AWS Organization Support

[bmurtagh]

Is there a roadmap item to add support for AWS Organizations? I'm battling through manually enabling and configuring AWS Config under an AWS Organizations setup and was hoping I could refer to the codebase to help confirm my IAM, etc. settings

[jongogogo]

If I understand well, you are trying to enable AWS Config across your AWS Organization.

The Engine (this project) enables AWS Config when you deploy application-account-initial-setup.yaml (it can be desactivated by setting to false the DeployAWSConfig parameter).

Another way you can enable AWS Config: use AWS CloudFormation StackSets. There is a template in the AWS Console that allows you to enable AWS Config in all AWS Accounts and Regions, across AWS Organizations OU: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html

[bmurtagh]

Hi @jongogogo -- Thank you for the reply. Just for my understanding, it is required to enable AWS Config under each account and not just the Master. IMO that wasn't clear to me in the AWS Config docs.

I have since configured the children accounts of the Organization to dump their scanned resources into the bucket I've defined in the Master and are now starting to see the resource count increase.

I definitely appreciate the scripts you've developed to help roll this out

[jongogogo]

Correct, there is no feature to enable AWS Config across all AWS Accounts/Regions. Glad you made it!