AWS::Config::ConfigurationRecorder ExclusionByResourceTypes - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Config::ConfigurationRecorder ExclusionByResourceTypes

Specifies whether the configuration recorder excludes certain resource types from being recorded. Use the ResourceTypes field to enter a comma-separated list of resource types you want to exclude from recording.

By default, when Amazon Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, Amazon Config starts recording resources of that type automatically.


How to use the exclusion recording strategy

To use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.

Amazon Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded.

Global resource types and the exclusion recording strategy

Unless specifically listed as exclusions, AWS::RDS::GlobalCluster will be recorded automatically in all supported Amazon Config Regions were the configuration recorder is enabled.

IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Amazon Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by Amazon Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:

  • Asia Pacific (Hyderabad)

  • Asia Pacific (Melbourne)

  • Canada West (Calgary)

  • Europe (Spain)

  • Europe (Zurich)

  • Israel (Tel Aviv)

  • Middle East (UAE)


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "ResourceTypes" : [ String, ... ] }


ResourceTypes: - String



A comma-separated list of resource types to exclude from recording by the configuration recorder.

Required: Yes

Type: Array of String

Update requires: No interruption


Record all current and future supported resource types excluding the types you specify

The recordingGroup file specifies which types of resources Amazon Config will record.


{ "AllSupported": false, "ExclusionByResourceTypes": { "ResourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "IncludeGlobalResourceTypes": false, "RecordingStrategy": { "UseOnly": "EXCLUSION_BY_RESOURCE_TYPES" } }


AllSupported: false ExclusionByResourceTypes: ResourceTypes: - AWS::Redshift::ClusterSnapshot - AWS::RDS::DBClusterSnapshot - AWS::CloudFront::StreamingDistribution IncludeGlobalResourceTypes: false RecordingStrategy: UseOnly: EXCLUSION_BY_RESOURCE_TYPES