Ensure AWS Config recorder is enabled to record all supported resources

Error: AWS Config Recording is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_182
Checkov Check ID: CKV2_AWS_45
Severity: MEDIUM

AWS Config Recording is disabled


AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. AWS config uses configuration recorder to detect changes in your resource configurations and capture these changes as configuration items. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This policy generates alerts when AWS Config recorder is not enabled.

Fix - Runtime


Fix - Buildtime


resource "aws_config_configuration_recorder" "pass_recorder" {
  name     = "example"
  role_arn = aws_iam_role.r.arn

  recording_group {
    include_global_resource_types = true


resource "aws_config_configuration_recorder_status" "pass" {
  name       = aws_config_configuration_recorder.pass_recorder.name
  is_enabled = true