This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::Config::ConfigurationRecorder
<a name="aws-resource-config-configurationrecorder"></a>

The `AWS::Config::ConfigurationRecorder` resource type describes the Amazon resource types that Amazon Config records for configuration changes.

The configuration recorder stores the configuration changes of the specified resources in your account as configuration items.

**Note**  
To enable Amazon Config, you must create a configuration recorder and a delivery channel.  
Amazon Config uses the delivery channel to deliver the configuration changes to your Amazon S3 bucket or Amazon SNS topic. For more information, see [AWS::Config::DeliveryChannel](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/aws-resource-config-deliverychannel.html).

Amazon CloudFormation starts the recorder as soon as the delivery channel is available.

To stop the recorder and delete it, delete the configuration recorder from your stack. To stop the recorder without deleting it, call the [StopConfigurationRecorder](https://docs.amazonaws.cn/config/latest/APIReference/API_StopConfigurationRecorder.html) action of the Amazon Config API directly.

For more information, see [Configuration Recorder](https://docs.amazonaws.cn/config/latest/developerguide/config-concepts.html#config-recorder) in the Amazon Config Developer Guide.

## Syntax
<a name="aws-resource-config-configurationrecorder-syntax"></a>

To declare this entity in your Amazon CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-config-configurationrecorder-syntax.json"></a>

```
{
  "Type" : "AWS::Config::ConfigurationRecorder",
  "Properties" : {
      "[Name](#cfn-config-configurationrecorder-name)" : String,
      "[RecordingGroup](#cfn-config-configurationrecorder-recordinggroup)" : RecordingGroup,
      "[RecordingMode](#cfn-config-configurationrecorder-recordingmode)" : RecordingMode,
      "[RoleARN](#cfn-config-configurationrecorder-rolearn)" : String
    }
}
```

### YAML
<a name="aws-resource-config-configurationrecorder-syntax.yaml"></a>

```
Type: AWS::Config::ConfigurationRecorder
Properties:
  [Name](#cfn-config-configurationrecorder-name): String
  [RecordingGroup](#cfn-config-configurationrecorder-recordinggroup): 
    RecordingGroup
  [RecordingMode](#cfn-config-configurationrecorder-recordingmode): 
    RecordingMode
  [RoleARN](#cfn-config-configurationrecorder-rolearn): String
```

## Properties
<a name="aws-resource-config-configurationrecorder-properties"></a>

`Name`  <a name="cfn-config-configurationrecorder-name"></a>
The name of the configuration recorder. Amazon Config automatically assigns the name of "default" when creating the configuration recorder.  
You cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.   
*Required*: No  
*Type*: String  
*Minimum*: `1`  
*Maximum*: `256`  
*Update requires*: [Replacement](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)

`RecordingGroup`  <a name="cfn-config-configurationrecorder-recordinggroup"></a>
Specifies which resource types Amazon Config records for configuration changes.  
 ** High Number of Amazon Config Evaluations**   
You may notice increased activity in your account during your initial month recording with Amazon Config when compared to subsequent months. During the initial bootstrapping process, Amazon Config runs evaluations on all the resources in your account that you have selected for Amazon Config to record.  
If you are running ephemeral workloads, you may see increased activity from Amazon Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Amazon Auto Scaling. If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with Amazon Config turned off to avoid increased configuration recording and rule evaluations.
*Required*: No  
*Type*: [RecordingGroup](aws-properties-config-configurationrecorder-recordinggroup.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`RecordingMode`  <a name="cfn-config-configurationrecorder-recordingmode"></a>
Specifies the default recording frequency for the configuration recorder. Amazon Config supports *Continuous recording* and *Daily recording*.  
+ Continuous recording allows you to record configuration changes continuously whenever a change occurs.
+ Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded. 
 **Some resource types require continuous recording**   
Amazon Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.
You can also override the recording frequency for specific resource types.  
*Required*: No  
*Type*: [RecordingMode](aws-properties-config-configurationrecorder-recordingmode.md)  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`RoleARN`  <a name="cfn-config-configurationrecorder-rolearn"></a>
Amazon Resource Name (ARN) of the IAM role assumed by Amazon Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.amazonaws.cn/config/latest/developerguide/iamrole-permissions.html) to Amazon Config in the Amazon Config Developer Guide.  
 **Pre-existing Amazon Config role**   
If you have used an Amazon service that uses Amazon Config, such as Amazon Security Hub CSPM or Amazon Control Tower, and an Amazon Config role has already been created, make sure that the IAM role that you use when setting up Amazon Config keeps the same minimum permissions as the already created Amazon Config role. You must do this so that the other Amazon service continues to run as expected.   
For example, if Amazon Control Tower has an IAM role that allows Amazon Config to read Amazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted within the IAM role you use when setting up Amazon Config. Otherwise, it may interfere with how Amazon Control Tower operates. For more information about IAM roles for Amazon Config, see [https://docs.amazonaws.cn/config/latest/developerguide/security-iam.html](https://docs.amazonaws.cn/config/latest/developerguide/security-iam.html) in the *Amazon Config Developer Guide*. 
*Required*: Yes  
*Type*: String  
*Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-config-configurationrecorder-return-values"></a>

### Ref
<a name="aws-resource-config-configurationrecorder-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the configuration recorder name, such as default.

For more information about using the `Ref` function, see [https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

### Fn::GetAtt
<a name="aws-resource-config-configurationrecorder-return-values-fn--getatt"></a>

## Examples
<a name="aws-resource-config-configurationrecorder--examples"></a>



### Configuration Recorder
<a name="aws-resource-config-configurationrecorder--examples--Configuration_Recorder"></a>

The following example creates a configuration recorder for EC2 volumes.

#### JSON
<a name="aws-resource-config-configurationrecorder--examples--Configuration_Recorder--json"></a>

```
"ConfigRecorder": {
  "Type": "AWS::Config::ConfigurationRecorder",
  "Properties": {
    "Name": "default",
    "RecordingGroup": {
      "ResourceTypes": ["AWS::EC2::Volume"]
    },
    "RoleARN": {"Fn::GetAtt": ["ConfigRole", "Arn"]}
  }
}
```

#### YAML
<a name="aws-resource-config-configurationrecorder--examples--Configuration_Recorder--yaml"></a>

```
ConfigRecorder: 
  Type: AWS::Config::ConfigurationRecorder
  Properties: 
    Name: default
    RecordingGroup: 
      ResourceTypes: 
        - "AWS::EC2::Volume"
    RoleARN: 
      Fn::GetAtt: 
        - ConfigRole
        - Arn
```