Skip to content
Alchemy
GitHubXDiscord

ConfigurationRecorder

The ConfigurationRecorder resource allows you to manage AWS Config ConfigurationRecorders that track changes to your AWS resources and record their configuration history.

Minimal Example

Section titled “Minimal Example”

Create a basic ConfigurationRecorder with the required properties and one optional property.

import AWS from "alchemy/aws/control";


const basicConfigurationRecorder = await AWS.Config.ConfigurationRecorder("basicRecorder", {
  RoleARN: "arn:aws:iam::123456789012:role/aws-config-role",
  Name: "BasicConfigRecorder",
  RecordingGroup: {
    AllSupported: true,
    IncludeGlobalResourceTypes: true
  }
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a ConfigurationRecorder with a specific recording mode and additional settings.

const advancedConfigurationRecorder = await AWS.Config.ConfigurationRecorder("advancedRecorder", {
  RoleARN: "arn:aws:iam::123456789012:role/aws-config-role",
  Name: "AdvancedConfigRecorder",
  RecordingMode: "Continuous",
  RecordingGroup: {
    AllSupported: true,
    IncludeGlobalResourceTypes: false,
    ResourceTypes: [
      "AWS::EC2::Instance",
      "AWS::S3::Bucket"
    ]
  }
});

Resource Adoption

Section titled “Resource Adoption”

Create a ConfigurationRecorder while adopting an existing resource if it already exists.

const adoptConfigurationRecorder = await AWS.Config.ConfigurationRecorder("adoptedRecorder", {
  RoleARN: "arn:aws:iam::123456789012:role/aws-config-role",
  Name: "AdoptedConfigRecorder",
  adopt: true,
  RecordingGroup: {
    AllSupported: false,
    ResourceTypes: [
      "AWS::Lambda::Function"
    ]
  }
});

IAM Role Policy Example

Section titled “IAM Role Policy Example”

Define an IAM role policy for the ConfigurationRecorder with permissions to access AWS resources.

const iamRolePolicy = {
  Version: "2012-10-17",
  Statement: [
    {
      Effect: "Allow",
      Action: [
        "config:PutConfigurationRecorder",
        "config:StartConfigurationRecorder",
        "config:StopConfigurationRecorder"
      ],
      Resource: "*"
    },
    {
      Effect: "Allow",
      Action: [
        "s3:GetObject",
        "s3:PutObject"
      ],
      Resource: "arn:aws:s3:::my-config-bucket/*"
    }
  ]
};


// Create a role with the above policy (example usage)