Today I learned that Advanced Query does not support all regions.
Tag: AWS Config
AWS Config Advance Queries against Aggregator sample
It is quite convenient to use the AWS Config advance queries against the aggregator, a simple use case is like - Find out which instances in which accounts have public IP address cross the organisation. Instead of writing a script to describe instances across all the accounts, we can just simply run the following query … Continue reading AWS Config Advance Queries against Aggregator sample
AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator
We recently noticed an interesting error in CloudTrail across multiple accounts: "errorMessage": "User: arn:aws:sts::123456789012:assumed-role/AwsConfigServiceRole/ConfigResourceCompositionSession is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::123456789012:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator because no identity-based policy allows the iam:CreateServiceLinkedRole action" According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator. The … Continue reading AWS Config service role is not authorized to perform: iam:CreateServiceLinkedRole for Global Accelerator