Adding config recorder service-linked role.

Author: boueya

aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account-role.yaml

@@ -17,21 +17,13 @@ Metadata:
         Parameters:
           - pSRASolutionTagKey
           - pSRASolutionName
-          - pManagedResourcePrefix
     ParameterLabels:
-      pManagedResourcePrefix:
-        default: Managed Resource Prefix
       pSRASolutionName:
         default: SRA Solution Name
       pSRASolutionTagKey:
         default: SRA Solution Tag Key
 
 Parameters:
-  pManagedResourcePrefix:
-    AllowedValues: [aws-controltower]
-    Default: aws-controltower
-    Description: Prefix for the managed resources
-    Type: String
   pSRASolutionName:
     AllowedValues: [sra-config-management-account]
     Default: sra-config-management-account
@@ -44,31 +36,8 @@ Parameters:
     Type: String
 
 Resources:
-  rConfigRecorderRole:
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W28
-            reason: Explicit name provided
-    Type: AWS::IAM::Role
+  rConfigServiceLinkedRole:
+    Type: AWS::IAM::ServiceLinkedRole
     Properties:
-      RoleName: !Sub ${pManagedResourcePrefix}-ConfigRecorderRole
-      Description: Role for AWS Config Recorder
-      AssumeRolePolicyDocument:
-        Version: 2012-10-17
-        Statement:
-          - Effect: Allow
-            Action: sts:AssumeRole
-            Principal:
-              Service:
-                - config.amazonaws.com
-      ManagedPolicyArns:
-        - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWS_ConfigRole
-      Tags:
-        - Key: !Ref pSRASolutionTagKey
-          Value: !Ref pSRASolutionName
-
-Outputs:
-  oConfigRecorderRoleArn:
-    Description: Config Recorder Role ARN
-    Value: !GetAtt rConfigRecorderRole.Arn
+      AWSServiceName: config.amazonaws.com
+      Description: A service-linked role for the ConfigRecorder.

aws_sra_examples/solutions/config/config_management_account/templates/sra-config-management-account.yaml

@@ -165,7 +165,7 @@ Resources:
     Type: AWS::Config::ConfigurationRecorder
     Properties:
       Name: !Sub ${pManagedResourcePrefix}-BaselineConfigRecorder
-      RoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pManagedResourcePrefix}-ConfigRecorderRole
+      RoleARN: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
       RecordingGroup:
         AllSupported: !Ref pAllSupported
         IncludeGlobalResourceTypes: !If