AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::Config::ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.


To enable AWS Config, you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see AWS::Config::DeliveryChannel.

AWS CloudFormation starts the recorder as soon as the delivery channel is available. To stop the recorder, delete the configuration recorder from your stack.

For more information, see Configuration Recorder in the AWS Config Developer Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::Config::ConfigurationRecorder", "Properties" : { "Name" : String, "RecordingGroup" : Recording group, "RoleARN" : String } }


Type: AWS::Config::ConfigurationRecorder Properties: Name: String RecordingGroup: Recording group RoleARN: String



A name for the configuration recorder. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see Name Type.


After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.

Required: No

Type: String

Update requires: Updates are not supported.


Indicates whether to record configurations for all supported resources or for a list of resource types. The resource types that you list must be supported by AWS Config.

Required: No

Type: AWS Config ConfigurationRecorder RecordingGroup

Update requires: No interruption


The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources. For more information, see Permissions for the IAM Role Assigned to AWS Config in the AWS Config Developer Guide.

Required: Yes

Type: String

Update requires: No interruption

Return Values


When you pass the logical ID of an AWS::Config::ConfigurationRecorder resource to the intrinsic Ref function, the function returns the configuration recorder name, such as default.

For more information about using the Ref function, see Ref.


The following example creates a configuration recorder for EC2 volumes.


"ConfigRecorder": { "Type": "AWS::Config::ConfigurationRecorder", "Properties": { "Name": "default", "RecordingGroup": { "ResourceTypes": ["AWS::EC2::Volume"] }, "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]} } }


ConfigRecorder: Type: AWS::Config::ConfigurationRecorder Properties: Name: default RecordingGroup: ResourceTypes: - "AWS::EC2::Volume" RoleARN: Fn::GetAtt: - ConfigRole - Arn