Resource: awsConfigDeliveryChannel
Provides an AWS Config Delivery Channel.
\~> Note: Delivery Channel requires a Configuration Recorder to be present. Use of dependsOn
(as shown below) is recommended to avoid race conditions.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketB = new aws.s3Bucket.S3Bucket(this, "b", {
bucket: "example-awsconfig",
forceDestroy: true,
});
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["config.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const dataAwsIamPolicyDocumentP =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "p", {
statement: [
{
actions: ["s3:*"],
effect: "Allow",
resources: [awsS3BucketB.arn, `\${${awsS3BucketB.arn}}/*`],
},
],
});
const awsIamRoleR = new aws.iamRole.IamRole(this, "r", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "awsconfig-example",
});
const awsIamRolePolicyP = new aws.iamRolePolicy.IamRolePolicy(this, "p_4", {
name: "awsconfig-example",
policy: dataAwsIamPolicyDocumentP.json,
role: awsIamRoleR.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyP.overrideLogicalId("p");
const awsConfigConfigurationRecorderFoo =
new aws.configConfigurationRecorder.ConfigConfigurationRecorder(this, "foo", {
name: "example",
roleArn: awsIamRoleR.arn,
});
const awsConfigDeliveryChannelFoo =
new aws.configDeliveryChannel.ConfigDeliveryChannel(this, "foo_6", {
depends_on: [`\${${awsConfigConfigurationRecorderFoo.fqn}}`],
name: "example",
s3BucketName: awsS3BucketB.bucket,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsConfigDeliveryChannelFoo.overrideLogicalId("foo");
Argument Reference
The following arguments are supported:
name
- (Optional) The name of the delivery channel. Defaults todefault
. Changing it recreates the resource.s3BucketName
- (Required) The name of the S3 bucket used to store the configuration history.s3KeyPrefix
- (Optional) The prefix for the specified S3 bucket.s3KmsKeyArn
- (Optional) The ARN of the AWS KMS key used to encrypt objects delivered by AWS Config. Must belong to the same Region as the destination S3 bucket.snsTopicArn
- (Optional) The ARN of the SNS topic that AWS Config delivers notifications to.snapshotDeliveryProperties
- (Optional) Options for how AWS Config delivers configuration snapshots. See below
snapshotDeliveryProperties
deliveryFrequency
- (Optional) - The frequency with which AWS Config recurringly delivers configuration snapshotsE.g.,oneHour
orthreeHours
. Valid values are listed here.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The name of the delivery channel.
Import
Delivery Channel can be imported using the name, e.g.,