Configuration Aggregator to All Regions Disabled

  • Query id: a2fdf451-89dd-451e-af92-bf6c0f4bab96
  • Query name: Configuration Aggregator to All Regions Disabled
  • Platform: Ansible
  • Severity: Low
  • Category: Observability
  • CWE: 285
  • URL: Github

Description

AWS Config Configuration Aggregator All Regions must be set to True
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Create cross-account aggregator
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: no
    organization_source:
      all_aws_regions: yes
- name: Create cross-account aggregator2
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: yes
    organization_source:
      all_aws_regions: no

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create cross-account aggregator
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: yes
    organization_source:
      all_aws_regions: yes