- 最新
- 最多得票
- 最多評論
Hi!
So after a 3 days suddenly everything is populated! we only have 5 accounts so really wasnt expecting it to take that long! but it is now fully working.. So good note to wait a week if you aggregator builds and doesnt generate errors!
Would have been good to have tested if the aws cli gave some helpful feedback on it, while it was connecting..
Thanks for the support options
Hello!
Here it is a troubleshooting documentation that can help you with this issue: https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data-troubleshooting.html
For this specific case, we can consider a couple of the following checks:
- First of all. Is AWS Config enabled in the source accounts within your organization?
- Have you enable trusted access in the organization? [1][2]
- Are "all features" enabled in the organization? [3]
References: [1] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_how-to-enable-disable-trusted-access [2] https://docs.aws.amazon.com/cli/latest/reference/organizations/enable-aws-service-access.html [3] https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html
Another useful check would be to determine if your organization is being governed by Control Tower. If this is the case; instead of using AWSConfigRoleForOrganizations, you must use AWSControlTowerConfigAggregatorRoleForOrganizations role.
Besides that I will recommend to use this aws cli command for troubleshooting: https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-aggregator-sources-status.html
Using the cli would be something like this:
aws configservice describe-configuration-aggregator-sources-status --configuration-aggregator-name <YOUR-AGREGGATOR-NAME>
If everything is working fine, Last Update Status field mus be shown in this way: "LastUpdateStatus": "SUCCEEDED"
I would recommend to share the output of this command, to figure out, why your aggregator is not retrieving data.
相關內容
- 已提問 1 年前
AWS 官方已更新 3 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
Hi,
sorry should have clarified those.
All accounts are built via terraform and have config enabled (We use it for other things and this is all working) the org is built via:
which i think gives me a yes to configuring all 3 of those
Another useful check would be to determine if your organization is being governed by Control Tower. If this is the case; instead of using AWSConfigRoleForOrganizations, you must use AWSControlTowerConfigAggregatorRoleForOrganizations role.
Besides that I will recommend to use this aws cli command for troubleshooting: https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-aggregator-sources-status.html
Using the cli would be something like this:
If everything is working fine, Last Update Status field mus be shown in this way:
"LastUpdateStatus": "SUCCEEDED"I would recommend to share the output of this command, to figure out, why your aggregator is not retrieving data.