AWS CloudFormation
User Guide (Version )

AWS::Config::ConfigurationRecorder

The AWS::Config::ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

Note

To enable AWS Config, you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see AWS::Config::DeliveryChannel.

AWS CloudFormation starts the recorder as soon as the delivery channel is available. To stop the recorder, delete the configuration recorder from your stack. For more information, see Configuration Recorder in the AWS Config Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Config::ConfigurationRecorder", "Properties" : { "Name" : String, "RecordingGroup" : RecordingGroup, "RoleARN" : String } }

YAML

Type: AWS::Config::ConfigurationRecorder Properties: Name: String RecordingGroup: RecordingGroup RoleARN: String

Properties

Name

A name for the configuration recorder. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see Name Type.

Note

After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.

Updates are not supported.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: Replacement

RecordingGroup

Indicates whether to record configurations for all supported resources or for a list of resource types. The resource types that you list must be supported by AWS Config.

Required: No

Type: RecordingGroup

Update requires: No interruption

RoleARN

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources. For more information, see Permissions for the IAM Role Assigned to AWS Config in the AWS Config Developer Guide.

Required: Yes

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the configuration recorder name, such as default.

For more information about using the Ref function, see Ref.

Examples

Configuration Recorder

The following example creates a configuration recorder for EC2 volumes.

JSON

"ConfigRecorder": { "Type": "AWS::Config::ConfigurationRecorder", "Properties": { "Name": "default", "RecordingGroup": { "ResourceTypes": ["AWS::EC2::Volume"] }, "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]} } }

YAML

ConfigRecorder: Type: AWS::Config::ConfigurationRecorder Properties: Name: default RecordingGroup: ResourceTypes: - "AWS::EC2::Volume" RoleARN: Fn::GetAtt: - ConfigRole - Arn