Updated on 2024-07-29 GMT+08:00

Overview

Functions

A resource aggregator enables you to aggregate resource configurations and compliance data from multiple accounts or an organization for centralized data query.

You can only view aggregated resources and their compliance data instead of modifying resource data. For example, you cannot use a resource aggregator to deploy rules or access snapshots from a source account.

You can only use aggregators to query or view resource data from source accounts. If you need to modify or delete resources, go to related service consoles.

Setting Up An Aggregator

To collect resource data from source accounts, perform the following operations:

  1. Create an aggregator. For more details, see Creating a Resource Aggregator.
  2. Enable the resource recorder from every source account. For more details, see Configuring the Resource Recorder.
  3. Authorize the aggregator account to collect resource configurations and compliance data from source accounts. For more details, see Authorizing an Aggregator Account.
  4. View resource configurations and compliance data aggregated. For more details, see Viewing Aggregated Rules and Viewing Aggregated Resources.

Basic Concepts

Source Account

A source account is an account from which Config aggregates resource configurations and compliance data. A source account can be an account or an organization.

Aggregator

An aggregator is a kind of Config resource allowing you to collect resource configuration and compliance data from multiple resource accounts.

Aggregator Account

An aggregator account is an account used to create an aggregator.

Authorization

An aggregator account must gain authorization from source accounts for data collection. An organization aggregator, however, does not need authorization to collect data from members.