This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::Config::ConfigurationAggregator
<a name="aws-resource-config-configurationaggregator"></a>

The details about the configuration aggregator, including information about source accounts, regions, and metadata of the aggregator. 

## Syntax
<a name="aws-resource-config-configurationaggregator-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-config-configurationaggregator-syntax.json"></a>

```
{
  "Type" : "AWS::Config::ConfigurationAggregator",
  "Properties" : {
      "[AccountAggregationSources](#cfn-config-configurationaggregator-accountaggregationsources)" : [ AccountAggregationSource, ... ],
      "[ConfigurationAggregatorName](#cfn-config-configurationaggregator-configurationaggregatorname)" : String,
      "[OrganizationAggregationSource](#cfn-config-configurationaggregator-organizationaggregationsource)" : OrganizationAggregationSource,
      "[Tags](#cfn-config-configurationaggregator-tags)" : [ Tag, ... ]
    }
}
```

### YAML
<a name="aws-resource-config-configurationaggregator-syntax.yaml"></a>

```
Type: AWS::Config::ConfigurationAggregator
Properties:
  [AccountAggregationSources](#cfn-config-configurationaggregator-accountaggregationsources): 
    - AccountAggregationSource
  [ConfigurationAggregatorName](#cfn-config-configurationaggregator-configurationaggregatorname): String
  [OrganizationAggregationSource](#cfn-config-configurationaggregator-organizationaggregationsource): 
    OrganizationAggregationSource
  [Tags](#cfn-config-configurationaggregator-tags): 
    - Tag
```

## Properties
<a name="aws-resource-config-configurationaggregator-properties"></a>

`AccountAggregationSources`  <a name="cfn-config-configurationaggregator-accountaggregationsources"></a>
Provides a list of source accounts and regions to be aggregated.  
*Required*: No  
*Type*: Array of [AccountAggregationSource](aws-properties-config-configurationaggregator-accountaggregationsource.md)  
*Minimum*: `0`  
*Maximum*: `1`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`ConfigurationAggregatorName`  <a name="cfn-config-configurationaggregator-configurationaggregatorname"></a>
The name of the aggregator.  
*Required*: No  
*Type*: String  
*Pattern*: `[\w\-]+`  
*Minimum*: `1`  
*Maximum*: `256`  
*Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`OrganizationAggregationSource`  <a name="cfn-config-configurationaggregator-organizationaggregationsource"></a>
Provides an organization and list of regions to be aggregated.  
*Required*: No  
*Type*: [OrganizationAggregationSource](aws-properties-config-configurationaggregator-organizationaggregationsource.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Tags`  <a name="cfn-config-configurationaggregator-tags"></a>
An array of tag object.  
*Required*: No  
*Type*: Array of [Tag](aws-properties-config-configurationaggregator-tag.md)  
*Maximum*: `50`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-config-configurationaggregator-return-values"></a>

### Ref
<a name="aws-resource-config-configurationaggregator-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ConfigurationAggregatorName, such as `myConfigurationAggregator`. 

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-config-configurationaggregator-return-values-fn--getatt"></a>

#### 
<a name="aws-resource-config-configurationaggregator-return-values-fn--getatt-fn--getatt"></a>

`ConfigurationAggregatorArn`  <a name="ConfigurationAggregatorArn-fn::getatt"></a>
The Amazon Resource Name (ARN) of the aggregator.

## Examples
<a name="aws-resource-config-configurationaggregator--examples"></a>



**Topics**
+ [Configuration Aggregator With Multiple Accounts Multiple Regions](#aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_With_Multiple_Accounts_Multiple_Regions)
+ [Configuration Aggregator for an Organization](#aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_for_an_Organization)

### Configuration Aggregator With Multiple Accounts Multiple Regions
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_With_Multiple_Accounts_Multiple_Regions"></a>

The following example creates a `ConfigurationAggregator`.

