PutConfigurationRecorder - AWS Config

PutConfigurationRecorder

Creates or updates the customer managed configuration recorder.

You can use this operation to create a new customer managed configuration recorder or to update the roleARN and the recordingGroup for an existing customer managed configuration recorder.

To start the customer managed configuration recorder and begin recording configuration changes for the resource types you specify, use the StartConfigurationRecorder operation.

For more information, see Working with the Configuration Recorder in the AWS Config Developer Guide.

Note

One customer managed configuration recorder per account per Region

You can create only one customer managed configuration recorder for each account for each AWS Region.

Default is to record all supported resource types, excluding the global IAM resource types

If you have not specified values for the recordingGroup field, the default for the customer managed configuration recorder is to record all supported resource types, excluding the global IAM resource types: AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, and AWS::IAM::User.

Tags are added at creation and cannot be updated

PutConfigurationRecorder is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values, AWS Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.

Use TagResource and UntagResource to update tags after creation.

Request Syntax

{ "ConfigurationRecorder": { "arn": "string", "name": "string", "recordingGroup": { "allSupported": boolean, "exclusionByResourceTypes": { "resourceTypes": [ "string" ] }, "includeGlobalResourceTypes": boolean, "recordingStrategy": { "useOnly": "string" }, "resourceTypes": [ "string" ] }, "recordingMode": { "recordingFrequency": "string", "recordingModeOverrides": [ { "description": "string", "recordingFrequency": "string", "resourceTypes": [ "string" ] } ] }, "recordingScope": "string", "roleARN": "string", "servicePrincipal": "string" }, "Tags": [ { "Key": "string", "Value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ConfigurationRecorder

An object for the configuration recorder. A configuration recorder records configuration changes for the resource types in scope.

Type: ConfigurationRecorder object

Required: Yes

Tags

The tags for the customer managed configuration recorder. Each tag consists of a key and an optional value, both of which you define.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidConfigurationRecorderNameException

You have provided a name for the customer managed configuration recorder that is not valid.

HTTP Status Code: 400

InvalidRecordingGroupException

One of the following errors:

  • You have provided a combination of parameter values that is not valid. For example:

  • Every parameter is either null, false, or empty.

  • You have reached the limit of the number of resource types you can provide for the recording group.

  • You have provided resource types or a recording strategy that are not valid.

HTTP Status Code: 400

InvalidRoleException

You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by AWS Config and used by the customer managed configuration recorder.

HTTP Status Code: 400

MaxNumberOfConfigurationRecordersExceededException

You have reached the limit of the number of configuration recorders you can create.

HTTP Status Code: 400

UnmodifiableEntityException

The requested operation is not valid.

For PutConfigurationRecorder, you will see this exception because you cannot use this operation to create a service-linked configuration recorder. Use the PutServiceLinkedConfigurationRecorder operation to create a service-linked configuration recorder.

For DeleteConfigurationRecorder, you will see this exception because you cannot use this operation to delete a service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.

For StartConfigurationRecorder and StopConfigurationRecorder, you will see this exception because these operations do not affect service-linked configuration recorders. Service-linked configuration recorders are always recording. To stop recording, you must delete the service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.

HTTP Status Code: 400

ValidationException

The requested operation is not valid. You will see this exception if there are missing required fields or if the input value fails the validation.

For PutStoredQuery, one of the following errors:

  • There are missing required fields.

  • The input value fails the validation.

  • You are trying to create more than 300 queries.

For DescribeConfigurationRecorders and DescribeConfigurationRecorderStatus, one of the following errors:

  • You have specified more than one configuration recorder.

  • You have provided a service principal for service-linked configuration recorder that is not valid.

For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:

  • Your configuraiton recorder has a recording strategy that does not allow the association or disassociation of resource types.

  • One or more of the specified resource types are already associated or disassociated with the configuration recorder.

  • For service-linked configuration recorders, the configuration recorder does not record one or more of the specified resource types.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: