Recorder
data class RecorderStatusArgs(val isEnabled: Output<Boolean>? = null, val name: Output<String>? = null) : ConvertibleToJava<RecorderStatusArgs>
Manages status (recording / stopped) of an AWS Config Configuration Recorder.
Note: Starting Configuration Recorder requires a Delivery Channel to be present. Use of
depends_on(as shown below) is recommended to avoid race conditions.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.cfg.DeliveryChannel;
import com.pulumi.aws.cfg.DeliveryChannelArgs;
import com.pulumi.aws.cfg.RecorderStatus;
import com.pulumi.aws.cfg.RecorderStatusArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.cfg.Recorder;
import com.pulumi.aws.cfg.RecorderArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bucketV2 = new BucketV2("bucketV2");
var fooDeliveryChannel = new DeliveryChannel("fooDeliveryChannel", DeliveryChannelArgs.builder()
.s3BucketName(bucketV2.bucket())
.build());
var fooRecorderStatus = new RecorderStatus("fooRecorderStatus", RecorderStatusArgs.builder()
.isEnabled(true)
.build(), CustomResourceOptions.builder()
.dependsOn(fooDeliveryChannel)
.build());
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("config.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var role = new Role("role", RoleArgs.builder()
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var rolePolicyAttachment = new RolePolicyAttachment("rolePolicyAttachment", RolePolicyAttachmentArgs.builder()
.role(role.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWS_ConfigRole")
.build());
var fooRecorder = new Recorder("fooRecorder", RecorderArgs.builder()
.roleArn(role.arn())
.build());
final var policyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("s3:*")
.resources(
bucketV2.arn(),
bucketV2.arn().applyValue(arn -> String.format("%s/*", arn)))
.build())
.build());
var rolePolicy = new RolePolicy("rolePolicy", RolePolicyArgs.builder()
.role(role.id())
.policy(policyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(policyDocument -> policyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
Import
Configuration Recorder Status can be imported using the name of the Configuration Recorder, e.g.,
$ pulumi import aws:cfg/recorderStatus:RecorderStatus foo exampleContent copied to clipboard