Why is my AWS Config data not getting collected by the aggregator for my AWS account or AWS Organizations account?

Last updated: 2020-11-19

I followed the instructions for setting up an aggregator with AWS Config. However, no data is being collected by the aggregator, or I received an error similar to the following:

"AWS Config does not have permission from the source account to replicate data into an aggregator account. Authorize aggregator account to replicate data from source accounts and region."

Short description

AWS Config aggregators are configured with AWS account IDs or AWS Organizations account IDs. You must specify the AWS Region for the aggregate data. If your aggregator source account is your AWS Organizations account, then authorization isn't required. If your aggregator source account is an individual AWS account, then authorization is required.

Note: To collect data from an Organizations account, the aggregator must be created from the management account.

Resolution

Follow these instructions to add authorization for authorizing aggregator accounts using the AWS Console or the AWS Command Line interface (AWS CLI).

Important: Before you begin, be sure that you installed and configured the AWS CLI. If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI. Be sure that AWS Config and the AWS Config rules are set up in the same AWS Region as the source account.

AWS Config console

AWS CLI

Follow the instructions for Authorizing aggregator accounts to collect AWS Config configuration and compliance data using the AWS CLI.

Note: If you select multiple AWS Regions when setting up the aggregator, be sure to authorize the aggregator request for each Region.

For more information, see Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data Using the Console.