Control: Config service aggregator should only collect data from trusted accounts
Description
Config service aggregator helps in monitoring compliance data for rules and accounts in the aggregated view. An aggregator is an AWS Config resource type that collects AWS Config configuration and compliance data from (1) Multiple accounts and multiple regions, (2) Single account and multiple regions, (3) An organization in AWS Organizations and all the accounts in that organization which have AWS Config enabled.
Usage
Run the control in your terminal:
powerpipe control run aws_perimeter.control.config_aggregator_shared_with_trusted_accounts
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_perimeter.control.config_aggregator_shared_with_trusted_accounts --share
Steampipe Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | trusted_accounts |
| A list of trusted accounts. |
SQL
select title as resource, case when authorized_account_id is null or authorized_account_id = any (($1)::text[]) then 'ok' else 'info' end as status, case when authorized_account_id is null or authorized_account_id = any (($1)::text[]) then title || ' shared with trusted account.' else title || ' shared with untrusted account ' || authorized_account_id || '.' end as reason , region, account_idfrom aws_config_aggregate_authorization;