config:GetAggregateConfigRuleComplianceSummary

Read

config:GetAggregateConfigRuleComplianceSummary is a Read access-level action in the config service. Grants permission to return the number of compliant and noncompliant rules for one or more accounts and regions in an aggregator

Resource types

ARNs that config:GetAggregateConfigRuleComplianceSummary can be scoped to in an IAM policy.

arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}
ConfigurationAggregator

Condition keys

Keys you can use in the Condition block of a policy that grants config:GetAggregateConfigRuleComplianceSummary.

aws:ResourceTag/${TagKey} String

Filters access by tag-value associated with the resource

Example IAM policy

A minimal policy that allows config:GetAggregateConfigRuleComplianceSummary. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowConfigGetAggregateConfigRuleComplianceSummary",
      "Effect": "Allow",
      "Action": "config:GetAggregateConfigRuleComplianceSummary",
      "Resource": "*"
    }
  ]
}

Related actions in config

View all config actions →