config_recorder#

State module for managing Amazon Config Recorder.

async idem_aws.states.aws.config.config_recorder.present(hub, ctx, name: str, role_arn: str, recording_group: ConfigurationRecorder, resource_id: str = None) Dict[str, Any][source]#

Creates a new configuration recorder to record the selected resource configurations.

Parameters:

  • name (str) – The name of the recorder.

  • role_arn (str) – Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.

  • recording_group (dict[str, Any], Optional) –

    Specifies the types of Amazon Web Services resources for which Config records configuration changes.

    • allSupported (bool, Optional): Specifies whether Config records configuration changes for every supported type of regional resource.

      If you set this option to true, when Config adds support for a new type of regional resource, it starts recording resources of that type automatically.

      If you set this option to true, you cannot enumerate a list of resourceTypes.

    • includeGlobalResourceTypes (bool, Optional): Specifies whether Config includes all supported types of global resources (for example, IAM resources) with the resources that it records.

      Before you can set this option to true, you must set the allSupported option to true.

      If you set this option to true, when Config adds support for a new type of global resource, it starts recording resources of that type automatically.

      The configuration details for any global resource are the same in all regions. To prevent duplicate configuration items, you should consider customizing Config in only one region to record global resources.

    • resourceTypes (list[str], Optional): A comma-separated list that specifies the types of Amazon Web Services resources for which Config records configuration changes (for example, AWS::EC2::Instance or AWS::CloudTrail::Trail).

      To record all configuration changes, you must set the allSupported option to true.

      If you set this option to false, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.

      For a list of valid resourceTypes values, see the resourceType Value column in Supported Amazon Web Services resource Types.

  • resource_id (str, Optional) – The name of the recorder.

Request syntax:
[aws-config-recorder]:
  aws.config.config_recorder.present:
  - name: 'string'
  - resource_id: 'string'
  - role_arn: 'string'
  - recording_group: 'dict'
Returns:

Dict[str, Any]

Examples

aws-config-recorder:
  aws.config.config_recorder.present:
    - name: 'config_recorder'
    - resource_id: 'config_recorder'
    - role_arn: 'arn:aws:iam::012345678912:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig'
    - recording_group:
       allSupported: false
       includeGlobalResourceTypes: false
       resourceTypes:
       - "AWS::ApiGateway::Stage"
async idem_aws.states.aws.config.config_recorder.absent(hub, ctx, name: str, resource_id: str = None) Dict[str, Any][source]#

Deletes the configuration recorder.

After the configuration recorder is deleted, Config will not record resource configuration changes until you create a new configuration recorder.

Parameters:

  • name (str) – The name of the recorder.

  • resource_id (str, Optional) – AWS Config configuration recorder Name. Idem automatically considers this resource being absent if this field is not specified.

Returns:

Dict[str, Any]

Examples

aws-config-recorder:
  aws.config.config_recorder.absent:
    - name: 'config_recorder'
    - resource_id: 'config_recorder'
async idem_aws.states.aws.config.config_recorder.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Return details about your config recorder.

Returns:

Dict[str, Any]

Examples

$ idem describe aws.config.config_recorder