Skip to content

Resource: awsConfigConfigurationRecorder

Provides an AWS Config Configuration Recorder. Please note that this resource does not start the created recorder automatically.

\~> Note: Starting the Configuration Recorder requires a delivery channel (while delivery channel creation requires Configuration Recorder). This is why awsConfigConfigurationRecorderStatus is a separate resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentAssumeRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "assume_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          effect: "Allow",
          principals: [
            {
              identifiers: ["config.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const awsIamRoleR = new aws.iamRole.IamRole(this, "r", {
  assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
  name: "awsconfig-example",
});
new aws.configConfigurationRecorder.ConfigConfigurationRecorder(this, "foo", {
  name: "example",
  roleArn: awsIamRoleR.arn,
});

Argument Reference

The following arguments are supported:

  • name - (Optional) The name of the recorder. Defaults to default. Changing it recreates the resource.
  • roleArn - (Required) Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See AWS Docs for more details.
  • recordingGroup - (Optional) Recording group - see below.

recordingGroup

  • allSupported - (Optional) Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with resourceTypes. Defaults to true.
  • includeGlobalResourceTypes - (Optional) Specifies whether AWS Config includes all supported types of global resources with the resources that it records. Requires allSupported =True. Conflicts with resourceTypes.
  • resourceTypes - (Optional) A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, aws::ec2::instance or aws::cloudTrail::trail). See relevant part of AWS Docs for available types. In order to use this attribute, allSupported must be set to false.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Name of the recorder

Import

Configuration Recorder can be imported using the name, e.g.,

$ terraform import aws_config_configuration_recorder.foo example