Ensure AWS Config recorder is enabled to record all supported resources

Error: AWS Config Recording is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_182
Checkov Check ID: CKV2_AWS_45
Severity: MEDIUM

AWS Config Recording is disabled

Description

AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. AWS config uses configuration recorder to detect changes in your resource configurations and capture these changes as configuration items. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This policy generates alerts when AWS Config recorder is not enabled.

Fix - Runtime

TBD

Fix - Buildtime

Terraform

resource "aws_config_configuration_recorder" "pass_recorder" {
  name     = "example"
  role_arn = aws_iam_role.r.arn

  recording_group {
    include_global_resource_types = true
  }

}

resource "aws_config_configuration_recorder_status" "pass" {
  name       = aws_config_configuration_recorder.pass_recorder.name
  is_enabled = true
}