PutConfigurationRecorder
Creates or updates the customer managed configuration recorder.
You can use this operation to create a new customer managed configuration recorder or to update the roleARN
and the recordingGroup
for an existing customer managed configuration recorder.
To start the customer managed configuration recorder and begin recording configuration changes for the resource types you specify, use the StartConfigurationRecorder operation.
For more information, see Working with the Configuration Recorder in the AWS Config Developer Guide.
Note
One customer managed configuration recorder per account per Region
You can create only one customer managed configuration recorder for each account for each AWS Region.
Default is to record all supported resource types, excluding the global IAM resource types
If you have not specified values for the recordingGroup
field, the default for the customer managed configuration recorder is to record all supported resource
types, excluding the global IAM resource types: AWS::IAM::Group
, AWS::IAM::Policy
, AWS::IAM::Role
, and AWS::IAM::User
.
Tags are added at creation and cannot be updated
PutConfigurationRecorder
is an idempotent API. Subsequent requests won’t create a duplicate resource if one was already created. If a following request has different tags values,
AWS Config will ignore these differences and treat it as an idempotent request of the previous. In this case, tags will not be updated, even if they are different.
Use TagResource and UntagResource to update tags after creation.
Request Syntax
{
"ConfigurationRecorder": {
"arn": "string
",
"name": "string
",
"recordingGroup": {
"allSupported": boolean
,
"exclusionByResourceTypes": {
"resourceTypes": [ "string
" ]
},
"includeGlobalResourceTypes": boolean
,
"recordingStrategy": {
"useOnly": "string
"
},
"resourceTypes": [ "string
" ]
},
"recordingMode": {
"recordingFrequency": "string
",
"recordingModeOverrides": [
{
"description": "string
",
"recordingFrequency": "string
",
"resourceTypes": [ "string
" ]
}
]
},
"recordingScope": "string
",
"roleARN": "string
",
"servicePrincipal": "string
"
},
"Tags": [
{
"Key": "string
",
"Value": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ConfigurationRecorder
-
An object for the configuration recorder. A configuration recorder records configuration changes for the resource types in scope.
Type: ConfigurationRecorder object
Required: Yes
- Tags
-
The tags for the customer managed configuration recorder. Each tag consists of a key and an optional value, both of which you define.
Type: Array of Tag objects
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Required: No
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidConfigurationRecorderNameException
-
You have provided a name for the customer managed configuration recorder that is not valid.
HTTP Status Code: 400
- InvalidRecordingGroupException
-
One of the following errors:
-
You have provided a combination of parameter values that is not valid. For example:
-
Setting the
allSupported
field of RecordingGroup totrue
, but providing a non-empty list for theresourceTypes
field of RecordingGroup. -
Setting the
allSupported
field of RecordingGroup totrue
, but also setting theuseOnly
field of RecordingStrategy toEXCLUSION_BY_RESOURCE_TYPES
.
-
-
Every parameter is either null, false, or empty.
-
You have reached the limit of the number of resource types you can provide for the recording group.
-
You have provided resource types or a recording strategy that are not valid.
HTTP Status Code: 400
-
- InvalidRoleException
-
You have provided a null or empty Amazon Resource Name (ARN) for the IAM role assumed by AWS Config and used by the customer managed configuration recorder.
HTTP Status Code: 400
- MaxNumberOfConfigurationRecordersExceededException
-
You have reached the limit of the number of configuration recorders you can create.
HTTP Status Code: 400
- UnmodifiableEntityException
-
The requested operation is not valid.
For PutConfigurationRecorder, you will see this exception because you cannot use this operation to create a service-linked configuration recorder. Use the PutServiceLinkedConfigurationRecorder operation to create a service-linked configuration recorder.
For DeleteConfigurationRecorder, you will see this exception because you cannot use this operation to delete a service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.
For StartConfigurationRecorder and StopConfigurationRecorder, you will see this exception because these operations do not affect service-linked configuration recorders. Service-linked configuration recorders are always recording. To stop recording, you must delete the service-linked configuration recorder. Use the DeleteServiceLinkedConfigurationRecorder operation to delete a service-linked configuration recorder.
HTTP Status Code: 400
- ValidationException
-
The requested operation is not valid. You will see this exception if there are missing required fields or if the input value fails the validation.
For PutStoredQuery, one of the following errors:
-
There are missing required fields.
-
The input value fails the validation.
-
You are trying to create more than 300 queries.
For DescribeConfigurationRecorders and DescribeConfigurationRecorderStatus, one of the following errors:
-
You have specified more than one configuration recorder.
-
You have provided a service principal for service-linked configuration recorder that is not valid.
For AssociateResourceTypes and DisassociateResourceTypes, one of the following errors:
-
Your configuraiton recorder has a recording strategy that does not allow the association or disassociation of resource types.
-
One or more of the specified resource types are already associated or disassociated with the configuration recorder.
-
For service-linked configuration recorders, the configuration recorder does not record one or more of the specified resource types.
HTTP Status Code: 400
-
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: