Fetch Configuration Data from Multiple AWS Accounts using AWS Config Aggregator
Question
A large manufacturing firm uses AWS for its production environment consisting of a web application for internal users & an online sales application for external vendors.
For this, they are using EC2 instances in various regions.
Any unplanned changes to an EC2 instance with downtime can impact sales application drastically.
The CTO is looking for a consolidated dashboard for critical configuration changes made across multiple AWS accounts in the firm.
You are planning to use AWS Config Aggregator to meet this requirement.
Which of the following will be additional configuration required on Aggregator to fetch configuration data from all accounts?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - D.
AWS Config uses an aggregator to collect data from all accounts in various regions for multi-account multi-region data aggregation.
Accounts that are not part of AWS Organizations need to be individually added so that the Aggregator can be authorized to collect data from these accounts.
Option A is incorrect.
When individual accounts add to the aggregator, additional authorization is required to collect AWS Config configuration and compliance data.
Option B is incorrect as AWS Organizations are not required to be created for all accounts to get aggregated views in AWS Config.
If an AWS Organization is created for all these accounts, additional authorization to collect AWS Config configuration and compliance data is not required.
Option C is incorrect as AWS Organizations are not required to be created for all accounts to get aggregated views in AWS Config.
We can also specify multiple accounts individually in the aggregator to get an aggregated view in AWS config.
For more information on Authorization for Aggregator Accounts, refer to the following URL-
https://docs.aws.amazon.com/config/latest/developerguide/authorize-aggregator-account-console.htmlThe question is asking about the additional configuration required on AWS Config Aggregator to fetch configuration data from all AWS accounts in the firm. AWS Config Aggregator is a service that helps you collect and aggregate configuration and compliance data from multiple AWS accounts and regions.
Option A states that you can specify accounts and regions individually in the Aggregator to collect AWS Config configuration and compliance data without any authorization. This is not correct because each AWS account has its own set of credentials, and you need to authorize the Aggregator to access the data in each account.
Option B suggests creating an AWS Organization for all the accounts and authorizing an aggregator account to collect AWS Config configuration and compliance data. This is the correct answer because an AWS Organization allows you to manage multiple AWS accounts as a single entity, and you can use an aggregator account to access the configuration and compliance data in each account. This approach provides a centralized view of the compliance status across all accounts in the organization.
Option C states that you can create an AWS Organization for all the accounts so that the Aggregator can collect AWS Config configuration and compliance data without any authorization. This is not correct because you still need to authorize the aggregator account to access the data in each account.
Option D suggests specifying accounts and regions individually in Aggregator and authorizing the aggregator account to collect AWS Config configuration and compliance data. This approach is feasible but requires additional effort to manage each account individually.
In conclusion, the correct answer is Option B, which suggests creating an AWS Organization for all the accounts and authorizing an aggregator account to collect AWS Config configuration and compliance data.
