The configuration aggregator should be configured with all_regions for the source.
This will help limit the risk of any unmonitored configuration in regions that are thought to be unused.
Sources that aren’t covered by the aggregator are not include in the configuration
Set the aggregator to cover all regions
The following example will fail the AVD-AWS-0019 check.
--- Resources: BadExample: Type: AWS::Config::ConfigurationAggregator Properties: ConfigurationAggregatorName: "BadAccountLevelAggregation"
The following example will pass the AVD-AWS-0019 check.
--- Resources: GoodExample: Type: AWS::Config::ConfigurationAggregator Properties: AccountAggregationSources: - AllAwsRegions: true ConfigurationAggregatorName: "GoodAccountLevelAggregation"