Ensure AWS Config must record all possible resources
Error: AWS Config must record all possible resources
Bridgecrew Policy ID: BC_AWS_GENERAL_183
Checkov Check ID: CKV2_AWS_48
Severity: MEDIUM
AWS Config must record all possible resources
Description
This policy identifies resources for which AWS Config recording is enabled but recording for all possible resources are disabled. AWS Config provides an inventory of your AWS resources and a history of configuration changes to these resources. You can use AWS Config to define rules that evaluate these configurations for compliance. Hence, it is important to enable this feature.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
resource "aws_config_configuration_recorder" "pass_recorder" {
name = "example"
role_arn = aws_iam_role.r.arn
recording_group {
include_global_resource_types = true
}
}
resource "aws_config_configuration_recorder_status" "pass" {
name = aws_config_configuration_recorder.pass_recorder.name
is_enabled = true
}
Updated 11 months ago