Interface ConfigurationRecorder.Builder

All Superinterfaces:
Buildable, CopyableBuilder<ConfigurationRecorder.Builder,ConfigurationRecorder>, SdkBuilder<ConfigurationRecorder.Builder,ConfigurationRecorder>, SdkPojo
Enclosing class:
ConfigurationRecorder
@Mutable @NotThreadSafe public static interface ConfigurationRecorder.Builder extends SdkPojo, CopyableBuilder<ConfigurationRecorder.Builder,ConfigurationRecorder>

  • Method Details

    • arn

      ConfigurationRecorder.Builder arn(String arn)

      The Amazon Resource Name (ARN) of the specified configuration recorder.

      Parameters:
      arn - The Amazon Resource Name (ARN) of the specified configuration recorder.
      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • name

      ConfigurationRecorder.Builder name(String name)

      The name of the configuration recorder.

      For customer managed configuration recorders, Config automatically assigns the name of "default" when creating a configuration recorder if you do not specify a name at creation time.

      For service-linked configuration recorders, Config automatically assigns a name that has the prefix " AWS" to a new service-linked configuration recorder.

      Changing the name of a configuration recorder

      To change the name of the customer managed configuration recorder, you must delete it and create a new customer managed configuration recorder with a new name.

      You cannot change the name of a service-linked configuration recorder.

      Parameters:
      name - The name of the configuration recorder.

      For customer managed configuration recorders, Config automatically assigns the name of "default" when creating a configuration recorder if you do not specify a name at creation time.

      For service-linked configuration recorders, Config automatically assigns a name that has the prefix " AWS" to a new service-linked configuration recorder.

      Changing the name of a configuration recorder

      To change the name of the customer managed configuration recorder, you must delete it and create a new customer managed configuration recorder with a new name.

      You cannot change the name of a service-linked configuration recorder.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • roleARN

      ConfigurationRecorder.Builder roleARN(String roleARN)

      The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.

      The server will reject a request without a defined roleARN for the configuration recorder

      While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.

      Policies and compliance results

      IAM policies and other policies managed in Organizations can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.

      Keep Minimum Permisions When Reusing an IAM role

      If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected.

      For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.

      The service-linked IAM role for Config must be used for service-linked configuration recorders

      For service-linked configuration recorders, you must use the service-linked IAM role for Config: AWSServiceRoleForConfig.

      Parameters:
      roleARN - The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.

      The server will reject a request without a defined roleARN for the configuration recorder

      While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.

      Policies and compliance results

      IAM policies and other policies managed in Organizations can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.

      Keep Minimum Permisions When Reusing an IAM role

      If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected.

      For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.

      The service-linked IAM role for Config must be used for service-linked configuration recorders

      For service-linked configuration recorders, you must use the service-linked IAM role for Config: AWSServiceRoleForConfig.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • recordingGroup

      ConfigurationRecorder.Builder recordingGroup(RecordingGroup recordingGroup)

      Specifies which resource types are in scope for the configuration recorder to record.

      High Number of Config Evaluations

      You might notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.

      If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling.

      If you want to avoid the increased activity from running ephemeral workloads, you can set up the configuration recorder to exclude these resource types from being recorded, or run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.

      Parameters:
      recordingGroup - Specifies which resource types are in scope for the configuration recorder to record.

      High Number of Config Evaluations

      You might notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.

      If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling.

      If you want to avoid the increased activity from running ephemeral workloads, you can set up the configuration recorder to exclude these resource types from being recorded, or run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • recordingGroup

      default ConfigurationRecorder.Builder recordingGroup(Consumer<RecordingGroup.Builder> recordingGroup)

      Specifies which resource types are in scope for the configuration recorder to record.

      High Number of Config Evaluations

      You might notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the initial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected for Config to record.

      If you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these temporary resources. An ephemeral workload is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances, Amazon EMR jobs, and Auto Scaling.

      If you want to avoid the increased activity from running ephemeral workloads, you can set up the configuration recorder to exclude these resource types from being recorded, or run these types of workloads in a separate account with Config turned off to avoid increased configuration recording and rule evaluations.

      This is a convenience method that creates an instance of the RecordingGroup.Builder avoiding the need to create one manually via RecordingGroup.builder().

      When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to recordingGroup(RecordingGroup).

      Parameters:
      recordingGroup - a consumer that will call methods on RecordingGroup.Builder
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • recordingMode

      ConfigurationRecorder.Builder recordingMode(RecordingMode recordingMode)

      Specifies the default recording frequency for the configuration recorder. Config supports Continuous recording and Daily recording.

      • Continuous recording allows you to record configuration changes continuously whenever a change occurs.

      • Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.

      Some resource types require continuous recording

      Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.

      You can also override the recording frequency for specific resource types.

      Parameters:
      recordingMode - Specifies the default recording frequency for the configuration recorder. Config supports Continuous recording and Daily recording.

      • Continuous recording allows you to record configuration changes continuously whenever a change occurs.

      • Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.

      Some resource types require continuous recording

      Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.

      You can also override the recording frequency for specific resource types.

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • recordingMode

      default ConfigurationRecorder.Builder recordingMode(Consumer<RecordingMode.Builder> recordingMode)

      Specifies the default recording frequency for the configuration recorder. Config supports Continuous recording and Daily recording.

      • Continuous recording allows you to record configuration changes continuously whenever a change occurs.

      • Daily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.

      Some resource types require continuous recording

      Firewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager, it is recommended that you set the recording frequency to Continuous.

      You can also override the recording frequency for specific resource types.

      This is a convenience method that creates an instance of the RecordingMode.Builder avoiding the need to create one manually via RecordingMode.builder().

      When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to recordingMode(RecordingMode).

      Parameters:
      recordingMode - a consumer that will call methods on RecordingMode.Builder
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • recordingScope

      ConfigurationRecorder.Builder recordingScope(String recordingScope)

      Specifies whether the ConfigurationItems in scope for the specified configuration recorder are recorded for free ( INTERNAL) or if it impacts the costs to your bill (PAID).

      Parameters:
      recordingScope - Specifies whether the ConfigurationItems in scope for the specified configuration recorder are recorded for free ( INTERNAL) or if it impacts the costs to your bill (PAID).
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • recordingScope

      ConfigurationRecorder.Builder recordingScope(RecordingScope recordingScope)

      Specifies whether the ConfigurationItems in scope for the specified configuration recorder are recorded for free ( INTERNAL) or if it impacts the costs to your bill (PAID).

      Parameters:
      recordingScope - Specifies whether the ConfigurationItems in scope for the specified configuration recorder are recorded for free ( INTERNAL) or if it impacts the costs to your bill (PAID).
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • servicePrincipal

      ConfigurationRecorder.Builder servicePrincipal(String servicePrincipal)

      For service-linked configuration recorders, specifies the linked Amazon Web Services service for the configuration recorder.

      Parameters:
      servicePrincipal - For service-linked configuration recorders, specifies the linked Amazon Web Services service for the configuration recorder.
      Returns:
      Returns a reference to this object so that method calls can be chained together.