view section in the AWS Config console displays the total count of resources that are currently being recorded by AWS Config, the top 20 resource types by resource count, and the top five accounts by resource count.

It’s easy to get started with advanced query in the AWS Config console or through APIs. When you enable AWS Config in your account, AWS Config discovers and records your resource configuration state, tags, and relationships. In the AWS Config console, under Resources>Advanced query, choose a sample advanced query you want to run, or write your own using a subset of structured query language (SQL) SELECT syntax. In order to run the query on an aggregator, create an aggregator.

For a full list of Regions where the data aggregation capability is offered, see our documentation.