feature: Recording strategy

[babychm]

what

Added ability to conditionally determine the recording strategy, record all types of resources, include or exclude resources from the recording group by the provided list.

module "aws_config" {
  source = "../../../../terraform-aws-config"
 
  enabled = true

  s3_bucket_id  = local.s3_bucket.config_bucket_id
  s3_bucket_arn = local.s3_bucket.config_bucket_arn
  create_iam_role  = local.create_iam_role
  iam_role_arn     = local.config_iam_role_arn
  create_sns_topic = true
  managed_rules    = local.enabled_rules
  global_resource_collector_region   = var.global_resource_collector_region

  strategy_resource_types = ["AWS::EC2::EIP", "AWS::EC2::Instance"]
  enable_exclusion = true
#  enable_inclusion = true

  context = module.this.context
}

why

• Missing feature: recording strategy for the configuration recorder not been presented before in the module
• More clean inputs: when you need to record in AWS Config e.g 80 of 100 resources, all you need is enable exclusion strategy and exclude not needed 20 resources

references

• https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingStrategy.html
• optional recording was added in added recording_mode{} attribute #87 but ignores the recording strategy feature

[Benbentwo]

I think this could be simplified to

Suggested change

	all_supported = var.enable_exclusion == true || var.enable_inclusion == true ? false : true
	all_supported = !var.enable_exclusion && !var.enable_inclusion

[Benbentwo]

Suggested change

	is_global_recorder_region = var.global_resource_collector_region == data.aws_region.this.name && !(length(var.strategy_resource_types) > 0)
	is_global_recorder_region = var.global_resource_collector_region == data.aws_region.this.name && length(var.strategy_resource_types) == 0

[Benbentwo]

Looks like this needs to be in recording_mode block? based on this example

also can be simplified

Suggested change

	resource_types = var.enable_inclusion == true && length(var.strategy_resource_types) > 0 ? var.strategy_resource_types : []
	resource_types = var.enable_inclusion && length(var.strategy_resource_types) > 0 ? var.strategy_resource_types : []

[Benbentwo]

Suggested change

	for_each = var.enable_exclusion ? [1] : []
	content {
	resource_types = length(var.strategy_resource_types) > 0 ? var.strategy_resource_types : []
	}
	}
	for_each = var.enable_exclusion && length(var.strategy_resource_types) > 0 ? [1] : []
	content {
	resource_types = var.strategy_resource_types
	}
	}

[Benbentwo]

Suggested change

	use_only = var.enable_exclusion == true ? "EXCLUSION_BY_RESOURCE_TYPES" : (var.enable_inclusion == true ? "INCLUSION_BY_RESOURCE_TYPES" : "ALL_SUPPORTED_RESOURCE_TYPES")
	use_only = var.enable_exclusion ? "EXCLUSION_BY_RESOURCE_TYPES" : (var.enable_inclusion ? "INCLUSION_BY_RESOURCE_TYPES" : "ALL_SUPPORTED_RESOURCE_TYPES")

[mergify]

💥 This pull request now has conflicts. Could you fix it @babychm? 🙏

[mergify]

This PR was closed due to inactivity and merge conflicts. 😭
Please resolve the conflicts and reopen if necessary.