Configuration
Manages an AWS Config Configuration Aggregator
Example Usage
Account Based Aggregation
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.ConfigurationAggregator;
import com.pulumi.aws.cfg.ConfigurationAggregatorArgs;
import com.pulumi.aws.cfg.inputs.ConfigurationAggregatorAccountAggregationSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var account = new ConfigurationAggregator("account", ConfigurationAggregatorArgs.builder()
.accountAggregationSource(ConfigurationAggregatorAccountAggregationSourceArgs.builder()
.accountIds("123456789012")
.regions("us-west-2")
.build())
.build());
}
}Content copied to clipboard
Organization Based Aggregation
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.cfg.ConfigurationAggregator;
import com.pulumi.aws.cfg.ConfigurationAggregatorArgs;
import com.pulumi.aws.cfg.inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("config.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var organizationRole = new Role("organizationRole", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var organizationRolePolicyAttachment = new RolePolicyAttachment("organizationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(organizationRole.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations")
.build());
var organizationConfigurationAggregator = new ConfigurationAggregator("organizationConfigurationAggregator", ConfigurationAggregatorArgs.builder()
.organizationAggregationSource(ConfigurationAggregatorOrganizationAggregationSourceArgs.builder()
.allRegions(true)
.roleArn(organizationRole.arn())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(organizationRolePolicyAttachment)
.build());
}
}Content copied to clipboard
Import
Configuration Aggregators can be imported using the name, e.g.,
$ pulumi import aws:cfg/configurationAggregator:ConfigurationAggregator example fooContent copied to clipboard
Properties
Link copied to clipboard
The account(s) to aggregate config data from as documented below.
Link copied to clipboard
The organization to aggregate config data from as documented below.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. Either account_aggregation_source or organization_aggregation_source must be specified.