Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Updating the IAM Role for the customer managed configuration recorder
You can update the IAM role used by the customer managed configuration recorder. Before you update the IAM role,
ensure that you have created a new role to replace the old one. You must attach policies to the
new role that grant permissions to Amazon Config to record configurations and deliver them to your
delivery channel.
For information about creating an IAM
role and attaching the required policies to the IAM role, see Step 3: Creating an IAM Role.
To find the ARN of an existing IAM role, go to the IAM console at https://console.amazonaws.cn/iam/. Choose
Roles in the navigation pane. Then choose the name of the desired role
and find the ARN at the top of the Summary page.
Updating the IAM Role
You can update your IAM role using the Amazon Web Services Management Console or the Amazon CLI.
- To update the IAM role (Console)
-
Sign in to the Amazon Web Services Management Console and open the Amazon Config console at
https://console.amazonaws.cn/config/home.
-
Choose Settings in the navigation pane.
-
On the Customer managed recorder tab, choose Edit on the Settings page.
-
In the Data governance, section, choose the IAM role for Amazon Config:
-
Use an existing Amazon Config service-linked role – Amazon Config creates a role that has the
required permissions.
-
Choose a role from your account – For Existing roles, choose an IAM role in your account.
-
Choose Save.
- To update the IAM role (Amazon CLI)
-
Use the put-configuration-recorder command and specify the Amazon
Resource Name (ARN) of the new role:
$ aws configservice put-configuration-recorder --configuration-recorder name=configRecorderName,roleARN=arn:aws:iam::012345678912:role/myConfigRole