AWS::Config::ConfigurationRecorder

The AWS::Config::ConfigurationRecorder resource describes the AWS resource types for which AWS Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

Note

To enable AWS Config, you must create a configuration recorder and a delivery channel. AWS Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see AWS::Config::DeliveryChannel.

AWS CloudFormation starts the recorder as soon as the delivery channel is available. To stop the recorder, delete the configuration recorder from your stack.

For more information, see Configuration Recorder in the AWS Config Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Config::ConfigurationRecorder",
  "Properties" : {
    "Name" : String,
    "RecordingGroup" : Recording group,
    "RoleARN" : String
  }
}

YAML


Type: AWS::Config::ConfigurationRecorder
Properties:
  Name: String
  RecordingGroup:
    Recording group
  RoleARN: String

Properties

Name

A name for the configuration recorder. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see Name Type.

Note

After you create a configuration recorder, you cannot rename it. If you don't want a name that AWS CloudFormation generates, specify a value for this property.

Required: No

Type: String

Update requires: Updates are not supported.

RecordingGroup

Indicates whether to record configurations for all supported resources or for a list of resource types. The resource types that you list must be supported by AWS Config.

Required: No

Type: AWS Config ConfigurationRecorder RecordingGroup

Update requires: No interruption

RoleARN

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported AWS resources. For more information, see Permissions for the IAM Role Assigned to AWS Config in the AWS Config Developer Guide.

Required: Yes

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of an AWS::Config::ConfigurationRecorder resource to the intrinsic Ref function, the function returns the configuration recorder name, such as default.

For more information about using the Ref function, see Ref.

Example

The following example creates a configuration recorder for EC2 volumes.

JSON


"ConfigRecorder": {
  "Type": "AWS::Config::ConfigurationRecorder",
  "Properties": {
    "Name": "default",
    "RecordingGroup": {
      "ResourceTypes": ["AWS::EC2::Volume"]
    },
    "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]}
  }
}

YAML


ConfigRecorder: 
  Type: AWS::Config::ConfigurationRecorder
  Properties: 
    Name: default
    RecordingGroup: 
      ResourceTypes: 
        - "AWS::EC2::Volume"
    RoleARN: 
      Fn::GetAtt: 
        - ConfigRole
        - Arn

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »