AWS::Config::ConfigurationRecorder
The AWS::Config::ConfigurationRecorder
resource describes the AWS resource
types for which AWS Config records configuration changes. The configuration recorder
stores the
configurations of the supported resources in your account as configuration items.
Note
To enable AWS Config, you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see AWS::Config::DeliveryChannel.
AWS CloudFormation starts the recorder as soon as the delivery channel is available. To stop the recorder, delete the configuration recorder from your stack.
For more information, see Configuration Recorder in the AWS Config Developer Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Config::ConfigurationRecorder", "Properties" : { "
Name
" :String
, "RecordingGroup
" :Recording group
, "RoleARN
" :String
} }
YAML
Type: "AWS::Config::ConfigurationRecorder" Properties:
Name
:String
RecordingGroup
:Recording group
RoleARN
:String
Properties
Name
-
A name for the configuration recorder. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see Name Type.
Note
After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.
Required: No
Type: String
Update requires: Updates are not supported.
RecordingGroup
-
Indicates whether to record configurations for all supported resources or for a list of resource types. The resource types that you list must be supported by AWS Config.
Required: No
Type: AWS Config ConfigurationRecorder RecordingGroup
Update requires: No interruption
RoleARN
-
The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources. For more information, see Permissions for the IAM Role Assigned to AWS Config in the AWS Config Developer Guide.
Required: Yes
Type: String
Update requires: No interruption
Return Values
Ref
When you pass the logical ID of an AWS::Config::ConfigurationRecorder
resource to the intrinsic Ref
function, the function returns the configuration
recorder name, such as default
.
For more information about using the Ref
function, see Ref.
Example
The following example creates a configuration recorder for EC2 volumes.
JSON
"ConfigRecorder": { "Type": "AWS::Config::ConfigurationRecorder", "Properties": { "Name": "default", "RecordingGroup": { "ResourceTypes": ["AWS::EC2::Volume"] }, "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]} } }
YAML
ConfigRecorder: Type: "AWS::Config::ConfigurationRecorder" Properties: Name: default RecordingGroup: ResourceTypes: - "AWS::EC2::Volume" RoleARN: Fn::GetAtt: - ConfigRole - Arn