diff --git a/changelogs/fragments/645-aws_config_aggregator-fix-update-and-idempotency.yml b/changelogs/fragments/645-aws_config_aggregator-fix-update-and-idempotency.yml
new file mode 100644
index 00000000000..ed091a75976
--- /dev/null
+++ b/changelogs/fragments/645-aws_config_aggregator-fix-update-and-idempotency.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - aws_config_aggregator - Fix idempotency when ``account_sources`` parameter is not specified (https://github.com/ansible-collections/community.aws/pull/645).
+  - aws_config_aggregator - Fix `KeyError` when updating existing aggregator (https://github.com/ansible-collections/community.aws/pull/645).
diff --git a/plugins/modules/aws_config_aggregator.py b/plugins/modules/aws_config_aggregator.py
index 393413c07b9..f46f11fcafa 100644
--- a/plugins/modules/aws_config_aggregator.py
+++ b/plugins/modules/aws_config_aggregator.py
@@ -126,22 +126,25 @@ def create_resource(client, module, params, result):
 
 
 def update_resource(client, module, params, result):
+    result['changed'] = False
+
     current_params = client.describe_configuration_aggregators(
         ConfigurationAggregatorNames=[params['ConfigurationAggregatorName']]
-    )
+    )['ConfigurationAggregators'][0]
 
-    del current_params['ConfigurationAggregatorArn']
-    del current_params['CreationTime']
-    del current_params['LastUpdatedTime']
+    if params['AccountAggregationSources'] != current_params.get('AccountAggregationSources', []):
+        result['changed'] = True
+
+    if params['OrganizationAggregationSource'] != current_params.get('OrganizationAggregationSource', {}):
+        result['changed'] = True
 
-    if params != current_params['ConfigurationAggregators'][0]:
+    if result['changed']:
         try:
             client.put_configuration_aggregator(
                 ConfigurationAggregatorName=params['ConfigurationAggregatorName'],
                 AccountAggregationSources=params['AccountAggregationSources'],
                 OrganizationAggregationSource=params['OrganizationAggregationSource']
             )
-            result['changed'] = True
             result['aggregator'] = camel_dict_to_snake_dict(resource_exists(client, module, params))
             return result
         except (botocore.exceptions.ClientError, botocore.exceptions.BotoCoreError) as e:
diff --git a/tests/integration/targets/aws_config/tasks/main.yaml b/tests/integration/targets/aws_config/tasks/main.yaml
index 686b4dc91aa..b4c1bf4ab3e 100644
--- a/tests/integration/targets/aws_config/tasks/main.yaml
+++ b/tests/integration/targets/aws_config/tasks/main.yaml
@@ -201,6 +201,36 @@
         that:
           - output.changed
 
+    - name: Create aws_config_aggregator
+      aws_config_aggregator:
+        name: random_name
+        state: present
+        account_sources: []
+        organization_source:
+          all_aws_regions: true
+          role_arn: "{{ config_iam_role.arn }}"
+      register: output
+
+    - name: assert success
+      assert:
+        that:
+           - output is changed
+
+    - name: Create aws_config_aggregator - idempotency
+      aws_config_aggregator:
+        name: random_name
+        state: present
+        account_sources: []
+        organization_source:
+          all_aws_regions: true
+          role_arn: "{{ config_iam_role.arn }}"
+      register: output
+
+    - name: assert not changed
+      assert:
+        that:
+           - output is not changed
+
     # ============================================================
     # Update testing
     # ============================================================
@@ -250,6 +280,40 @@
         that:
           - output.changed
 
+    - name: Update aws_config_aggregator
+      aws_config_aggregator:
+        name: random_name
+        state: present
+        account_sources: []
+        organization_source:
+          all_aws_regions: false
+          aws_regions:
+            - '{{ aws_region }}'
+          role_arn: "{{ config_iam_role.arn }}"
+      register: output
+
+    - name: assert success
+      assert:
+        that:
+           - output is changed
+
+    - name: Update aws_config_aggregator - idempotency
+      aws_config_aggregator:
+        name: random_name
+        state: present
+        account_sources: []
+        organization_source:
+          all_aws_regions: false
+          aws_regions:
+            - '{{ aws_region }}'
+          role_arn: "{{ config_iam_role.arn }}"
+      register: output
+
+    - name: assert success
+      assert:
+        that:
+           - output is not changed
+
     # ============================================================
     # Read testing
     # ============================================================
@@ -300,6 +364,14 @@
           - not output.changed
 
   always:
+
+    - name: delete aws_config_aggregator
+      aws_config_aggregator:
+        name: random_name
+        state: absent
+      register: output
+      ignore_errors: true
+
     # ============================================================
     # Destroy testing
     # ============================================================