#### JSON
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_With_Multiple_Accounts_Multiple_Regions--json"></a>

```
"ConfigurationAggregator": {
    "Type": "AWS::Config::ConfigurationAggregator",
    "Properties": {
      "AccountAggregationSources": [
        {
          "AccountIds": [
            "123456789012",
            "987654321012"
          ],
          "AwsRegions": [
            "us-west-2",
            "us-east-1"
          ],
          "AllAwsRegions": false
        }
      ],
      "ConfigurationAggregatorName": "MyConfigurationAggregator"
    }
  }
```

#### YAML
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_With_Multiple_Accounts_Multiple_Regions--yaml"></a>

```
ConfigurationAggregator:
  Type: 'AWS::Config::ConfigurationAggregator'
  Properties:
    AccountAggregationSources:
      - AccountIds:
          - '123456789012'
          - '987654321012'
        AwsRegions:
          - us-west-2
          - us-east-1
        AllAwsRegions: false
    ConfigurationAggregatorName: MyConfigurationAggregator
```

### Configuration Aggregator for an Organization
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_for_an_Organization"></a>

The following example creates a `ConfigurationAggregator` for an organization.

 **Considerations** 
+ The aggregator account must be the management account or a delegated administrator account in the organization
+ AWS Config must be enabled with proper service access in the organization
+ The role must have proper permissions to call AWS Organizations APIs

#### JSON
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_for_an_Organization--json"></a>

```
"ConfigurationAggregator": {
    "Type": "AWS::Config::ConfigurationAggregator",
    "Properties": {
        "OrganizationAggregationSource": {
            "RoleArn": { "Fn::GetAtt" : [ "MyRole", "Arn" ] },
            "AwsRegions": [
                "us-west-2",
                "us-east-1"
            ],
            "AllAwsRegions": false
        },
        "ConfigurationAggregatorName": "MyConfigurationAggregator"
    }
}
    
"MyRole": {
    "Type": "AWS::IAM::Role",
    "Properties": {
        "ManagedPolicyArns": [
            "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"
        ],
        "Path": "/service-role/",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",		 	 	 
            "Statement": [ 
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "config.amazonaws.com"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        },
        "Policies": [
            {
                "PolicyName": "OrganizationAccess",
                "PolicyDocument": {
                    "Version": "2012-10-17",		 	 	 
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": [
                                "organizations:DescribeOrganization",
                                "organizations:ListAWSServiceAccessForOrganization",
                                "organizations:ListAccounts"
                            ],
                            "Resource": "*"
                        }
                    ]
                }
            }
        ]
    }
}
```

#### YAML
<a name="aws-resource-config-configurationaggregator--examples--Configuration_Aggregator_for_an_Organization--yaml"></a>

```
ConfigurationAggregator:
    Type: 'AWS::Config::ConfigurationAggregator'
    Properties:
        OrganizationAggregationSource:
            RoleArn: !GetAtt MyRole.Arn
            AwsRegions:
                - us-west-2
                - us-east-1
            AllAwsRegions: false
        ConfigurationAggregatorName: MyConfigurationAggregator
              
MyRole:
    Type: AWS::IAM::Role
    Properties: 
        ManagedPolicyArns: 
            - arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations
        Path: "/service-role/"
        AssumeRolePolicyDocument:
            Version: "2012-10-17"		 	 	 
            Statement:
              - Effect: Allow
                Principal:
                    Service:
                        - config.amazonaws.com
                Action:
                    - 'sts:AssumeRole'
        Policies:
            - PolicyName: OrganizationAccess
              PolicyDocument:
                Version: "2012-10-17"		 	 	 
                Statement:
                    - Effect: Allow
                      Action:
                        - organizations:DescribeOrganization
                        - organizations:ListAWSServiceAccessForOrganization
                        - organizations:ListAccounts
                      Resource: "*"
```

# AWS::Config::ConfigurationAggregator AccountAggregationSource
<a name="aws-properties-config-configurationaggregator-accountaggregationsource"></a>

A collection of accounts and regions.

