Help Center> Config> User Guide> Resource Aggregation> Creating a Resource Aggregator
Updated on 2024-05-16 GMT+08:00
View PDF

Creating a Resource Aggregator

Scenarios

You can create an account specific or organization specific aggregator.

To aggregate resource data from a source account to an aggregator account, authorization from the source account is required. For details, see Authorizing a Resource Aggregator Account.

To create an organization aggregator, you need the following permissions for Organizations:

  • organizations:organizations:get
  • organizations:accounts:list
  • organizations:delegatedAdministrators:list
  • organizations:trustedServices:enable
  • organizations:trustedServices:list

Procedure

  1. Sign in to the Config console.
  2. Click in the upper left corner. Under Management & Governance, click Config.
  3. In the left navigation, choose Resource Aggregation > Aggregators.
  4. In the upper right corner, click Create Aggregator.
  5. On the Create Aggregator page, select Allow data replication and configure the aggregator name and source accounts.

    If you select Add individual account IDs for Source Type, enter account IDs and separate them with commas (,). If you select Add my organization, the resource aggregator aggregates data of all member accounts in the organization without the need to specify individual account IDs.

    Figure 1 Create Aggregator
    • An account specific aggregator can only aggregate data from accounts, so source account IDs must be specified. For details about how to obtain an account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
    • If you need to create an organization aggregator, you must use an organization management account or a delegated administrator account of Config and the Organizations service must be enabled. For details, see Specifying, Viewing, or Removing a Delegated Administrator. If an organization management account is used to create organization aggregators, Config will enable the integration with Organizations by using the enableTrustedService API. If a delegated administrator account of Config is used, Config will call the DelegatedAdministrators API to check whether the account used is valid.

  6. Click OK.
Parent topic: Resource Aggregation