Single And Multi Account AWS Config Aggregator Setup

Single And Multi Account AWS Config Aggregator Setup

Single And Multi Account AWS Config Aggregator Setup

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we discussed how to get all the resources deployed in your AWS landscape.

https://cloudaffaire.com/how-to-get-all-resources-deployed-in-aws/

AWS Config Aggregator is used to collect config and compliance data from multiple accounts and region into a centralized location. Config aggregator can be deployed in three ways, single account multiple regions, multiple accounts and multiple regions and aws organization level. In this blog post, we will first setup a single account multiple region config aggregator and then update that aggregator to include a second region for multi-account multi-region config aggregator setup.

Single And Multi Account AWS Config Aggregator Setup

We will use AWS CLI for this demo to understand the entire config aggregator setup from start to finish for accounts that are not part of AWS Organization. Though CloudFormation stack set for config aggregator using AWS Organizatiob feature is more suitable for this job.

Single And Multi Account AWS Config Aggregator Setup:

Prerequisites:

  • AWS CLI installed and configured with proper access in multiple AWS account. You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

I have setup AWS CLI like below

Step 1: Create S3 bucket in both the accounts to store config data.

Step 2: Create IAM role for AWS Config server in both the accounts.

Step 3: Enable AWS Config service in both the accounts for two regions.

Step 4: Create Config rule in both the accounts and regions.

Step 5: Create Config delivery channel for both the account and region.

Step 6: Start Config recordings in both the account and region.

Step 7: Create the 1st Account (Single Account Multi Region) Config Aggregator in Account A’s ap-south-1 region.

Step 8: Add authorization to config aggregator for Account A.

Step 9: Add a second account (Multi Account Multi Region) to config aggregator.

Step 10: Add authorization for both the regions of Account B

Note: It will take some time for the aggregator to complete the collection. Wait for some time and then check.

You can also check from the console.

Single And Multi Account AWS Config Aggregator Setup

Step 11: Get details on config aggregator.

We have successfully create a multi-account, multi -region config aggregator.

Single And Multi Account AWS Config Aggregator Setup

Next, we will delete all the resources created in this demo.

Step 12: Clean Up.

Hope you have enjoyed this article. To know more about AWS Config, please refer below official documentation

https://docs.aws.amazon.com/config/index.html

Leave a Reply

Close Menu