Voiced by Amazon Polly |
Introduction
The service that keeps track of resources and modifications made to resources linked to an AWS account is called AWS Config. To determine when and what resource the change was made into, this service may provide you with a comprehensive view of the resource configuration timeline. Additionally, it allows you to assess overall rule compliance. This makes operational troubleshooting, security analysis, change management, and compliance auditing easier. Challenge to the customer was config service is regional service. Check and manage the resource compliance region wise using config was time consuming task for the operation engineers. The solution for this challenge is config aggregator. In this blog we will take the overview of config aggregator.
Transform Your Career with AWS Certifications
- Advanced Skills
- AWS Official Curriculum
- 10+ Hand-on Labs
Overview of config aggregator
To give you a consistent view of your organization’s compliance status, an aggregator is an AWS Config resource that gathers configuration rule and compliance data from several accounts and regions into a single account.
Using an aggregator, AWS Config can collect resource configuration data from the following:
- Multiple accounts and regions
- All accounts in the Organization
- Single account multiple region
The way an aggregator gathers AWS Configuration data from various accounts and regions is shown in the following figure.
Benefit of using config aggregator
- An enterprise-level view of the configuration and compliance data in one location is easy to set up.
- AWS Organizations are integrated. The aggregator will automatically update itself if a member account joins or leaves from an organization.
- It is available to anyone who do not utilize AWS Organizations, even if utilizing it with AWS Organizations makes setup simpler.
Terminology in Config aggregator
- Source account: – The AWS account from which you wish to compile AWS Config resource configuration and compliance information is known as the source account. In AWS Organizations, a source account can be either an individual account or an organization.
- Aggregator account: – An account where an aggregator is created is known as an aggregator account.
- Source Region: – The AWS region from which you compile AWS Config configuration and compliance data is known as the source region.
Getting started with config aggregator
- Sign-in to AWS management console and open config service. From the left navigation pane, choose Aggregators, and then select Create aggregator.
- In create aggregator page select Allow AWS Config to replicate data from source account(s)
- Give name to the aggregator.
- In Select source accounts, section select Add my organization from where you want to aggregate data.
If you are not using organization, then select Add individual account ID.
- Select “Create a role” under “Choose IAM role,” then type the name of the IAM role. AWS Config can contact AWS Organizations APIs because of to the AWSConfigRoleForOrganizations managed policy in this recently defined IAM role.
- In Regions section, choose the regions for which you want to aggregate data. Then select create aggregator.
AWS Config begins collecting information from each member account in your company into an aggregator. The resource configuration and rule compliance status will appear on the aggregator page in config service. AWS Config may take several minutes for the same.
- Select Resources under aggregator option. You will be able to view the multi account, multi region resources.
- On the Advanced queries page, you can use sample queries to query data from aggregated configuration items. Filter the query to check S3 bucket versioning.
- Click the filter result and then select your aggregator in Query scope. Then select
- You will be able to view the bucket with versioning disabled in all of your account within organization.
Cost for the aggregator
Config Aggregator does not come with any additional fees. The amount of configuration items that are recorded, the number of active AWS Config rule evaluations, and the number of compliance pack evaluations in your account are the only three factors that affect configuration cost. Aggregator is mainly a means of combining your results for a unified viewing experience.
Earn Multiple AWS Certifications for the Price of Two
- AWS Authorized Instructor led Sessions
- AWS Official Curriculum
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
WRITTEN BY Mahek Tamboli
Comments