diff --git a/.bumpversion.cfg b/.bumpversion.cfg
index 62f89c2..650010f 100644
--- a/.bumpversion.cfg
+++ b/.bumpversion.cfg
@@ -1,5 +1,5 @@
[bumpversion]
-current_version = 4.1.0
+current_version = 4.2.0
commit = True
message = Bumps version to {new_version}
tag = False
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5eeb6f9..3c2155a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
+### [4.2.0](https://github.com/plus3it/terraform-aws-tardigrade-config/releases/tag/4.2.0)
+
+**Released**: 2024.11.07
+
+**Summary**:
+
+* Supports configuring recording_mode for continuous vs periodic recording
+
### [4.1.0](https://github.com/plus3it/terraform-aws-tardigrade-config/releases/tag/4.1.0)
**Released**: 2024.09.04
diff --git a/README.md b/README.md
index 2b8b34e..6bcb6f6 100644
--- a/README.md
+++ b/README.md
@@ -26,13 +26,13 @@ make mockstack/clean
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.12 |
-| [aws](#requirement\_aws) | >= 5.5.0 |
+| [aws](#requirement\_aws) | >= 5.38.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.5.0 |
+| [aws](#provider\_aws) | >= 5.38.0 |
## Resources
@@ -43,7 +43,7 @@ make mockstack/clean
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [config](#input\_config) | Object of inputs for AWS Config service | object({
configuration_recorder = object({
name = string
is_enabled = optional(bool, true)
role = optional(object({
arn = string
}))
recording_group = optional(object({
all_supported = optional(bool, true)
include_global_resource_types = optional(bool)
resource_types = optional(list(string))
exclusion_by_resource_types = optional(object({
resource_types = list(string)
}))
recording_strategy = optional(object({
use_only = string
}))
}))
})
delivery_channel = object({
s3_bucket_name = string
s3_key_prefix = optional(string)
s3_kms_key_arn = optional(string)
sns_topic_arn = optional(string)
snapshot_delivery_properties = optional(object({
delivery_frequency = string
}))
})
}) | n/a | yes |
+| [config](#input\_config) | Object of inputs for AWS Config service | object({
configuration_recorder = object({
name = string
is_enabled = optional(bool, true)
role = optional(object({
arn = string
}))
recording_group = optional(object({
all_supported = optional(bool, true)
include_global_resource_types = optional(bool)
resource_types = optional(list(string))
exclusion_by_resource_types = optional(object({
resource_types = list(string)
}))
recording_strategy = optional(object({
use_only = string
}))
}))
recording_mode = optional(object({
recording_frequency = string
recording_mode_override = optional(object({
description = optional(string)
resource_types = list(string)
recording_frequency = string
}))
}))
})
delivery_channel = object({
s3_bucket_name = string
s3_key_prefix = optional(string)
s3_kms_key_arn = optional(string)
sns_topic_arn = optional(string)
snapshot_delivery_properties = optional(object({
delivery_frequency = string
}))
})
}) | n/a | yes |
## Outputs
diff --git a/main.tf b/main.tf
index 7dbdbf9..58ae0f1 100644
--- a/main.tf
+++ b/main.tf
@@ -24,6 +24,22 @@ resource "aws_config_configuration_recorder" "this" {
}
}
}
+
+ dynamic "recording_mode" {
+ for_each = var.config.configuration_recorder.recording_mode != null ? [var.config.configuration_recorder.recording_mode] : []
+ content {
+ recording_frequency = recording_mode.value.recording_frequency
+
+ dynamic "recording_mode_override" {
+ for_each = recording_mode.value.recording_mode_override != null ? [recording_mode.value.recording_mode_override] : []
+ content {
+ description = recording_mode_override.value.description
+ resource_types = recording_mode_override.value.resource_types
+ recording_frequency = recording_mode_override.value.recording_frequency
+ }
+ }
+ }
+ }
}
resource "aws_config_delivery_channel" "this" {
diff --git a/tests/recording_mode_override/main.tf b/tests/recording_mode_override/main.tf
new file mode 100644
index 0000000..779445d
--- /dev/null
+++ b/tests/recording_mode_override/main.tf
@@ -0,0 +1,93 @@
+module "config" {
+ source = "../../"
+
+ config = {
+ configuration_recorder = {
