File tree 2 files changed +5
-28
lines changed
aws_sra_examples/solutions/config/config_management_account/templates
2 files changed +5
-28
lines changed Original file line number Diff line number Diff line change @@ -44,31 +44,8 @@ Parameters:
4444 Type : String
4545
4646Resources :
47- rConfigRecorderRole :
48- Metadata :
49- cfn_nag :
50- rules_to_suppress :
51- - id : W28
52- reason : Explicit name provided
53- Type : AWS::IAM::Role
47+ rConfigServiceLinkedRole :
48+ Type : AWS::IAM::ServiceLinkedRole
5449 Properties :
55- RoleName : !Sub ${pManagedResourcePrefix}-ConfigRecorderRole
56- Description : Role for AWS Config Recorder
57- AssumeRolePolicyDocument :
58- Version : 2012-10-17
59- Statement :
60- - Effect : Allow
61- Action : sts:AssumeRole
62- Principal :
63- Service :
64- - config.amazonaws.com
65- ManagedPolicyArns :
66- - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWS_ConfigRole
67- Tags :
68- - Key : !Ref pSRASolutionTagKey
69- Value : !Ref pSRASolutionName
70-
71- Outputs :
72- oConfigRecorderRoleArn :
73- Description : Config Recorder Role ARN
74- Value : !GetAtt rConfigRecorderRole.Arn
50+ AWSServiceName : config.amazonaws.com
51+ Description : A service-linked role for the ConfigRecorder.
Original file line number Diff line number Diff line change @@ -165,7 +165,7 @@ Resources:
165165 Type : AWS::Config::ConfigurationRecorder
166166 Properties :
167167 Name : !Sub ${pManagedResourcePrefix}-BaselineConfigRecorder
168- RoleARN : !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/${pManagedResourcePrefix}-ConfigRecorderRole
168+ RoleARN : !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig
169169 RecordingGroup :
170170 AllSupported : !Ref pAllSupported
171171 IncludeGlobalResourceTypes : !If
You can’t perform that action at this time.
0 commit comments