Authorizing Aggregator Accounts to Collect Amazon Config Configuration and Compliance Data Using the Amazon Command Line Interface
You can authorize aggregator accounts to collect Amazon Config data from source accounts and delete aggregator accounts using the Amazon Command Line Interface (Amazon CLI). To use the Amazon Management Console, see Authorizing Aggregator Accounts to Collect Amazon Config Configuration and Compliance Data Using the Console.
The Amazon CLI is a unified tool to manage your Amazon services. With just one tool to download and configure, you can control multiple Amazon services from the command line and use scripts to automate them. For more information about the Amazon CLI and for instructions on installing the Amazon CLI tools, see the following in the Amazon Command Line Interface User Guide.
If necessary, type aws configure to configure the Amazon CLI to use an Amazon
Region where Amazon Config conformance packs are available.
Topics
Add Authorization for Aggregator Accounts and Regions
-
Open a command prompt or a terminal window.
-
Type the following command:
aws configservice put-aggregation-authorization --authorized-account-idAccountID--authorized-aws-regionRegion -
Press Enter.
You should see output similar to the following:
{ "AggregationAuthorization": { "AuthorizedAccountId": "AccountID", "AggregationAuthorizationArn": "arn:aws:config:Region:AccountID:aggregation-authorization/AccountID/Region", "CreationTime": 1518116709.993, "AuthorizedAwsRegion": "Region" } }
Delete an Authorization Account
To delete an authorized account using the Amazon CLI
-
Type the following command:
aws configservice delete-aggregation-authorization --authorized-account-idAccountID--authorized-aws-regionRegionIf successful, the command executes with no additional output.