AWS085 - Config configuration aggregator should be using all regions for source

Explanation

The configuration aggregator should be configured with all_regions for the source.

This will help limit the risk of any unmonitored configuration in regions that are thought to be unused.

Insecure Example

The following example will fail the AWS085 check.

resource "aws_config_configuration_aggregator" "bad_example" {
	name = "example"
	  
	account_aggregation_source {
	  account_ids = ["123456789012"]
	  regions     = ["us-west-2", "eu-west-1"]
	}
}

Secure Example

The following example will pass the AWS085 check.

resource "aws_config_configuration_aggregator" "good_example" {
	name = "example"
	  
	account_aggregation_source {
	  account_ids = ["123456789012"]
	  all_regions = true
	}
}