- 최신
- 최다 투표
- 가장 많은 댓글
To stop recording for AWS::Config::ResourceCompliance, you need to modify your AWS Config configuration recorder settings. The approach you're trying is on the right track, but there are a few adjustments needed:
-
First, ensure that you specify the correct IAM role for the recorder when configuring its settings. The error you received is likely caused by the role ARN not being specified in the request, or permissions specified for the role being insufficient.
-
Instead of including AWS::Config::ResourceCompliance in the resourceTypes list, you should exclude it. The goal is to stop recording this specific resource type.
-
You'll need to use the EXCLUSION_BY_RESOURCE_TYPES recording strategy.
Here's a corrected version of the command:
aws configservice put-configuration-recorder --configuration-recorder name=default,roleARN=<your-config-role-arn> --recording-group recordingStrategy={useOnly=EXCLUSION_BY_RESOURCE_TYPES},allSupported=true,includeGlobalResourceTypes=true,exclusionByResourceTypes={resourceTypes=[AWS::Config::ResourceCompliance]}
Replace <your-config-role-arn> with the actual ARN of the IAM role associated with your AWS Config.
This command will:
- Set the recording strategy to exclude specific resource types
- Continue recording all supported resource types except AWS::Config::ResourceCompliance
- Include global resource types
- Explicitly exclude AWS::Config::ResourceCompliance from recording
After executing this command successfully, AWS Config will stop recording for the AWS::Config::ResourceCompliance resource type. You can then proceed with deleting your rules. Remember to turn recording back on for AWS::Config::ResourceCompliance after you've finished deleting the rules to complete the best practice procedure.
Sources
RecordingStrategy - AWS Config
DeleteConfigRule - AWS Config
Evaluating Resources with AWS Config Rules - AWS Config
