Deleting Authorization for Aggregator Accounts to Collect Amazon Config Configuration and Compliance Data - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Deleting Authorization for Aggregator Accounts to Collect Amazon Config Configuration and Compliance Data

Authorization refers to the permissions you grant to an aggregator account and region to collect your Amazon Config configuration and compliance data. Authorization is not required if you are aggregating source accounts that are part of Amazon Organizations. You can use the Amazon Config console or the Amazon CLI to delete authorizations.

Considerations

There are two types of aggregators: Individual account aggregator and Organization aggregator

For an individual account aggregator, authorization is required for all source accounts and Regions that you want to include, including both external accounts and Regions and Organization member accounts and Regions.

For an organization aggregator, authorization is not required for Organization member account regions since authorization is integrated with the Amazon Organizations service.

Aggregators do not automatically enable Amazon Config on your behalf

Amazon Config needs to be enabled in the source account and Region for either type of aggregator, in order for Amazon Config data to be generated in the source account and Region.

Deleting Authorization

Deleting Authorization (Console)
  1. Sign in to the Amazon Web Services Management Console and open the Amazon Config console at https://console.amazonaws.cn/config/.

  2. Choose the aggregator account that you want to delete authorization, and then choose Delete.

    A warning message is displayed. When you delete this authorization, Amazon Config data will no longer be shared with the aggregator account.

  3. Choose Delete again to confirm your selection.

    The aggregator account is now deleted.

Deleting Authorization (Amazon CLI)

Enter the following command:

aws configservice delete-aggregation-authorization --authorized-account-id AccountID --authorized-aws-region Region

If successful, the command executes with no additional output.