ConfigurationAggregator
Manages an AWS Config Configuration Aggregator
Example Usage
Account Based Aggregation
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var account = new Aws.Cfg.ConfigurationAggregator("account", new Aws.Cfg.ConfigurationAggregatorArgs
{
AccountAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorAccountAggregationSourceArgs
{
AccountIds =
{
"123456789012",
},
Regions =
{
"us-west-2",
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cfg"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cfg.NewConfigurationAggregator(ctx, "account", &cfg.ConfigurationAggregatorArgs{
AccountAggregationSource: &cfg.ConfigurationAggregatorAccountAggregationSourceArgs{
AccountIds: pulumi.StringArray{
pulumi.String("123456789012"),
},
Regions: pulumi.StringArray{
pulumi.String("us-west-2"),
},
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
account = aws.cfg.ConfigurationAggregator("account", account_aggregation_source={
"accountIds": ["123456789012"],
"regions": ["us-west-2"],
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const account = new aws.cfg.ConfigurationAggregator("account", {
accountAggregationSource: {
accountIds: ["123456789012"],
regions: ["us-west-2"],
},
});Organization Based Aggregation
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var organizationRole = new Aws.Iam.Role("organizationRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""config.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var organizationConfigurationAggregator = new Aws.Cfg.ConfigurationAggregator("organizationConfigurationAggregator", new Aws.Cfg.ConfigurationAggregatorArgs
{
OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs
{
AllRegions = true,
RoleArn = organizationRole.Arn,
},
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.organization",
},
});
var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("organizationRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
Role = organizationRole.Name,
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cfg"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
organizationRole, err := iam.NewRole(ctx, "organizationRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Sid\": \"\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"Service\": \"config.amazonaws.com\"\n", " },\n", " \"Action\": \"sts:AssumeRole\"\n", " }\n", " ]\n", "}\n", "\n")),
})
if err != nil {
return err
}
_, err = cfg.NewConfigurationAggregator(ctx, "organizationConfigurationAggregator", &cfg.ConfigurationAggregatorArgs{
OrganizationAggregationSource: &cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{
AllRegions: pulumi.Bool(true),
RoleArn: organizationRole.Arn,
},
}, pulumi.DependsOn([]pulumi.Resource{
"aws_iam_role_policy_attachment.organization",
}))
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "organizationRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"),
Role: organizationRole.Name,
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
organization_role = aws.iam.Role("organizationRole", assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "config.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
""")
organization_configuration_aggregator = aws.cfg.ConfigurationAggregator("organizationConfigurationAggregator", organization_aggregation_source={
"allRegions": True,
"role_arn": organization_role.arn,
},
opts=ResourceOptions(depends_on=["aws_iam_role_policy_attachment.organization"]))
organization_role_policy_attachment = aws.iam.RolePolicyAttachment("organizationRolePolicyAttachment",
policy_arn="arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
role=organization_role.name)import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const organizationRole = new aws.iam.Role("organization", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "config.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
`,
});
const organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment("organization", {
policyArn: "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
role: organizationRole.name,
});
const organizationConfigurationAggregator = new aws.cfg.ConfigurationAggregator("organization", {
organizationAggregationSource: {
allRegions: true,
roleArn: organizationRole.arn,
},
}, { dependsOn: [organizationRolePolicyAttachment] });Create a ConfigurationAggregator Resource
new ConfigurationAggregator(name: string, args?: ConfigurationAggregatorArgs, opts?: CustomResourceOptions);def ConfigurationAggregator(resource_name, opts=None, account_aggregation_source=None, name=None, organization_aggregation_source=None, tags=None, __props__=None);func NewConfigurationAggregator(ctx *Context, name string, args *ConfigurationAggregatorArgs, opts ...ResourceOption) (*ConfigurationAggregator, error)public ConfigurationAggregator(string name, ConfigurationAggregatorArgs? args = null, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args ConfigurationAggregatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConfigurationAggregatorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConfigurationAggregatorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
ConfigurationAggregator Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The ConfigurationAggregator resource accepts the following input properties:
- Account
Aggregation ConfigurationSource Aggregator Account Aggregation Source Args The account(s) to aggregate config data from as documented below.
- Name string
The name of the configuration aggregator.
- Organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source Args The organization to aggregate config data from as documented below.
