AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-07-04 · Documentation low

File: solutions/latest/workload-discovery-on-aws/prerequisites.md

Summary

Added section for verifying AWS Config aggregator type with CLI command and output example

Security assessment

Enhances documentation about proper AWS Config setup, which relates to security best practices for configuration management. While not addressing a specific vulnerability, it improves security-related documentation by clarifying requirements for secure aggregator configuration.

Diff

diff --git a/solutions/latest/workload-discovery-on-aws/prerequisites.md b/solutions/latest/workload-discovery-on-aws/prerequisites.md
index 8b6009257..6ab3da1f1 100644
--- a//solutions/latest/workload-discovery-on-aws/prerequisites.md
+++ b//solutions/latest/workload-discovery-on-aws/prerequisites.md
@@ -71,0 +72,25 @@ To check your current AWS Config configuration:
+### Verify AWS Config aggregator type
+
+If supplying an existing AWS Config aggregator (only supported in `AWS_ORGANIZATIONS` mode), ensure that the aggregator is an AWS Organization wide aggregator. Run the following command and verify the presence of the `OrganizationAggregationSource` field:
+    
+    
+    aws configservice describe-configuration-aggregators
+
+Output:
+    
+    
+    {
+        "ConfigurationAggregators": [
+            {
+                "ConfigurationAggregatorName": "aggregator-name",
+                "ConfigurationAggregatorArn": "arn:aws:config:eu-west-1:123456789012:config-aggregator/config-aggregator-5jfoefab",
+                "OrganizationAggregationSource": {
+                    "RoleArn": "arn:aws:iam::123456789012:role/service-role/ConfigAggregator-ConfigOrganizationsRole",
+                    "AllAwsRegions": true
+                },
+                "CreationTime": "2024-11-19T15:13:22.979000+00:00",
+                "LastUpdatedTime": "2024-11-19T15:13:22.990000+00:00"
+            }
+        ]
+    }
+