AWS::Config::ConfigurationRecorder RecordingGroup - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Config::ConfigurationRecorder RecordingGroup

Specifies which Amazon resource types Amazon Config records for configuration changes. In the recording group, you specify whether you want to record all supported resource types or only specific types of resources.

By default, Amazon Config records the configuration changes for all supported types of regional resources that Amazon Config discovers in the region in which it is running. Regional resources are tied to a region and can be used only in that region. Examples of regional resources are EC2 instances and EBS volumes.

You can also have Amazon Config record supported types of global resources. Global resources are not tied to a specific region and can be used in all regions. The global resource types that Amazon Config supports include IAM users, groups, roles, and customer managed policies.

Important

Global resource types onboarded to Amazon Config recording after February 2022 will only be recorded in the service's home region for the commercial partition and Amazon GovCloud (US) West for the GovCloud partition. You can view the Configuration Items for these new global resource types only in their home region and Amazon GovCloud (US) West.

Supported global resource types onboarded before February 2022 such as AWS::IAM::Group, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User remain unchanged, and they will continue to deliver Configuration Items in all supported regions in Amazon Config. The change will only affect new global resource types onboarded after February 2022.

To record global resource types onboarded after February 2022, enable All Supported Resource Types in the home region of the global resource type you want to record.

If you don't want Amazon Config to record all resources, you can specify which types of resources it will record with the resourceTypes parameter.

For a list of supported resource types, see Supported Resource Types.

For more information and a table of the Home Regions for Global Resource Types Onboarded after February 2022, see Selecting Which Resources Amazon Config Records.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AllSupported" : Boolean,
  "IncludeGlobalResourceTypes" : Boolean,
  "ResourceTypes" : [ String, ... ]
}

YAML

  AllSupported: Boolean
  IncludeGlobalResourceTypes: Boolean
  ResourceTypes: 
    - String

Properties

AllSupported

Specifies whether Amazon Config records configuration changes for every supported type of regional resource.

If you set this option to true, when Amazon Config adds support for a new type of regional resource, it starts recording resources of that type automatically.

If you set this option to true, you cannot enumerate a list of resourceTypes.

Required: No

Type: Boolean

Update requires: No interruption

IncludeGlobalResourceTypes

Specifies whether Amazon Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.

Before you can set this option to true, you must set the AllSupported option to true.

If you set this option to true, when Amazon Config adds support for a new type of global resource, it starts recording resources of that type automatically.

The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing Amazon Config in only one region to record global resources.

Required: No

Type: Boolean

Update requires: No interruption

ResourceTypes

A comma-separated list that specifies the types of Amazon resources for which Amazon Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail).

To record all configuration changes, you must set the AllSupported option to false.

If you set the AllSupported option to false and populate the ResourceTypes option with values, when Amazon Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.

For a list of valid resourceTypes values, see the resourceType Value column in Supported Amazon Resource Types.

Required: No

Type: List of String

Update requires: No interruption