Table: aws_config_configuration_recorder - Query AWS Config Configuration Recorder using SQL
The AWS Config Configuration Recorder is a feature that enables you to record the resource configurations in your AWS account. It captures and tracks changes to the configuration of your AWS resources, allowing you to assess, audit, and evaluate the configurations of your AWS resources. This helps ensure that your resource configurations are in compliance with your organization's policies and best practices.
Table Usage Guide
The aws_config_configuration_recorder
table in Steampipe provides you with information about Configuration Recorders within AWS Config. This table allows you, as a DevOps engineer, security analyst, or cloud administrator, to query configuration recorder-specific details, including its current status, associated role ARN, and whether it is recording all resource types. You can utilize this table to gather insights on configuration recorders, such as which resources are being recorded, the recording status, and more. The schema outlines the various attributes of the Configuration Recorder for you, including the name, role ARN, resource types, and recording group.
Examples
Basic info
Explore which AWS configuration recorders are active and recording, to better understand and manage your AWS resources and their configurations. This can be particularly useful for auditing, compliance, and operational troubleshooting purposes.
select name, role_arn, status, recording_group, status_recording, akas, titlefrom aws_config_configuration_recorder;
select name, role_arn, status, recording_group, status_recording, akas, titlefrom aws_config_configuration_recorder;
List configuration recorders that are not recording
Discover segments of configuration recorders that are currently inactive. This is beneficial in identifying potential gaps in your AWS Config setup, ensuring all necessary configuration changes are being tracked.
select name, role_arn, status_recording, titlefrom aws_config_configuration_recorderwhere not status_recording;
select name, role_arn, status_recording, titlefrom aws_config_configuration_recorderwhere status_recording != 1;
List configuration recorders with failed deliveries
Discover the segments that have experienced delivery failures in AWS Configuration Recorder. This is beneficial for identifying and resolving issues in the system to ensure smooth operations.
select name, status ->> 'LastStatus' as last_status, status ->> 'LastStatusChangeTime' as last_status_change_time, status ->> 'LastErrorCode' as last_error_code, status ->> 'LastErrorMessage' as last_error_messagefrom aws_config_configuration_recorderwhere status ->> 'LastStatus' = 'FAILURE';
select name, json_extract(status, '$.LastStatus') as last_status, json_extract(status, '$.LastStatusChangeTime') as last_status_change_time, json_extract(status, '$.LastErrorCode') as last_error_code, json_extract(status, '$.LastErrorMessage') as last_error_messagefrom aws_config_configuration_recorderwhere json_extract(status, '$.LastStatus') = 'FAILURE';
Schema for aws_config_configuration_recorder
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
arn | text | The Amazon Resource Name (ARN) of the configuration recorder. | |
name | text | = | The name of the recorder. By default, AWS Config automatically assigns the name default when creating the configuration recorder. |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
recording_group | jsonb | Specifies the types of AWS resources for which AWS Config records configuration changes. | |
recording_mode | text | Specifies the default recording frequency that Config uses to record configuration changes. Config supports Continuous recording and Daily recording. | |
region | text | The AWS Region in which the resource is located. | |
role_arn | text | Amazon Resource Name (ARN) of the IAM role used to describe the AWS resources associated with the account. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | jsonb | The current status of the configuration recorder. | |
status_recording | boolean | Specifies whether or not the recorder is currently recording. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_config_configuration_recorder