Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Config >

Aggregate All Regions

HIGH
Source
Trivy
ID
AVD-AWS-0019
cloudformation terraform

Config configuration aggregator should be using all regions for source

Sources that aren’t covered by the aggregator are not include in the configuration. The configuration aggregator should be configured with all_regions for the source. This will help limit the risk of any unmonitored configuration in regions that are thought to be unused.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Set the aggregator to cover all regions

1
2
3
4
5
6
7

Resources:
  GoodExample:
    Type: AWS::Config::ConfigurationAggregator
    Properties:
      AccountAggregationSources:
        - AllAwsRegions: true
      ConfigurationAggregatorName: GoodAccountLevelAggregation

1
2
3
4
5
6
7

Resources:
  GoodExample:
    Type: AWS::Config::ConfigurationAggregator
    Properties:
      ConfigurationAggregatorName: GoodAccountLevelAggregation
      OrganizationAggregationSource:
        AllAwsRegions: true

Set the aggregator to cover all regions

1
2
3
4
5
6
7
8

resource "aws_config_configuration_aggregator" "good_example" {
  name = "example"

  account_aggregation_source {
    account_ids = ["123456789012"]
    all_regions = true
  }
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use