+ name = "tardigrade-config-${random_string.this.result}"
+
+ recording_mode = {
+ recording_frequency = "CONTINUOUS"
+
+ recording_mode_override = {
+ description = "Only record EC2 network interfaces and internet gateways daily"
+ resource_types = [
+ "AWS::EC2::NetworkInterface",
+ "AWS::EC2::InternetGateway"
+ ]
+ recording_frequency = "DAILY"
+ }
+ }
+ }
+
+ delivery_channel = {
+ s3_bucket_name = aws_s3_bucket_policy.this.id
+ }
+ }
+}
+
+resource "aws_s3_bucket" "this" {
+ bucket = "tardigrade-config-${random_string.this.result}"
+ force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+ bucket = aws_s3_bucket.this.id
+
+ policy = jsonencode({
+ "Version" : "2012-10-17",
+ "Statement" : [
+ {
+ "Sid" : "AWSConfigBucketPermissionsCheck",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:GetBucketAcl",
+ "Resource" : aws_s3_bucket.this.arn,
+ "Condition" : {
+ "StringEquals" : {
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ },
+ {
+ "Sid" : "AWSConfigBucketExistenceCheck",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:ListBucket",
+ "Resource" : aws_s3_bucket.this.arn,
+ "Condition" : {
+ "StringEquals" : {
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ },
+ {
+ "Sid" : "AWSConfigBucketDelivery",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:PutObject",
+ "Resource" : "${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/Config/*",
+ "Condition" : {
+ "StringEquals" : {
+ "s3:x-amz-acl" : "bucket-owner-full-control",
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ }
+ ]
+ })
+}
+
+resource "random_string" "this" {
+ length = 6
+ numeric = false
+ upper = false
+ special = false
+}
+
+data "aws_caller_identity" "current" {}
diff --git a/tests/recording_mode_periodic/main.tf b/tests/recording_mode_periodic/main.tf
new file mode 100644
index 0000000..e4542b6
--- /dev/null
+++ b/tests/recording_mode_periodic/main.tf
@@ -0,0 +1,84 @@
+module "config" {
+ source = "../../"
+
+ config = {
+ configuration_recorder = {
+ name = "tardigrade-config-${random_string.this.result}"
+
+ recording_mode = {
+ recording_frequency = "DAILY"
+ }
+ }
+
+ delivery_channel = {
+ s3_bucket_name = aws_s3_bucket_policy.this.id
+ }
+ }
+}
+
+resource "aws_s3_bucket" "this" {
+ bucket = "tardigrade-config-${random_string.this.result}"
+ force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+ bucket = aws_s3_bucket.this.id
+
+ policy = jsonencode({
+ "Version" : "2012-10-17",
+ "Statement" : [
+ {
+ "Sid" : "AWSConfigBucketPermissionsCheck",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:GetBucketAcl",
+ "Resource" : aws_s3_bucket.this.arn,
+ "Condition" : {
+ "StringEquals" : {
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ },
+ {
+ "Sid" : "AWSConfigBucketExistenceCheck",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:ListBucket",
+ "Resource" : aws_s3_bucket.this.arn,
+ "Condition" : {
+ "StringEquals" : {
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ },
+ {
+ "Sid" : "AWSConfigBucketDelivery",
+ "Effect" : "Allow",
+ "Principal" : {
+ "Service" : "config.amazonaws.com"
+ },
+ "Action" : "s3:PutObject",
+ "Resource" : "${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/Config/*",
+ "Condition" : {
+ "StringEquals" : {
+ "s3:x-amz-acl" : "bucket-owner-full-control",
+ "AWS:SourceAccount" : data.aws_caller_identity.current.account_id
+ }
+ }
+ }
+ ]
+ })
+}
+
+resource "random_string" "this" {
+ length = 6
+ numeric = false
+ upper = false
+ special = false
+}
+
+data "aws_caller_identity" "current" {}
diff --git a/variables.tf b/variables.tf
index 62936c7..70395f7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -22,6 +22,16 @@ variable "config" {
use_only = string
}))
}))
+
+ recording_mode = optional(object({
+ recording_frequency = string
+
+ recording_mode_override = optional(object({
+ description = optional(string)
+ resource_types = list(string)
+ recording_frequency = string
+ }))
+ }))
})
delivery_channel = object({
diff --git a/versions.tf b/versions.tf
index 8e38dc2..54cd914 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.5.0"
+ version = ">= 5.38.0"
}
}
}