Config configuration aggregator should be using all regions for source
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | config |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The AWS Config configuration aggregator is not set to collect configuration data from all regions, leaving some regions unmonitored. This creates gaps in visibility over resource configurations.
Impact#
Resources deployed in regions not included by the aggregator will not be monitored, potentially allowing unauthorized or misconfigured assets to go undetected. This can lead to compliance failures and increase the risk of security incidents in unmonitored regions.
Resolution#
Set the aggregator to cover all regions