AWS Config Recording is disabled
Description
AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. AWS config uses configuration recorder to detect changes in your resource configurations and capture these changes as configuration items. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This policy generates alerts when AWS Config recorder is not enabled.
Code Example
go
resource "aws_config_configuration_recorder" "pass_recorder" {
name = "example"
role_arn = aws_iam_role.r.arn
recording_group {
include_global_resource_types = true
}
}
resource "aws_config_configuration_recorder_status" "pass" {
name = aws_config_configuration_recorder.pass_recorder.name
is_enabled = true
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0479 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_AWS_45 |