2 Answers
- Newest
- Most votes
- Most comments
0
You can still use a similar process to the one in the solution you mentioned, but you will need to setup multi-account, multi-region data aggregation in AWS Config. See more info here -> https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html
answered 2 years ago
0
Take a look at this Amazon prescriptive guidance pattern -> https://apg-library.amazonaws.com/content/9862df6d-3d3d-482d-b122-04198ed691e2 and this Amazon EventBridge document -> https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html to see if that helps with your notifications with AWS Config aggregators.
answered 2 years ago
Relevant content
- asked 6 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 months ago
I already enable the trusted access since AWS Organizations for AWS Config, in fact i see the resources of all my accounts in Aggregators -> Resources, but if I try to create an eventbridge event with this JSON: (similar of the solution that mention on the post that i shared that it is in one account) { "source": ["aws.config"], "detail-type": ["Config Configuration Item Change"], "detail": { "messageType": ["ConfigurationItemChangeNotification"], "ConfigurationAggregator": { "ConfigurationAggregatorName": ["aws-controltower-ConfigAggregatorForOrganizations"], "ConfigurationAggregatorArn": ["arn:aws:config:us-east-1:802412677794:config-aggregator/config-aggregator-12v4dgci"] }, "ConfigurationItem": { "configurationItemStatus": ["ResourceDiscovered"], "resourceType": ["AWS::EC2::Instance"] } } } But it doesn't work, so I think EventBridge doesn't support multi-region or multi-account events.