resource/aws_config_configuration_recorder add retention period

.changelog/27262.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_config_configuration_recorder: Add retention period
+```

internal/service/configservice/configservice_test.go

@@ -24,7 +24,7 @@ func TestAccConfigService_serial(t *testing.T) {
 		},
 		"ConfigurationRecorder": {
 			"basic":       testAccConfigurationRecorder_basic,
-			"allParams":   testAccConfigurationRecorder_allParams,
+			"allParams":   TestAccConfigurationRecorder_allParams,
 			"importBasic": testAccConfigurationRecorder_importBasic,
 		},
 		"ConformancePack": {

internal/service/configservice/configuration_recorder.go

@@ -15,6 +15,10 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
+const (
+	DefaultRetentionConfigurationName = "default"
+)
+
 func ResourceConfigurationRecorder() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceConfigurationRecorderPut,
@@ -34,11 +38,6 @@ func ResourceConfigurationRecorder() *schema.Resource {
 				Default:      "default",
 				ValidateFunc: validation.StringLenBetween(0, 256),
 			},
-			"role_arn": {
-				Type:         schema.TypeString,
-				Required:     true,
-				ValidateFunc: verify.ValidARN,
-			},
 			"recording_group": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -64,6 +63,16 @@ func ResourceConfigurationRecorder() *schema.Resource {
 					},
 				},
 			},
+			"retention_period": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validation.IntBetween(30, 2557),
+			},
+			"role_arn": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: verify.ValidARN,
+			},
 		},
 	}
 }
@@ -84,11 +93,29 @@ func resourceConfigurationRecorderPut(d *schema.ResourceData, meta interface{})
 	input := configservice.PutConfigurationRecorderInput{
 		ConfigurationRecorder: &recorder,
 	}
+
 	_, err := conn.PutConfigurationRecorder(&input)
 	if err != nil {
 		return fmt.Errorf("Creating Configuration Recorder failed: %s", err)
 	}
 
+	oldRp, newRp := d.GetChange("retention_period")
+	if newRp.(int) == 0 && oldRp.(int) != 0 {
+		_, err = conn.DeleteRetentionConfiguration(&configservice.DeleteRetentionConfigurationInput{
+			RetentionConfigurationName: aws.String(DefaultRetentionConfigurationName),
+		})
+		if err != nil {
+			return fmt.Errorf("Creating Configuration Recorder failed: %s", err)
+		}
+	} else if newRp.(int) != 0 {
+		_, err = conn.PutRetentionConfiguration(&configservice.PutRetentionConfigurationInput{
+			RetentionPeriodInDays: aws.Int64(int64(newRp.(int))),
+		})
+		if err != nil {
+			return fmt.Errorf("Creating Configuration Recorder failed: %s", err)
+		}
+	}
+
 	d.SetId(name)
 
 	return resourceConfigurationRecorderRead(d, meta)
@@ -140,6 +167,16 @@ func resourceConfigurationRecorderRead(d *schema.ResourceData, meta interface{})
 		}
 	}
 
+	res, err := conn.DescribeRetentionConfigurations(&configservice.DescribeRetentionConfigurationsInput{
+		RetentionConfigurationNames: aws.StringSlice([]string{DefaultRetentionConfigurationName}),
+	})
+	if err != nil && !tfawserr.ErrCodeEquals(err, configservice.ErrCodeNoSuchRetentionConfigurationException) {
+		return create.Error(names.ConfigService, create.ErrActionReading, ResNameConfigurationRecorder, d.Id(), err)
+	}
+	if len(res.RetentionConfigurations) > 0 {
+		d.Set("retention_period", res.RetentionConfigurations[0].RetentionPeriodInDays)
+	}
+
 	return nil
 }
 
@@ -154,5 +191,13 @@ func resourceConfigurationRecorderDelete(d *schema.ResourceData, meta interface{
 			return fmt.Errorf("Deleting Configuration Recorder failed: %s", err)
 		}
 	}
+	_, err = conn.DeleteRetentionConfiguration(&configservice.DeleteRetentionConfigurationInput{
+		RetentionConfigurationName: aws.String(DefaultRetentionConfigurationName),
+	})
+	if err != nil {
+		if !tfawserr.ErrCodeEquals(err, configservice.ErrCodeNoSuchRetentionConfigurationException) {
+			return fmt.Errorf("Deleting Configuration Recorder failed: %s", err)
+		}
+	}
 	return nil
 }

internal/service/configservice/configuration_recorder_test.go

@@ -40,7 +40,7 @@ func testAccConfigurationRecorder_basic(t *testing.T) {
 	})
 }
 
-func testAccConfigurationRecorder_allParams(t *testing.T) {
+func TestAccConfigurationRecorder_allParams(t *testing.T) {
 	var cr configservice.ConfigurationRecorder
 	rInt := sdkacctest.RandInt()
 	expectedName := fmt.Sprintf("tf-acc-test-%d", rInt)
@@ -61,6 +61,7 @@ func testAccConfigurationRecorder_allParams(t *testing.T) {
 					testAccCheckConfigurationRecorderName(resourceName, expectedName, &cr),
 					acctest.CheckResourceAttrGlobalARN(resourceName, "role_arn", "iam", fmt.Sprintf("role/%s", expectedRoleName)),
 					resource.TestCheckResourceAttr(resourceName, "name", expectedName),
+					resource.TestCheckResourceAttr(resourceName, "retention_period", "35"),
 					resource.TestCheckResourceAttr(resourceName, "recording_group.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "recording_group.0.all_supported", "false"),
 					resource.TestCheckResourceAttr(resourceName, "recording_group.0.include_global_resource_types", "false"),
@@ -228,8 +229,9 @@ resource "aws_config_delivery_channel" "foo" {
 func testAccConfigurationRecorderConfig_allParams(randInt int) string {
 	return fmt.Sprintf(`
 resource "aws_config_configuration_recorder" "foo" {
-  name     = "tf-acc-test-%d"
-  role_arn = aws_iam_role.r.arn
+  name             = "tf-acc-test-%d"
+  role_arn         = aws_iam_role.r.arn
+  retention_period = 35
 
   recording_group {
     all_supported                 = false

website/docs/r/config_configuration_recorder.html.markdown

@@ -48,6 +48,7 @@ The following arguments are supported:
 * `name` - (Optional) The name of the recorder. Defaults to `default`. Changing it recreates the resource.
 * `role_arn` - (Required) Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.
 * `recording_group` - (Optional) Recording group - see below.
+* `retention_period` - (Optional) Retention period in days.
 
 ### `recording_group`