From 343f08779c6fa50072a025682cbf49b398350de0 Mon Sep 17 00:00:00 2001
From: pjdufour-dds <patrick.dufour@dds.mil>
Date: Mon, 30 Mar 2020 13:28:39 -0400
Subject: [PATCH] include_global_resource_types bool

---
 README.md         | 3 +++
 config-service.tf | 3 +--
 variables.tf      | 6 ++++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e525099..d1857d3 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,8 @@ Terraform 0.11. Pin module version to ~> 1.5.1. Submit pull-requests to terrafor
 
 **Note: This module sets up AWS IAM Roles and Policies, which are globally namespaced. If you plan to have multiple instances of AWS Config, make sure they have unique values for `config_name`.**
 
+**Note: If you use this module in multiple regions, be sure to disable duplicative checks and global resource types.**
+
 ```hcl
 module "aws_config" {
   source = "trussworks/config/aws"
@@ -127,6 +129,7 @@ module "aws_config" {
 | config\_logs\_prefix | The S3 prefix for AWS Config logs. | `string` | `"config"` | no |
 | config\_max\_execution\_frequency | The maximum frequency with which AWS Config runs evaluations for a rule. | `string` | `"TwentyFour_Hours"` | no |
 | config\_name | The name of the AWS Config instance. | `string` | `"aws-config"` | no |
+| include\_global\_resource\_types | Specifies whether AWS Config includes all supported types of global resources with the resources that it records. | `bool` | `true` | no |
 | password\_max\_age | Number of days before password expiration. | `number` | `90` | no |
 | password\_min\_length | Password minimum length. | `number` | `14` | no |
 | password\_require\_lowercase | Require at least one lowercase character in password. | `bool` | `true` | no |
diff --git a/config-service.tf b/config-service.tf
index 32876d3..f448acb 100644
--- a/config-service.tf
+++ b/config-service.tf
@@ -26,7 +26,6 @@ resource "aws_config_configuration_recorder" "main" {
 
   recording_group {
     all_supported                 = true
-    include_global_resource_types = true
+    include_global_resource_types = var.include_global_resource_types
   }
 }
-
diff --git a/variables.tf b/variables.tf
index 298c105..084de4e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -260,3 +260,9 @@ variable "tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "include_global_resource_types" {
+  description = "Specifies whether AWS Config includes all supported types of global resources with the resources that it records."
+  type        = bool
+  default     = true
+}