Configuration Aggregator to All Regions Disabled

• Query id: a2fdf451-89dd-451e-af92-bf6c0f4bab96
• Query name: Configuration Aggregator to All Regions Disabled
• Platform: Ansible
• Severity: Low
• Category: Observability
• CWE: 285
• URL: Github

Description

AWS Config Configuration Aggregator All Regions must be set to True
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: Create cross-account aggregator
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: no
    organization_source:
      all_aws_regions: yes
- name: Create cross-account aggregator2
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: yes
    organization_source:
      all_aws_regions: no

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Create cross-account aggregator
  community.aws.aws_config_aggregator:
    name: test_config_rule
    state: present
    account_sources:
      account_ids:
      - 1234567890
      - 0123456789
      - 9012345678
      all_aws_regions: yes
    organization_source:
      all_aws_regions: yes