- Dictionary<string, string>
A map of tags to assign to the resource.
- Account
Aggregation ConfigurationSource Aggregator Account Aggregation Source The account(s) to aggregate config data from as documented below.
- Name string
The name of the configuration aggregator.
- Organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source The organization to aggregate config data from as documented below.
- map[string]string
A map of tags to assign to the resource.
- account
Aggregation ConfigurationSource Aggregator Account Aggregation Source The account(s) to aggregate config data from as documented below.
- name string
The name of the configuration aggregator.
- organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source The organization to aggregate config data from as documented below.
- {[key: string]: string}
A map of tags to assign to the resource.
- account_
aggregation_ Dict[Configurationsource Aggregator Account Aggregation Source] The account(s) to aggregate config data from as documented below.
- name str
The name of the configuration aggregator.
- organization_
aggregation_ Dict[Configurationsource Aggregator Organization Aggregation Source] The organization to aggregate config data from as documented below.
- Dict[str, str]
A map of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the ConfigurationAggregator resource produces the following output properties:
Look up an Existing ConfigurationAggregator Resource
Get an existing ConfigurationAggregator resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConfigurationAggregatorState, opts?: CustomResourceOptions): ConfigurationAggregatorstatic get(resource_name, id, opts=None, account_aggregation_source=None, arn=None, name=None, organization_aggregation_source=None, tags=None, __props__=None);func GetConfigurationAggregator(ctx *Context, name string, id IDInput, state *ConfigurationAggregatorState, opts ...ResourceOption) (*ConfigurationAggregator, error)public static ConfigurationAggregator Get(string name, Input<string> id, ConfigurationAggregatorState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Account
Aggregation ConfigurationSource Aggregator Account Aggregation Source Args The account(s) to aggregate config data from as documented below.
- Arn string
The ARN of the aggregator
- Name string
The name of the configuration aggregator.
- Organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source Args The organization to aggregate config data from as documented below.
- Dictionary<string, string>
A map of tags to assign to the resource.
- Account
Aggregation ConfigurationSource Aggregator Account Aggregation Source The account(s) to aggregate config data from as documented below.
- Arn string
The ARN of the aggregator
- Name string
The name of the configuration aggregator.
- Organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source The organization to aggregate config data from as documented below.
- map[string]string
A map of tags to assign to the resource.
- account
Aggregation ConfigurationSource Aggregator Account Aggregation Source The account(s) to aggregate config data from as documented below.
- arn string
The ARN of the aggregator
- name string
The name of the configuration aggregator.
- organization
Aggregation ConfigurationSource Aggregator Organization Aggregation Source The organization to aggregate config data from as documented below.
- {[key: string]: string}
A map of tags to assign to the resource.
- account_
aggregation_ Dict[Configurationsource Aggregator Account Aggregation Source] The account(s) to aggregate config data from as documented below.
- arn str
The ARN of the aggregator
- name str
The name of the configuration aggregator.
- organization_
aggregation_ Dict[Configurationsource Aggregator Organization Aggregation Source] The organization to aggregate config data from as documented below.
- Dict[str, str]
A map of tags to assign to the resource.
Supporting Types
ConfigurationAggregatorAccountAggregationSource
- Account
Ids List<string> List of 12-digit account IDs of the account(s) being aggregated.
- All
Regions bool If true, aggregate existing AWS Config regions and future regions.
- Regions List<string>
List of source regions being aggregated.
- Account
Ids []string List of 12-digit account IDs of the account(s) being aggregated.
- All
Regions bool If true, aggregate existing AWS Config regions and future regions.
- Regions []string
List of source regions being aggregated.
- account
Ids string[] List of 12-digit account IDs of the account(s) being aggregated.
- all
Regions boolean If true, aggregate existing AWS Config regions and future regions.
- regions string[]
List of source regions being aggregated.
- account
Ids List[str] List of 12-digit account IDs of the account(s) being aggregated.
- all
Regions bool If true, aggregate existing AWS Config regions and future regions.
- regions List[str]
List of source regions being aggregated.
ConfigurationAggregatorOrganizationAggregationSource
- Role
Arn string ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.
- All
Regions bool If true, aggregate existing AWS Config regions and future regions.
- Regions List<string>
List of source regions being aggregated.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.