Policy: AWS > Config > Configuration Recording > Delivery Channel > S3 Bucket

The name of the Amazon S3 bucket to which AWS Config delivers configuration snapshots and configuration history files. AWS Config must write to S3, thus this policy is required. The S3 bucket must already exist (the stack will not create it) and the CloudTrail service must be allowed write access. The bucket can reside in any region of any account.

Targets

This policy targets the following resource types:

AWS > Region

Primary Policy

This policy is used with the following primary policy:

AWS > Config > Configuration Recording > Delivery Channel

Policy Specification

Schema Type	`string`
Default template	`{{ $.bucketName }}`
Default template input	`- \| { region { turbot { id } } } - \| { bucketName: policy(uri: "aws#/policy/types/loggingBucketDefault", resourceId: "{{ $.region.turbot.id }}") }`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/configured

Policy Type URI

tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket

GraphQL

query policyType(id: "tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-config#/policy/types/deliveryChannelS3Bucket"