AWS::Config::ConfigurationRecorder - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Config::ConfigurationRecorder

The AWS::Config::ConfigurationRecorder resource describes the Amazon resource types for which Amazon Config records configuration changes. The configuration recorder stores the configurations of the supported resources in your account as configuration items.

Note

To enable Amazon Config, you must create a configuration recorder and a delivery channel. Amazon Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see AWS::Config::DeliveryChannel.

Amazon CloudFormation starts the recorder as soon as the delivery channel is available.

To stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the StopConfigurationRecorder action of the Amazon Config API directly.

For more information, see Configuration Recorder in the Amazon Config Developer Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Config::ConfigurationRecorder",
  "Properties" : {
      "Name" : String,
      "RecordingGroup" : RecordingGroup,
      "RoleARN" : String
    }
}

YAML

Type: AWS::Config::ConfigurationRecorder
Properties: 
  Name: String
  RecordingGroup: 
    RecordingGroup
  RoleARN: String

Properties

Name

A name for the configuration recorder. If you don't specify a name, Amazon CloudFormation CloudFormation generates a unique physical ID and uses that ID for the configuration recorder name. For more information, see Name Type.

Note

After you create a configuration recorder, you cannot rename it. If you don't want a name that Amazon CloudFormation generates, specify a value for this property.

Updates are not supported.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: Replacement

RecordingGroup

Indicates whether to record configurations for all supported resources or for a list of resource types. The resource types that you list must be supported by Amazon Config.

Required: No

Type: RecordingGroup

Update requires: No interruption

RoleARN

The Amazon Resource Name (ARN) of the IAM (IAM) role that is used to make read or write requests to the delivery channel that you specify and to get configuration details for supported Amazon resources. For more information, see Permissions for the IAM Role Assigned to Amazon Config in the Amazon Config Developer Guide.

Required: Yes

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the configuration recorder name, such as default.

For more information about using the Reffunction, see Ref.

Examples

Configuration Recorder

The following example creates a configuration recorder for EC2 volumes.

JSON

"ConfigRecorder": {
  "Type": "AWS::Config::ConfigurationRecorder",
  "Properties": {
    "Name": "default",
    "RecordingGroup": {
      "ResourceTypes": ["AWS::EC2::Volume"]
    },
    "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]}
  }
}

YAML

ConfigRecorder: 
  Type: AWS::Config::ConfigurationRecorder
  Properties: 
    Name: default
    RecordingGroup: 
      ResourceTypes: 
        - "AWS::EC2::Volume"
    RoleARN: 
      Fn::GetAtt: 
        - ConfigRole
        - Arn