Overview

Functions

A resource aggregator enables you to aggregate resource configurations and compliance data from multiple accounts or an organization, so that you can centrally view or search for these resource data.

You can only view aggregated resources and their compliance data instead of modifying resource data. For example, you cannot use a resource aggregator to deploy rules or access snapshot files from a source account.

You can only use aggregators to query or view resource data from source accounts. If you need to modify or delete resources, go to related service consoles.

Setting Up An Aggregator

To collect resource data from source accounts, perform the following operations:

1. Create an aggregator. For more details, see Creating a Resource Aggregator.
2. Enable the resource recorder from every source account. For more details, see Configuring the Resource Recorder.
3. Authorize the aggregator account to collect resource configurations and compliance data from source accounts. For more details, see Authorizing an Aggregator Account.
4. View resource configurations and compliance data from source accounts. For more details, see Viewing Aggregated Rules and Viewing Aggregated Resources.

Basic Concepts

Source Account

A source account is an account from which Config aggregates resource configurations and compliance data. A source account can be an account or an organization.

Aggregator

An aggregator is a kind of Config resource allowing you to collect resource configuration and compliance data from multiple resource accounts.

Aggregator Account

An aggregator account is an account used to create an aggregator.

Authorization

Authorization refers to the permissions that an aggregator account needs to obtain from a source account to collect resource configuration and compliance data from the source account. Authorization is not required for an organization specific aggregator.