Merge pull request #191 from rafaljanicki/main

Added support for config recording frequency
trussworks · Jun 27, 2024 · 13902af · 13902af
2 parents 0f03267 + 7b9e92d
commit 13902af
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -289,6 +289,8 @@ No modules.
 | config\_logs\_prefix | The S3 prefix for AWS Config logs. | `string` | `"config"` | no |
 | config\_max\_execution\_frequency | The maximum frequency with which AWS Config runs evaluations for a rule. | `string` | `"TwentyFour_Hours"` | no |
 | config\_name | The name of the AWS Config instance. | `string` | `"aws-config"` | no |
+| config\_recording\_frequency | Default recording frequency for the AWS Config | `string` | `"CONTINUOUS"` | no |
+| config\_recording\_frequency\_overrides | Specific overrides of the recording frequency for the AWS Config | ```set(object({ description = optional(string, null) resource_types = list(string) recording_frequency = string }))``` | `[]` | no |
 | config\_role\_permissions\_boundary | The ARN of the permissions boundary to apply to IAM roles created for AWS Config | `string` | `null` | no |
 | config\_sns\_topic\_arn | An SNS topic to stream configuration changes and notifications to. | `string` | `null` | no |
 | cw\_loggroup\_retention\_period | Retention period for cloudwatch logs in number of days | `number` | `3653` | no |

diff --git a/config-service.tf b/config-service.tf
@@ -37,4 +37,18 @@ resource "aws_config_configuration_recorder" "main" {
     include_global_resource_types = length(var.resource_types) == 0 ? var.include_global_resource_types : null
     resource_types                = length(var.resource_types) == 0 ? null : var.resource_types
   }
+
+  recording_mode {
+    recording_frequency = var.config_recording_frequency
+
+    dynamic "recording_mode_override" {
+      for_each = var.config_recording_frequency_overrides
+
+      content {
+        description         = recording_mode_override.value.description
+        resource_types      = recording_mode_override.value.resource_types
+        recording_frequency = recording_mode_override.value.recording_frequency
+      }
+    }
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -393,6 +393,22 @@ variable "config_name" {
   default     = "aws-config"
 }
 
+variable "config_recording_frequency" {
+  description = "Default recording frequency for the AWS Config"
+  type        = string
+  default     = "CONTINUOUS"
+}
+
+variable "config_recording_frequency_overrides" {
+  description = "Specific overrides of the recording frequency for the AWS Config"
+  type = set(object({
+    description         = optional(string, null)
+    resource_types      = list(string)
+    recording_frequency = string
+  }))
+  default = []
+}
+
 variable "config_role_permissions_boundary" {
   description = "The ARN of the permissions boundary to apply to IAM roles created for AWS Config"
   type        = string