Authorizing an Aggregator Account

Scenarios

Before an aggregator account initiates aggregation requests, source accounts must grant this account the permissions to collect resource configurations and compliance data. There are no requirements on the order of adding authorization and creating an aggregator.

An organization specific aggregator can collect resource data of all member accounts in an organization without source account authorization.

Helpful links:

• Adding Authorization
• Accepting an Authorization
• Deleting an Authorization

Adding an Authorization

You can use the Add Authorization function to authorize an aggregator account.

1. Sign in to the Config console.
2. Click in the upper left corner. Under Management & Governance, click Config.
3. In the left navigation, choose Resource Aggregation > Authorizations.
4. Click Add Authorization in the upper right corner of the page.
5. In the Add Authorization dialog box, enter the ID of the aggregator account which you want to authorize.
   Figure 1 Adding an authorization
   

6. Click OK.

   After the authorization is complete, the authorization record is displayed in the Authorized list.

Accepting an Authorization

You can approve a pending authorization request to authorize an aggregator account.

1. Sign in to the Config console.
2. Click in the upper left corner. Under Management & Governance, click Config.
3. In the left navigation, choose Resource Aggregation > Authorizations.
4. Click the Pending Authorization tab, locate the account ID that sends an authorization request to be processed in the list, and click Authorize in the Operation column.
5. In the displayed dialog box, click OK.

   After the authorization request is accepted, the authorization record is displayed in the Authorized list.

   Figure 2 Accepting an authorization
   

Deleting an Authorization

You can revoke authorization from an aggregator account.

1. Sign in to the Config console.
2. Click in the upper left corner. Under Management & Governance, click Config.
3. In the left navigation, choose Resource Aggregation > Authorizations.
4. Locate the authorization to be deleted in the list, and click Delete in the Operation column.
5. In the displayed dialog box, click OK.

   The authorization record will be moved to the Pending Authorization tab, and the authorization status will change to Pending authorization.

   To authorize the aggregator account again, you can click Authorize in the Operation column in the Pending Authorization list.

   Figure 3 Deleting an authorization
   

6. In the Pending Authorization list, locate the authorization, and click Delete in the Operation column. In the displayed dialog box, click OK to delete the authorization record completely.
   

   You can authorize an aggregator account again after revoking the authorization from this account.