Class: Aws::ConfigService::Types::RecordingGroup

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-configservice/types.rb

Overview

Specifies which resource types Config records for configuration changes. By default, Config records configuration changes for all current and future supported resource types in the Amazon Web Services Region where you have enabled Config, excluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.

In the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types. For a list of supported resource types, see [Supported Resource Types] in the *Config developer guide*.

If you don’t want Config to record all current and future supported resource types (excluding the global IAM resource types), use one of the following recording strategies:

  1. **Record all current and future resource types with exclusions** (‘EXCLUSION_BY_RESOURCE_TYPES`), or

  2. **Record specific resource types** (‘INCLUSION_BY_RESOURCE_TYPES`).

If you use the recording strategy to **Record all current and future resource types** (‘ALL_SUPPORTED_RESOURCE_TYPES`), you can use the flag `includeGlobalResourceTypes` to include the global IAM resource types in your recording.

**Aurora global clusters are recorded in all enabled Regions**

The `AWS::RDS::GlobalCluster` resource type will be recorded in all

supported Config Regions where the configuration recorder is enabled.

If you do not want to record `AWS::RDS::GlobalCluster` in all enabled

Regions, use the ‘EXCLUSION_BY_RESOURCE_TYPES` or `INCLUSION_BY_RESOURCE_TYPES` recording strategy.

[1]: docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#all_supportedBoolean

Specifies whether Config records configuration changes for all supported resource types, excluding the global IAM resource types.

If you set this field to ‘true`, when Config adds support for a new resource type, Config starts recording resources of that type automatically.

If you set this field to ‘true`, you cannot enumerate specific resource types to record in the `resourceTypes` field of [RecordingGroup], or to exclude in the `resourceTypes` field of [ExclusionByResourceTypes].

<note markdown=“1”> **Region availability**

Check [Resource Coverage by Region Availability][3] to see if a

resource type is supported in the Amazon Web Services Region where you set up Config.

</note>

[1]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html [2]: docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html [3]: docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html

Returns:

  • (Boolean) 


7369
7370
7371
7372
7373
7374
7375
7376
7377
 
# File 'lib/aws-sdk-configservice/types.rb', line 7369

class RecordingGroup < Struct.new(
  :all_supported,
  :include_global_resource_types,
  :resource_types,
  :exclusion_by_resource_types,
  :recording_strategy)
  SENSITIVE = []
  include Aws::Structure
end

#exclusion_by_resource_typesTypes::ExclusionByResourceTypes

An object that specifies how Config excludes resource types from being recorded by the configuration recorder.

<note markdown=“1”> **Required fields**

To use this option, you must set the `useOnly` field of
RecordingStrategy][1

to ‘EXCLUSION_BY_RESOURCE_TYPES`.

</note>

[1]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html

Returns:



7369
7370
7371
7372
7373
7374
7375
7376
7377
 
# File 'lib/aws-sdk-configservice/types.rb', line 7369

class RecordingGroup < Struct.new(
  :all_supported,
  :include_global_resource_types,
  :resource_types,
  :exclusion_by_resource_types,
  :recording_strategy)
  SENSITIVE = []
  include Aws::Structure
end

#include_global_resource_typesBoolean

This option is a bundle which only applies to the global IAM resource types: IAM users, groups, roles, and customer managed policies. These global IAM resource types can only be recorded by Config in Regions where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:

  • Asia Pacific (Hyderabad)

  • Asia Pacific (Melbourne)

  • Canada West (Calgary)

  • Europe (Spain)

  • Europe (Zurich)

  • Israel (Tel Aviv)

  • Middle East (UAE)

**Aurora global clusters are recorded in all enabled Regions**

The `AWS::RDS::GlobalCluster` resource type will be recorded in all

supported Config Regions where the configuration recorder is enabled, even if ‘includeGlobalResourceTypes` is set`false`. The `includeGlobalResourceTypes` option is a bundle which only applies to IAM users, groups, roles, and customer managed policies.

If you do not want to record `AWS::RDS::GlobalCluster` in all

enabled Regions, use one of the following recording strategies:

1.  **Record all current and future resource types with

exclusions**

(`EXCLUSION_BY_RESOURCE_TYPES`), or

  1. **Record specific resource types** (‘INCLUSION_BY_RESOURCE_TYPES`).

For more information, see [Selecting Which Resources are

Recorded] in the *Config developer guide*.

**includeGlobalResourceTypes and the exclusion recording strategy**

The `includeGlobalResourceTypes` field has no impact on the

‘EXCLUSION_BY_RESOURCE_TYPES` recording strategy. This means that the global IAM resource types (IAM users, groups, roles, and customer managed policies) will not be automatically added as exclusions for `exclusionByResourceTypes` when `includeGlobalResourceTypes` is set to `false`.

The `includeGlobalResourceTypes` field should only be used to

modify the ‘AllSupported` field, as the default for the `AllSupported` field is to record configuration changes for all supported resource types excluding the global IAM resource types. To include the global IAM resource types when `AllSupported` is set to `true`, make sure to set `includeGlobalResourceTypes` to `true`.

To exclude the global IAM resource types for the

‘EXCLUSION_BY_RESOURCE_TYPES` recording strategy, you need to manually add them to the `resourceTypes` field of `exclusionByResourceTypes`.

