Skip to content

Use existing AWS Config recorder name to prevent recorder limit exception #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 18, 2025
Merged

Use existing AWS Config recorder name to prevent recorder limit exception #24

merged 1 commit into from
Apr 18, 2025

Conversation

@chroju
Copy link
Contributor

@chroju chroju commented Apr 4, 2025

Issue #, if available:

The Lambda function was encountering a MaxNumberOfConfigurationRecordersExceededException error when trying to update the AWS Config recorder settings. This occurs because AWS Config has a limit of one configuration recorder per account per region.

Description of changes:

This PR modifies the consumer Lambda to check for existing configuration recorders and reuse the name of any existing recorder instead of always using the hardcoded default name. This prevents the Lambda from attempting to create a new recorder when one already exists.

  • Changes
    • Added logic to retrieve the name of any existing configuration recorder
    • Modified the code to use the retrieved name when updating the recorder configuration
    • Preserved all original functionality while fixing the specific exception

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@vsr2158
Copy link
Contributor

vsr2158 commented Apr 6, 2025

Thanks for the input, why do you have more then one config recorder? IN case of control tower deployment there would be only one.

@chroju
Copy link
Contributor Author

chroju commented Apr 7, 2025
edited
Loading

@vsr2158

Thank you for your question.

The issue we encountered wasn't about having multiple recorders simultaneously, but rather the code using a fixed name ( "aws-controltower-BaselineConfigRecorder" ) when trying to update the configuration. If an account already has a config recorder with a different name (which can happen in various scenarios like migrations or pre-existing configurations), the code was attempting to create a new recorder instead of updating the existing one - causing the MaxNumberOfConfigurationRecordersExceededException .

For example, we're following the AWS official procedure for enrolling accounts with existing AWS Config resources into AWS Control Tower, which creates a recorder with names like aws-controltower-BaselineConfigRecorder-customer-created.

vsr2158
vsr2158 approved these changes Apr 18, 2025
View reviewed changes
Copy link
Contributor

@vsr2158 vsr2158 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@vsr2158 vsr2158 merged commit 2314fc8 into aws-samples:main Apr 18, 2025
@chroju chroju deleted the fix_max_num_of_configuration_recorder_exceeded_exception branch April 18, 2025 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vsr2158 vsr2158 vsr2158 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chroju @vsr2158