aws.config
Supported Platform
- aws
Description
AWS Config
The aws.config resource is used to assess the configuration of the AWS Config service. The resource provides the .recorders field which returns a list of aws.config.recorder resources representing all AWS Config recorders configured across all enabled regions, as well as the .rules field which returns a list of aws.config.rule resources representing all AWS Config rules configured across all enabled regions in the account.
Fields
| ID | TYPE | DESCRIPTION |
|---|---|---|
| recorders | []aws.config.recorder | list of configuration recorders for each region in the account |
| rules | []aws.config.rule | list of aws config rules |
Examples
Return a list of aws.config.rule resources representing AWS Config rules configured across all enabled regions and the value for specified fields
aws.config.rules {
arn
state
source
}
Return a list of AWS Config recorders configured across all enabled regions and the value for specified fields
aws.config.recorders {
name
roleArn
allSupported
includeGlobalResourceTypes
recording
lastStatus
region
}
Ensure AWS Config is enabled in all regions
aws.config.recorders.any(
allSupported == true && includeGlobalResourceTypes == true
);
aws.config.recorders
.where(allSupported == true && includeGlobalResourceTypes == true)
.all(recording == true && lastStatus == "SUCCESS");
References