Manages status (recording / stopped) of an AWS Config Configuration Recorder.
resource "aws_config_configuration_recorder_status" "foo" {
name = aws_config_configuration_recorder.foo.name
is_enabled = true
depends_on = [aws_config_delivery_channel.foo]
}
resource "aws_iam_role_policy_attachment" "a" {
role = aws_iam_role.r.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
}
resource "aws_s3_bucket" "b" {
bucket = "awsconfig-example"
}
resource "aws_config_delivery_channel" "foo" {
name = "example"
s3_bucket_name = aws_s3_bucket.b.bucket
}
resource "aws_config_configuration_recorder" "foo" {
name = "example"
role_arn = aws_iam_role.r.arn
}
data "aws_iam_policy_document" "assume_role" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["config.amazonaws.com"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "r" {
name = "example-awsconfig"
assume_role_policy = data.aws_iam_policy_document.assume_role.json
}
data "aws_iam_policy_document" "p" {
statement {
effect = "Allow"
actions = ["s3:*"]
resources = [
aws_s3_bucket.b.arn,
"${aws_s3_bucket.b.arn}/*"
]
}
}
resource "aws_iam_role_policy" "p" {
name = "awsconfig-example"
role = aws_iam_role.r.id
policy = data.aws_iam_policy_document.p.json
}
This resource supports the following arguments:
name
- (Required) The name of the recorderis_enabled
- (Required) Whether the configuration recorder should be enabled or disabled.This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import Configuration Recorder Status using the name of the Configuration Recorder. For example:
import {
to = aws_config_configuration_recorder_status.foo
id = "example"
}
Using terraform import
, import Configuration Recorder Status using the name of the Configuration Recorder. For example:
% terraform import aws_config_configuration_recorder_status.foo example