Configuration Aggregator to All Regions Disabled
- Query id: a2fdf451-89dd-451e-af92-bf6c0f4bab96
- Query name: Configuration Aggregator to All Regions Disabled
- Platform: Ansible
- Severity: Low
- Category: Observability
- CWE: 285
- URL: Github
Description¶
AWS Config Configuration Aggregator All Regions must be set to True
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create cross-account aggregator
community.aws.aws_config_aggregator:
name: test_config_rule
state: present
account_sources:
account_ids:
- 1234567890
- 0123456789
- 9012345678
all_aws_regions: no
organization_source:
all_aws_regions: yes
- name: Create cross-account aggregator2
community.aws.aws_config_aggregator:
name: test_config_rule
state: present
account_sources:
account_ids:
- 1234567890
- 0123456789
- 9012345678
all_aws_regions: yes
organization_source:
all_aws_regions: no