PutConfigurationAggregator
Creates and updates the configuration aggregator with the selected source accounts and regions. The source account can be individual account(s) or an organization.
accountIds
that are passed will be replaced with existing accounts.
If you want to add additional accounts into the aggregator, call DescribeConfigurationAggregators
to get the previous accounts and then append new ones.
Note
AWS Config should be enabled in source accounts and regions you want to aggregate.
If your source type is an organization, you must be signed in to the management account or a registered delegated administrator and all the features must be enabled in your organization.
If the caller is a management account, AWS Config calls EnableAwsServiceAccess
API to enable integration between AWS Config and AWS Organizations.
If the caller is a registered delegated administrator, AWS Config calls ListDelegatedAdministrators
API to verify whether the caller is a valid delegated administrator.
To register a delegated administrator, see Register a Delegated Administrator in the AWS Config developer guide.
Note
Tags are added at creation and cannot be updated with this operation
PutConfigurationAggregator
is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags
values,
AWS Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags
will not be updated, even if they are different.
Use TagResource and UntagResource to update tags after creation.
Request Syntax
{
"AccountAggregationSources": [
{
"AccountIds": [ "string
" ],
"AllAwsRegions": boolean
,
"AwsRegions": [ "string
" ]
}
],
"AggregatorFilters": {
"ResourceType": {
"Type": "string
",
"Value": [ "string
" ]
},
"ServicePrincipal": {
"Type": "string
",
"Value": [ "string
" ]
}
},
"ConfigurationAggregatorName": "string
",
"OrganizationAggregationSource": {
"AllAwsRegions": boolean
,
"AwsRegions": [ "string
" ],
"RoleArn": "string
"
},
"Tags": [
{
"Key": "string
",
"Value": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AccountAggregationSources
-
A list of AccountAggregationSource object.
Type: Array of AccountAggregationSource objects
Array Members: Minimum number of 0 items. Maximum number of 1 item.
Required: No
- AggregatorFilters
-
An object to filter configuration recorders in an aggregator. Either
ResourceType
orServicePrincipal
is required.Type: AggregatorFilters object
Required: No
- ConfigurationAggregatorName
-
The name of the configuration aggregator.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern:
[\w\-]+
Required: Yes
- OrganizationAggregationSource
-
An OrganizationAggregationSource object.
Type: OrganizationAggregationSource object
Required: No
- Tags
-
An array of tag object.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Syntax
{
"ConfigurationAggregator": {
"AccountAggregationSources": [
{
"AccountIds": [ "string" ],
"AllAwsRegions": boolean,
"AwsRegions": [ "string" ]
}
],
"AggregatorFilters": {
"ResourceType": {
"Type": "string",
"Value": [ "string" ]
},
"ServicePrincipal": {
"Type": "string",
"Value": [ "string" ]
}
},
"ConfigurationAggregatorArn": "string",
"ConfigurationAggregatorName": "string",
"CreatedBy": "string",
"CreationTime": number,
"LastUpdatedTime": number,
"OrganizationAggregationSource": {
"AllAwsRegions": boolean,
"AwsRegions": [ "string" ],
"RoleArn": "string"
}
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ConfigurationAggregator
-
Returns a ConfigurationAggregator object.
Type: ConfigurationAggregator object
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidParameterValueException
-
One or more of the specified parameters are not valid. Verify that your parameters are valid and try again.
HTTP Status Code: 400
- InvalidRoleException
-
You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by AWS Config and used by the customer managed configuration recorder.
HTTP Status Code: 400
- LimitExceededException
-
For
PutServiceLinkedConfigurationRecorder
API, this exception is thrown if the number of service-linked roles in the account exceeds the limit.For
StartConfigRulesEvaluation
API, this exception is thrown if an evaluation is in progress or if you call the StartConfigRulesEvaluation API more than once per minute.For
PutConfigurationAggregator
API, this exception is thrown if the number of accounts and aggregators exceeds the limit.HTTP Status Code: 400
- NoAvailableOrganizationException
-
Organization is no longer available.
HTTP Status Code: 400
- OrganizationAccessDeniedException
-
For
PutConfigurationAggregator
API, you can see this exception for the following reasons:-
No permission to call
EnableAWSServiceAccess
API -
The configuration aggregator cannot be updated because your AWS Organization management account or the delegated administrator role changed. Delete this aggregator and create a new one with the current AWS Organization.
-
The configuration aggregator is associated with a previous AWS Organization and AWS Config cannot aggregate data with current AWS Organization. Delete this aggregator and create a new one with the current AWS Organization.
-
You are not a registered delegated administrator for AWS Config with permissions to call
ListDelegatedAdministrators
API. Ensure that the management account registers delagated administrator for AWS Config service principal name before the delegated administrator creates an aggregator.
For all
OrganizationConfigRule
andOrganizationConformancePack
APIs, AWS Config throws an exception if APIs are called from member accounts. All APIs must be called from organization management account.HTTP Status Code: 400
-
- OrganizationAllFeaturesNotEnabledException
-
AWS Config resource cannot be created because your organization does not have all features enabled.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: