Configuration aggregator has no all regions enabled

ID

aws_config_aggregator_all_regions

Severity

low

Vendor

AWS

Resource

Other

Tags

non-reachable

Description

Configuration aggregator has no all regions enabled. Enabling all regions will help limit the risk of any unmonitored configuration in regions that are thought to be unused.

To fix it you must configure organization_source.all_aws_regions=true, by default is false.

Learn more about this topic at AWS Config aggregate data.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Aggregator
      community.aws.config_aggregator:
        name: test_config_rule
        state: present
        organization_source:
          all_aws_regions: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Aggregator
      community.aws.config_aggregator:
        name: test_config_rule
        state: present
        organization_source:
          all_aws_regions: true