diff --git a/CHANGELOG.md b/CHANGELOG.md
index abe0c6c..2e2901e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -391,3 +391,7 @@
* 2.9.1 -- 2024-12-26
- cloudtrail
- move managed_policy_arns to aws_iam_role_policy_attachment due to deprecation
+
+* 2.10.0 -- 2025-02-05
+ - config
+ - add recorder_override_daily to allow specific resource to be recorded daily vs continously
diff --git a/common/version.tf b/common/version.tf
index d5903b2..a57e56b 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "2.9.1"
+ _module_version = "2.10.0"
}
diff --git a/config/README.md b/config/README.md
index 2ee86f4..95a9d1b 100644
--- a/config/README.md
+++ b/config/README.md
@@ -206,13 +206,14 @@ No modules.
| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
| [bucket\_key\_enabled](#input\_bucket\_key\_enabled) | Enable or disable the use of S3 Bucket Keys (see AWS documenation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html). | `bool` | `false` | no |
-| [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms) | `map(map(string))` | {
"kms": {},
"s3": {}
} | no |
+| [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms) | `map(map(string))` | {
"kms": {},
"s3": {}
} | no |
| [create\_s3\_bucket](#input\_create\_s3\_bucket) | Flag to enable creating of config S3 Bucket for snapshots | `bool` | `true` | no |
| [enable\_config\_rules\_standard](#input\_enable\_config\_rules\_standard) | Flag to enable\|disable the standard set of config rules | `bool` | `true` | no |
| [enable\_config\_rules\_stopped](#input\_enable\_config\_rules\_stopped) | Flag to enable\|disable EC2 stopped config rules | `bool` | `false` | no |
| [enable\_rules](#input\_enable\_rules) | Enable Config rules to be created in this module. Set to `false` to use Organization Config Rules. | `bool` | `true` | no |
| [name](#input\_name) | Config resource name prefix used for all resources | `string` | `""` | no |
| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| [recorder\_override\_daily](#input\_recorder\_override\_daily) | Resource type to record daily instead of continuous | `list(string)` | `[]` | no |
| [s3\_bucket](#input\_s3\_bucket) | Config S3 Bucket to send Config snapshots | `string` | `null` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
| [use\_kms\_encryption](#input\_use\_kms\_encryption) | Enable AWS:KMS encryption (default). If false, enables SSE-S3 (AES256), needed for some AWS services access | `bool` | `true` | no |
diff --git a/config/config.tf b/config/config.tf
index 96d0a3e..cb54c27 100644
--- a/config/config.tf
+++ b/config/config.tf
@@ -11,6 +11,20 @@ resource "aws_config_configuration_recorder" "config" {
include_global_resource_types = true
all_supported = true
}
+
+ dynamic "recording_mode" {
+ for_each = length(var.recorder_override_daily) > 0 ? { 1 = 1 } : {}
+ iterator = x
+ content {
+ recording_frequency = "CONTINUOUS"
+
+ recording_mode_override {
+ description = "Record specific resources daily"
+ resource_types = var.recorder_override_daily
+ recording_frequency = "DAILY"
+ }
+ }
+ }
}
resource "aws_config_configuration_recorder_status" "config" {
diff --git a/config/variables.tf b/config/variables.tf
index feaa711..7415b2a 100644
--- a/config/variables.tf
+++ b/config/variables.tf
@@ -58,3 +58,9 @@ variable "enable_rules" {
default = true
}
+variable "recorder_override_daily" {
+ description = "Resource type to record daily instead of continuous"
+ type = list(string)
+ default = []
+}
+