## Syntax
<a name="aws-properties-config-configurationaggregator-accountaggregationsource-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-config-configurationaggregator-accountaggregationsource-syntax.json"></a>

```
{
  "[AccountIds](#cfn-config-configurationaggregator-accountaggregationsource-accountids)" : [ String, ... ],
  "[AllAwsRegions](#cfn-config-configurationaggregator-accountaggregationsource-allawsregions)" : Boolean,
  "[AwsRegions](#cfn-config-configurationaggregator-accountaggregationsource-awsregions)" : [ String, ... ]
}
```

### YAML
<a name="aws-properties-config-configurationaggregator-accountaggregationsource-syntax.yaml"></a>

```
  [AccountIds](#cfn-config-configurationaggregator-accountaggregationsource-accountids): 
    - String
  [AllAwsRegions](#cfn-config-configurationaggregator-accountaggregationsource-allawsregions): Boolean
  [AwsRegions](#cfn-config-configurationaggregator-accountaggregationsource-awsregions): 
    - String
```

## Properties
<a name="aws-properties-config-configurationaggregator-accountaggregationsource-properties"></a>

`AccountIds`  <a name="cfn-config-configurationaggregator-accountaggregationsource-accountids"></a>
The 12-digit account ID of the account being aggregated.   
*Required*: Yes  
*Type*: Array of String  
*Minimum*: `1`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AllAwsRegions`  <a name="cfn-config-configurationaggregator-accountaggregationsource-allawsregions"></a>
If true, aggregate existing AWS Config regions and future regions.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AwsRegions`  <a name="cfn-config-configurationaggregator-accountaggregationsource-awsregions"></a>
The source regions being aggregated.  
*Required*: No  
*Type*: Array of String  
*Minimum*: `1`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::Config::ConfigurationAggregator OrganizationAggregationSource
<a name="aws-properties-config-configurationaggregator-organizationaggregationsource"></a>

This object contains regions to set up the aggregator and an IAM role to retrieve organization details.

## Syntax
<a name="aws-properties-config-configurationaggregator-organizationaggregationsource-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-config-configurationaggregator-organizationaggregationsource-syntax.json"></a>

```
{
  "[AllAwsRegions](#cfn-config-configurationaggregator-organizationaggregationsource-allawsregions)" : Boolean,
  "[AwsRegions](#cfn-config-configurationaggregator-organizationaggregationsource-awsregions)" : [ String, ... ],
  "[RoleArn](#cfn-config-configurationaggregator-organizationaggregationsource-rolearn)" : String
}
```

### YAML
<a name="aws-properties-config-configurationaggregator-organizationaggregationsource-syntax.yaml"></a>

```
  [AllAwsRegions](#cfn-config-configurationaggregator-organizationaggregationsource-allawsregions): Boolean
  [AwsRegions](#cfn-config-configurationaggregator-organizationaggregationsource-awsregions): 
    - String
  [RoleArn](#cfn-config-configurationaggregator-organizationaggregationsource-rolearn): String
```

## Properties
<a name="aws-properties-config-configurationaggregator-organizationaggregationsource-properties"></a>

`AllAwsRegions`  <a name="cfn-config-configurationaggregator-organizationaggregationsource-allawsregions"></a>
If true, aggregate existing AWS Config regions and future regions.  
*Required*: No  
*Type*: Boolean  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AwsRegions`  <a name="cfn-config-configurationaggregator-organizationaggregationsource-awsregions"></a>
The source regions being aggregated.  
*Required*: No  
*Type*: Array of String  
*Minimum*: `1`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`RoleArn`  <a name="cfn-config-configurationaggregator-organizationaggregationsource-rolearn"></a>
ARN of the IAM role used to retrieve AWS Organizations details associated with the aggregator account.  
*Required*: Yes  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::Config::ConfigurationAggregator Tag
<a name="aws-properties-config-configurationaggregator-tag"></a>

The tags for the resource. The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

## Syntax
<a name="aws-properties-config-configurationaggregator-tag-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-config-configurationaggregator-tag-syntax.json"></a>

```
{
  "[Key](#cfn-config-configurationaggregator-tag-key)" : String,
  "[Value](#cfn-config-configurationaggregator-tag-value)" : String
}
```

### YAML
<a name="aws-properties-config-configurationaggregator-tag-syntax.yaml"></a>

```
  [Key](#cfn-config-configurationaggregator-tag-key): String
  [Value](#cfn-config-configurationaggregator-tag-value): String
```

## Properties
<a name="aws-properties-config-configurationaggregator-tag-properties"></a>

`Key`  <a name="cfn-config-configurationaggregator-tag-key"></a>
One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.  
*Required*: Yes  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `128`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Value`  <a name="cfn-config-configurationaggregator-tag-value"></a>
The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).  
*Required*: Yes  
*Type*: String  
*Minimum*: `0`  
*Maximum*: `256`  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)