<note markdown=“1”> **Required and optional fields**

Before you set this field to `true`, set the `allSupported` field of
RecordingGroup][2

to ‘true`. Optionally, you can set the `useOnly`

field of [RecordingStrategy] to ‘ALL_SUPPORTED_RESOURCE_TYPES`.

</note>

<note markdown=“1”> **Overriding fields**

If you set this field to `false` but list global IAM resource types

in the ‘resourceTypes` field of [RecordingGroup], Config will still record configuration changes for those specified resource types regardless of if you set the `includeGlobalResourceTypes` field to false.

If you do not want to record configuration changes to the global IAM

resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the ‘resourceTypes` field in addition to setting the `includeGlobalResourceTypes` field to false.

</note>

[1]: docs.aws.amazon.com/config/latest/developerguide/select-resources.html#select-resources-all [2]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html [3]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html

Returns:

  • (Boolean) 


7369
7370
7371
7372
7373
7374
7375
7376
7377
 
# File 'lib/aws-sdk-configservice/types.rb', line 7369

class RecordingGroup < Struct.new(
  :all_supported,
  :include_global_resource_types,
  :resource_types,
  :exclusion_by_resource_types,
  :recording_strategy)
  SENSITIVE = []
  include Aws::Structure
end

#recording_strategyTypes::RecordingStrategy

An object that specifies the recording strategy for the configuration recorder.

  • If you set the ‘useOnly` field of [RecordingStrategy] to `ALL_SUPPORTED_RESOURCE_TYPES`, Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of

    RecordingGroup][2

    to ‘true`. When Config adds support for a new

    resource type, Config automatically starts recording resources of that type.

  • If you set the ‘useOnly` field of [RecordingStrategy] to `INCLUSION_BY_RESOURCE_TYPES`, Config records configuration changes for only the resource types you specify in the `resourceTypes` field of [RecordingGroup].

  • If you set the ‘useOnly` field of [RecordingStrategy] to `EXCLUSION_BY_RESOURCE_TYPES`, Config records configuration changes for all supported resource types except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes].

<note markdown=“1”> **Required and optional fields**

The `recordingStrategy` field is optional when you set the

‘allSupported` field of [RecordingGroup] to `true`.

The `recordingStrategy` field is optional when you list resource

types in the ‘resourceTypes` field of [RecordingGroup].

The `recordingStrategy` field is required if you list resource types

to exclude from recording in the ‘resourceTypes` field of [ExclusionByResourceTypes].

</note>

<note markdown=“1”> **Overriding fields**

If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording

strategy, the ‘exclusionByResourceTypes` field will override other properties in the request.

For example, even if you set `includeGlobalResourceTypes` to false,

global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the ‘resourceTypes` field of `exclusionByResourceTypes`.

</note>

<note markdown=“1”> **Global resources types and the resource exclusion recording strategy**

By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES`

recording strategy, when Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Config starts recording resources of that type automatically.

Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster`

will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.

IAM users, groups, roles, and customer managed policies will be

recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:

* Asia Pacific (Hyderabad)

  • Asia Pacific (Melbourne)

  • Canada West (Calgary)

  • Europe (Spain)

  • Europe (Zurich)

  • Israel (Tel Aviv)

  • Middle East (UAE)

</note>

[1]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html [2]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html [3]: docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html

Returns:



7369
7370
7371
7372
7373
7374
7375
7376
7377
 
# File 'lib/aws-sdk-configservice/types.rb', line 7369

class RecordingGroup < Struct.new(
  :all_supported,
  :include_global_resource_types,
  :resource_types,
  :exclusion_by_resource_types,
  :recording_strategy)
  SENSITIVE = []
  include Aws::Structure
end

#resource_typesArray<String>

A comma-separated list that specifies which resource types Config records.

For a list of valid ‘resourceTypes` values, see the **Resource Type Value** column in [Supported Amazon Web Services resource Types] in the *Config developer guide*.

<note markdown=“1”> **Required and optional fields**

Optionally, you can set the `useOnly` field of
RecordingStrategy][2

to ‘INCLUSION_BY_RESOURCE_TYPES`.

To record all configuration changes, set the `allSupported` field of
RecordingGroup][3

to ‘true`, and either omit this field or don’t

specify any resource types in this field. If you set the ‘allSupported` field to `false` and specify values for `resourceTypes`, when Config adds support for a new type of resource, it will not record resources of that type unless you manually add that type to your recording group.

</note>

<note markdown=“1”> **Region availability**

Before specifying a resource type for Config to track, check
Resource Coverage by Region Availability][4

to see if the resource

type is supported in the Amazon Web Services Region where you set up Config. If a resource type is supported by Config in at least one Region, you can enable the recording of that resource type in all Regions supported by Config, even if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.

</note>

[1]: docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources [2]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html [3]: docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html [4]: docs.aws.amazon.com/config/latest/developerguide/what-is-resource-config-coverage.html

Returns:

  • (Array<String>) 


7369
7370
7371
7372
7373
7374
7375
7376
7377
 
# File 'lib/aws-sdk-configservice/types.rb', line 7369

class RecordingGroup < Struct.new(
  :all_supported,
  :include_global_resource_types,
  :resource_types,
  :exclusion_by_resource_types,
  :recording_strategy)
  SENSITIVE = []
  include Aws::Structure
end