Configuration
data class ConfigurationAggregatorArgs(val accountAggregationSource: Output<ConfigurationAggregatorAccountAggregationSourceArgs>? = null, val name: Output<String>? = null, val organizationAggregationSource: Output<ConfigurationAggregatorOrganizationAggregationSourceArgs>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ConfigurationAggregatorArgs>
Manages an AWS Config Configuration Aggregator
Example Usage
Account Based Aggregation
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const account = new aws.cfg.ConfigurationAggregator("account", {
name: "example",
accountAggregationSource: {
accountIds: ["123456789012"],
regions: ["us-west-2"],
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
account = aws.cfg.ConfigurationAggregator("account",
name="example",
account_aggregation_source={
"account_ids": ["123456789012"],
"regions": ["us-west-2"],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var account = new Aws.Cfg.ConfigurationAggregator("account", new()
{
Name = "example",
AccountAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorAccountAggregationSourceArgs
{
AccountIds = new[]
{
"123456789012",
},
Regions = new[]
{
"us-west-2",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cfg.NewConfigurationAggregator(ctx, "account", &cfg.ConfigurationAggregatorArgs{
Name: pulumi.String("example"),
AccountAggregationSource: &cfg.ConfigurationAggregatorAccountAggregationSourceArgs{
AccountIds: pulumi.StringArray{
pulumi.String("123456789012"),
},
Regions: pulumi.StringArray{
pulumi.String("us-west-2"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cfg.ConfigurationAggregator;
import com.pulumi.aws.cfg.ConfigurationAggregatorArgs;
import com.pulumi.aws.cfg.inputs.ConfigurationAggregatorAccountAggregationSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var account = new ConfigurationAggregator("account", ConfigurationAggregatorArgs.builder()
.name("example")
.accountAggregationSource(ConfigurationAggregatorAccountAggregationSourceArgs.builder()
.accountIds("123456789012")
.regions("us-west-2")
.build())
.build());
}
}Content copied to clipboard
resources:
account:
type: aws:cfg:ConfigurationAggregator
properties:
name: example
accountAggregationSource:
accountIds:
- '123456789012'
regions:
- us-west-2Content copied to clipboard
Organization Based Aggregation
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["config.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const organizationRole = new aws.iam.Role("organization", {
name: "example",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("organization", {
role: organizationRole.name,
policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
});
const organization = new aws.cfg.ConfigurationAggregator("organization", {
name: "example",
organizationAggregationSource: {
allRegions: true,
roleArn: organizationRole.arn,
},
}, {
dependsOn: [organizationRolePolicyAttachment],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["config.amazonaws.com"],
}],
"actions": ["sts:AssumeRole"],
}])
organization_role = aws.iam.Role("organization",
name="example",
assume_role_policy=assume_role.json)
organization_role_policy_attachment = aws.iam.RolePolicyAttachment("organization",
role=organization_role.name,
policy_arn="arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations")
organization = aws.cfg.ConfigurationAggregator("organization",
name="example",
organization_aggregation_source={
"all_regions": True,
"role_arn": organization_role.arn,
},
opts = pulumi.ResourceOptions(depends_on=[organization_role_policy_attachment]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"config.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var organizationRole = new Aws.Iam.Role("organization", new()
{
Name = "example",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("organization", new()
{
Role = organizationRole.Name,
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
});
var organization = new Aws.Cfg.ConfigurationAggregator("organization", new()
{
Name = "example",
OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs
{
AllRegions = true,
RoleArn = organizationRole.Arn,
},
}, new CustomResourceOptions
{
DependsOn =
{
organizationRolePolicyAttachment,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"config.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
organizationRole, err := iam.NewRole(ctx, "organization", &iam.RoleArgs{
Name: pulumi.String("example"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
organizationRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, "organization", &iam.RolePolicyAttachmentArgs{
Role: organizationRole.Name,
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"),
})
if err != nil {
return err
}
_, err = cfg.NewConfigurationAggregator(ctx, "organization", &cfg.ConfigurationAggregatorArgs{
Name: pulumi.String("example"),
OrganizationAggregationSource: &cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{
AllRegions: pulumi.Bool(true),
RoleArn: organizationRole.Arn,
},
}, pulumi.DependsOn([]pulumi.Resource{
organizationRolePolicyAttachment,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.cfg.ConfigurationAggregator;
import com.pulumi.aws.cfg.ConfigurationAggregatorArgs;
import com.pulumi.aws.cfg.inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("config.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var organizationRole = new Role("organizationRole", RoleArgs.builder()
.name("example")
.assumeRolePolicy(assumeRole.json())
.build());
var organizationRolePolicyAttachment = new RolePolicyAttachment("organizationRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(organizationRole.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations")
.build());
var organization = new ConfigurationAggregator("organization", ConfigurationAggregatorArgs.builder()
.name("example")
.organizationAggregationSource(ConfigurationAggregatorOrganizationAggregationSourceArgs.builder()
.allRegions(true)
.roleArn(organizationRole.arn())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(organizationRolePolicyAttachment)
.build());
}
}Content copied to clipboard
resources:
organization:
type: aws:cfg:ConfigurationAggregator
properties:
name: example
organizationAggregationSource:
allRegions: true
roleArn: ${organizationRole.arn}
options:
dependsOn:
- ${organizationRolePolicyAttachment}
organizationRole:
type: aws:iam:Role
name: organization
properties:
name: example
assumeRolePolicy: ${assumeRole.json}
organizationRolePolicyAttachment:
type: aws:iam:RolePolicyAttachment
name: organization
properties:
role: ${organizationRole.name}
policyArn: arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations
variables:
assumeRole:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- config.amazonaws.com
actions:
- sts:AssumeRoleContent copied to clipboard
Import
Using pulumi import, import Configuration Aggregators using the name. For example:
$ pulumi import aws:cfg/configurationAggregator:ConfigurationAggregator example fooContent copied to clipboard
Constructors
Link copied to clipboard
constructor(accountAggregationSource: Output<ConfigurationAggregatorAccountAggregationSourceArgs>? = null, name: Output<String>? = null, organizationAggregationSource: Output<ConfigurationAggregatorOrganizationAggregationSourceArgs>? = null, tags: Output<Map<String, String>>? = null)
Properties
Link copied to clipboard
The account(s) to aggregate config data from as documented below.
Link copied to clipboard
val organizationAggregationSource: Output<ConfigurationAggregatorOrganizationAggregationSourceArgs>? = null
The organization to aggregate config data from as documented below.
Link copied to clipboard
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. Either account_aggregation_source or organization_aggregation_source must be specified.