amazon-web-services aws-organizations aws-config

Is it possible to remediate AWS config rules from Centralized account?

If I do AWS config Multi account configuration and aggregate all the data to the centralized account.

Could I configure rules and create remediate actions from the centralized account ?

Does cross account remediation work for AWS config?

Solution

Does cross account remediation work for AWS config?

Its possible, but this is something that needs to be setup and is not provided out-of-the box. Such setup could involve:

a remediation lambda function in the master account.
IAM roles in member accounts that the lambda can assume.
SSM document created in the master account and shared with the member accounts.

An example of such architecture with CloudFormation templates and explanation is given in Manage custom AWS Config rules with remediation using conformance packs

Timeout when trying to retrieve EC2 instance-id metadata from within it
Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
Downloading an entire S3 bucket?
Unable to unzip .zip file on linux machine
Missing Authentication Token while accessing API Gateway?
AWS S3 Access Denied when open object URL in browser
AWS Lambda NodeJs unable to return response
How can I access my AWS MSK managed kafka queue from my local machine and EC2 instances in other regions
How to recreate EC2 instances of an autoscaling group with terraform?
AWS Cloudwatch Alarm Issue
AWS EC2 | using Rusoto SDK: Couldn't find AWS credentials
How to enable "Use for Hive table metadata" in "AWS Glue Data Catalog settings" using Terraform?
Determine if instance is a part of some AutoScaling Group in AWS
Difference bw "start_of_file" and "end_of_file" in AWS cloud agent configuration
not authorized to perform: ec2:DescribeInstances because no identity-based policy allows the ec2:DescribeInstances action
Environment specific ebextensions Beanstalk commands
Deleting records from a DynamoDB table where the TTL value has been set incorrectly
MySQL/Amazon RDS error: "you do not have SUPER privileges..."
Is EC2 t3.micro created by ECS cluster eligible for free tier?
Amazon Neptune OpenCypher - What is the cause for "Operation terminated (internal error)" when using SET after MERGE?
AWS SAM CLI cannot access Dynamo DB when function is invoked locally
EC2 instance connect : There was a problem setting up the instance connection
Wildcard filter in aws-nuke
Add advanced validation for AWS::Serverless::Api GET query params
Organizing AWS IAM permissions: limit of 10 policies?
AWS: S3 Bucket AWS You can't grant public access because Block public access settings are turned on for this account
failed calling webhook "vingress.elbv2.k8s.aws"
terraform tags for list variable not working
Amazon SES successfully forwarded emails but respond with 451 4.3.0 This message could not be delivered
Why should I use Amazon Kinesis and not SNS-SQS?