AWS Config Set Retention

[ghost]

This issue was originally opened by @tbo-246 as hashicorp/terraform#24944. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Current Terraform Version

v0.12.24

Use-cases

It is now possible to set the retention policy in days for the AWS Config Service. This is a good way of keeping costs down and there is not currently a way to configure this with Terraform.

Attempted Solutions

I have checked all arguments in the resource config resources and none have a retention period setting. I purposefully set this option in the AWS console hoping for Terraform to detect code drift and give me a clue where the setting might be however the setting was ignored.

Proposal

Introduce an argument in the aws_config_configuration_recorder resource called "retention_period". It might look something like:

resource "aws_config_configuration_recorder" "example" {
  name     = "example"
  role_arn = aws_iam_role.config.arn
  retention_period = 365
  recording_group {
    all_supported = true
    include_global_resource_types = true
  }
}

References

[mfarrokhnia]

Any update on this issue?

[HTTP500]

Any update on this?

[antgel]

@anGie44 Is the labelling correct? This doesn't look like new-resource; rather adding an attribute to an existing resource.

[antgel]

(Sorry for the "spam".)

For the Terraform gurus, the relevant API call looks like https://docs.aws.amazon.com/config/latest/APIReference/API_PutRetentionConfiguration.html.

[anGie44]

Hi @antgel , i've removed the new-resource label since you're right that this is more of enhancement. It's a bit different in that the attribute will require a separate API call outside of the PutConfigurationRecorder method used in the aws_config_configuration_recorder resource.

[rc-adammikolajczyk]

Just ran into this issue, and was hoping there might be some traction on it. Easy enough to set by hand, of course, but would like to fold this into the TF code if possible. Thanks!

[waneal]

As workaround, we can configure retention days by local-exec like below. However I hope to define it as terraform code, too.

resource "aws_config_configuration_recorder" "this" {
  name     = "this"
  role_arn = aws_iam_role.aws_config.arn
  recording_group {
    all_supported                 = true
    include_global_resource_types = true
  }
  provisioner "local-exec" {
    when    = create
    command = "aws configservice put-retention-configuration --retention-period-in-days 365"
  }
}

[sherifkayad]

@ewbankkit may I ask why closing the issue and re-opening it again? is it because of the target release?

[ewbankkit]

@sherifkayad Yes -- targeting for next week's v5.39.0 release now.

[sherifkayad]

@ewbankkit Thanks for the info and looking forward to it

[ewbankkit]

As this functionality is independent of any Configuration Recorder, a standalone aws_config_retention_configuration resource has been implemented in https://github.com/hashicorp/terraform-provider-aws/pull/15136.

[github-actions[bot]]

This functionality has been released in v5.39.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.