AWS solutions documentation change
Summary
Added section for verifying AWS Config aggregator type with CLI command and output example
Security assessment
Enhances documentation about proper AWS Config setup, which relates to security best practices for configuration management. While not addressing a specific vulnerability, it improves security-related documentation by clarifying requirements for secure aggregator configuration.
Diff
diff --git a/solutions/latest/workload-discovery-on-aws/prerequisites.md b/solutions/latest/workload-discovery-on-aws/prerequisites.md index 8b6009257..6ab3da1f1 100644 --- a//solutions/latest/workload-discovery-on-aws/prerequisites.md +++ b//solutions/latest/workload-discovery-on-aws/prerequisites.md @@ -71,0 +72,25 @@ To check your current AWS Config configuration: +### Verify AWS Config aggregator type + +If supplying an existing AWS Config aggregator (only supported in `AWS_ORGANIZATIONS` mode), ensure that the aggregator is an AWS Organization wide aggregator. Run the following command and verify the presence of the `OrganizationAggregationSource` field: + + + aws configservice describe-configuration-aggregators + +Output: + + + { + "ConfigurationAggregators": [ + { + "ConfigurationAggregatorName": "aggregator-name", + "ConfigurationAggregatorArn": "arn:aws:config:eu-west-1:123456789012:config-aggregator/config-aggregator-5jfoefab", + "OrganizationAggregationSource": { + "RoleArn": "arn:aws:iam::123456789012:role/service-role/ConfigAggregator-ConfigOrganizationsRole", + "AllAwsRegions": true + }, + "CreationTime": "2024-11-19T15:13:22.979000+00:00", + "LastUpdatedTime": "2024-11-19T15:13:22.990000+00:00" + } + ] + } +