I followed the instructions to set up an aggregator with AWS Config. However, no data was collected by the aggregator, or I received an error similar to the following: AWS Config does not have permission from the source account to replicate data into an aggregator account. Authorize aggregator account to replicate data from source accounts and region.
Short description
AWS Config aggregators are configured with AWS account IDs or AWS Organizations account IDs. You must specify the AWS Region for the aggregate data. If your aggregator source account is your AWS Organizations account, then authorization isn't required. If your aggregator source account is an individual AWS account, then authorization is required.
Note: To collect data from an Organizations account, the aggregator must be created from the management account or delegated administrator for AWS Config in that Region.
Resolution
Important: Before you begin, be sure that the AWS Command Line Interface (AWS CLI) is installed and configured. If you receive errors with the AWS CLI command, then make sure to use the most recent version of the AWS CLI. Be sure that AWS Config and the AWS Config rules are set up in the same AWS Region as the source account.
Add authorization to aggregator accounts with the AWS Config console or the AWS CLI. For instructions on how to add authorization to aggregator accounts, see Authorizing Aggregator Accounts to Collect AWS Config Configuration and Compliance Data.
Note: If you select multiple AWS Regions during aggregator set up, then be sure to authorize the aggregator request for each Region.
Related information
Adding Authorization
How can I troubleshoot AWS Config console error messages?