- Enabling AWS Config Trusted Service using PowerShell
As part of a series of posts regarding enabling AWS Config for your AWS Organisation, this post looks at how we can Enable the AWS Config Trusted Service for our Organisation. Enabling this service gives us more control over what AWS Config can access by using the Service Linked Role which will be covered in a future post.
We could just click the ‘Enable Access’ button under our Organization Settings, but this series of posts will go on to detail additional steps to enable Delivery Channels, Configurations Recorders and SNS topics with subscriptions, and if you have an Organization with many accounts, that is a lot of Clicking.
To be able to connect to our AWS Organization using PowerShell we will need two things
The following code queries the AWS Organisation Services, iterates through the list checking for ‘config.amazonaws.com’ and if it is not found it enables the Trusted Service.
# Enable AWS Config for our Organization
$awsconfig = $false
$organization = Get-ORGAWSServiceAccessForOrganization -Region eu-west-1 -ProfileName carpodiem
If($organization.ServicePrincipal.Count -gt 0){
Foreach($serviceprincipal in $organization.ServicePrincipal){
If ($serviceprincipal -eq 'config.amazonaws.com'){
$awsconfig = $true
}
}
}
If($awsconfig -eq $false){
Enable-ORGAWSServiceAccess -ServicePrincipal 'config.amazonaws.com' -Region eu-west-1 -ProfileName carpodiem
}