Configuration Aggregator to All Regions Disabled
- Query id: ac5a0bc0-a54c-45aa-90c3-15f7703b9132
- Query name: Configuration Aggregator to All Regions Disabled
- Platform: Terraform
- Severity: Medium
- Category: Observability
- URL: Github
Description¶
AWS Config Configuration Aggregator All Regions must be set to True
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_config_configuration_aggregator" "positive1" {
name = "example"
account_aggregation_source {
account_ids = ["123456789012"]
regions = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"]
}
}
resource "aws_config_configuration_aggregator" "positive2" {
depends_on = [aws_iam_role_policy_attachment.organization]
name = "example" # Required
organization_aggregation_source {
all_regions = false
role_arn = aws_iam_role.organization.arn
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_config_configuration_aggregator" "negative1" {
name = "example"
account_aggregation_source {
all_regions = true
}
}
resource "aws_config_configuration_aggregator" "negative2" {
depends_on = [aws_iam_role_policy_attachment.organization]
name = "example" # Required
organization_aggregation_source {
all_regions = true
role_arn = aws_iam_role.organization.arn
}
}