AWS Config is now Multi-Account, Multi-region since APR 2018 https://aws.amazon.com/about-aws/whats-new/2018/04/new-multi-account-multi-region-data-aggregation-capability-in-aws-config/
New Multi-Account, Multi-Region Data Aggregation Capability in AWS Config
Posted On: Apr 4, 2018
AWS Config now includes multi-account, multi-region data aggregation, enabling centralized auditing and governance. This feature reduces the time and overhead needed to gather an enterprise-wide view of your compliance status.
Previously, you had to gather information individually from each account and each region using APIs or custom tools to view your enterprise-wide compliance status. Now, you can monitor your Config rule compliance status across your enterprise through a central dashboard, without the need to navigate between multiple consoles. You can also dive deeper to view status for a specific region or a specific account across regions, helping you identify non-compliant accounts.
You can get started by enabling Config and Config rules in your accounts. Next, create an aggregator and provide a list of AWS account IDs or, if you are an AWS Organizations customer, your organization details. This specifies the accounts whose compliance data needs to be aggregated. The aggregated dashboard in AWS Config will display the total count of non-compliant rules across the organization, the top five non-compliant rules by number of resources, and the top five AWS accounts that have the most number of non-compliant rules. You can then drill down to view details about the resources that are violating the rule, and the list of rules that are being violated by an account.
The multi-account, multi-region data aggregation capability is available in the following nine regions: US East (N.Virginia), US East (Ohio), US West (Oregon), US West (San Francisco), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Singapore).
1 Answers
Hi,
You are kind of right that AWS Config got an update regarding Multi-Account and Multi-Region Aggregation. But that’s the point the new feature for Multi-Account and Multi-Region is only for an aggregated view of your configured AWS Config Recordings and Rules in multiple accounts across multiple regions.
You nevertheless have to configure AWS Config in the exact same steps, for every reason in every account. and additionally configure the AWS Config Aggregator to create the Aggregated View. This feature nevertheless is helpfull in conjunction with AWS Organizations and a centralized Logging/Monitoring account.
So an addition/update of this new feature would be nice to have, but as you don’t get any centralized configuration options for AWS Config the benefit of an update should be relatively low, as well as it might not be 100% security relevant and that’s what this course is about.
I like this answer!
can u please upload latest video ?
There’s another small update – more regions have been added since the original announcement, namely: Asia Pacific (Mumbai), Asia Pacific (Seoul), Canada (Central), EU (London), EU (Paris), and South America (São Paulo). https://aws.amazon.com/about-aws/whats-new/2018/10/aws-config-multi-account-multi-region-data-aggregation-capability-now-available-in-six-additional-regions/