Overview

Configuration to enable AWS Config including support configuration such as S3 Buckets and Iam Roles as required. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Configuration Templates

Items
4
Size
1.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigurationRecorder:
    Type: 'AWS::Config::ConfigurationRecorder'
    Properties:
      RoleARN:
        'Fn::GetAtt':
          - IamRoleForAwsConfig
          - Arn
      RecordingGroup:
        AllSupported: true
        IncludeGlobalResourceTypes: true
  DeliveryChannel:
    Type: 'AWS::Config::DeliveryChannel'
    Properties:
      S3BucketName:
        Ref: S3BucketForAwsConfig
  S3BucketForAwsConfig:
    Type: 'AWS::S3::Bucket'
    Properties: {}
  IamRoleForAwsConfig:
    Type: 'AWS::IAM::Role'
    Properties:
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AWSConfigRole'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: ''
            Effect: Allow
            Principal:
              Service: config.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: allow-access-to-config-s3-bucket
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - 's3:PutObject'
                Resource:
                  - 'Fn::Join':
                      - ''
                      - - 'Fn::GetAtt':
                            - S3BucketForAwsConfig
                            - Arn
                        - /*
                Condition:
                  StringLike:
                    's3:x-amz-acl': bucket-owner-full-control
              - Effect: Allow
                Action:
                  - 's3:GetBucketAcl'
                Resource:
                  'Fn::GetAtt':
                    - S3BucketForAwsConfig
                    - Arn
Parameters: {}
Metadata: {}
Conditions: {}

Actions



* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: