Skip to content

Resource: awsConfigConfigurationRecorderStatus

Manages status (recording / stopped) of an AWS Config Configuration Recorder.

\~> Note: Starting Configuration Recorder requires a Delivery Channel to be present. Use of dependsOn (as shown below) is recommended to avoid race conditions.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketB = new aws.s3Bucket.S3Bucket(this, "b", {
  bucket: "awsconfig-example",
});
const dataAwsIamPolicyDocumentAssumeRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "assume_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          effect: "Allow",
          principals: [
            {
              identifiers: ["config.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const dataAwsIamPolicyDocumentP =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "p", {
    statement: [
      {
        actions: ["s3:*"],
        effect: "Allow",
        resources: [awsS3BucketB.arn, `\${${awsS3BucketB.arn}}/*`],
      },
    ],
  });
const awsConfigDeliveryChannelFoo =
  new aws.configDeliveryChannel.ConfigDeliveryChannel(this, "foo", {
    name: "example",
    s3BucketName: awsS3BucketB.bucket,
  });
const awsIamRoleR = new aws.iamRole.IamRole(this, "r", {
  assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
  name: "example-awsconfig",
});
const awsIamRolePolicyP = new aws.iamRolePolicy.IamRolePolicy(this, "p_5", {
  name: "awsconfig-example",
  policy: dataAwsIamPolicyDocumentP.json,
  role: awsIamRoleR.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyP.overrideLogicalId("p");
new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(this, "a", {
  policyArn: "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole",
  role: awsIamRoleR.name,
});
const awsConfigConfigurationRecorderFoo =
  new aws.configConfigurationRecorder.ConfigConfigurationRecorder(
    this,
    "foo_7",
    {
      name: "example",
      roleArn: awsIamRoleR.arn,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsConfigConfigurationRecorderFoo.overrideLogicalId("foo");
const awsConfigConfigurationRecorderStatusFoo =
  new aws.configConfigurationRecorderStatus.ConfigConfigurationRecorderStatus(
    this,
    "foo_8",
    {
      depends_on: [`\${${awsConfigDeliveryChannelFoo.fqn}}`],
      isEnabled: true,
      name: awsConfigConfigurationRecorderFoo.name,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsConfigConfigurationRecorderStatusFoo.overrideLogicalId("foo");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the recorder
  • isEnabled - (Required) Whether the configuration recorder should be enabled or disabled.

Attributes Reference

No additional attributes are exported.

Import

Configuration Recorder Status can be imported using the name of the Configuration Recorder, e.g.,

$ terraform import aws_config_configuration_recorder_status.foo example