diff --git a/moto/config/models.py b/moto/config/models.py index fbed2ab2a211..b5e58b84faa6 100644 --- a/moto/config/models.py +++ b/moto/config/models.py @@ -1226,7 +1226,10 @@ def put_configuration_recorder(self, config_recorder: Dict[str, Any]) -> None: if rgroup.get("allSupported", False): if ( rgroup.get("resourceTypes", []) - or rgroup.get("exclusionByResourceTypes", {}) + or ( + rgroup.get("exclusionByResourceTypes", {"resourceTypes": []}) + != {"resourceTypes": []} + ) or recording_strategy not in {None, "ALL_SUPPORTED_RESOURCE_TYPES"} ): raise InvalidRecordingGroupException() @@ -1245,7 +1248,10 @@ def put_configuration_recorder(self, config_recorder: Dict[str, Any]) -> None: elif rgroup.get("resourceTypes", []): if ( rgroup.get("includeGlobalResourceTypes", False) - or rgroup.get("exclusionByResourceTypes", {}) + or ( + rgroup.get("exclusionByResourceTypes", {"resourceTypes": []}) + != {"resourceTypes": []} + ) or recording_strategy not in {None, "INCLUSION_BY_RESOURCE_TYPES"} ): raise InvalidRecordingGroupException() diff --git a/tests/test_config/test_config.py b/tests/test_config/test_config.py index 966881ff4a4d..5bf6e5b220f0 100644 --- a/tests/test_config/test_config.py +++ b/tests/test_config/test_config.py @@ -95,6 +95,10 @@ def test_put_configuration_recorder(): "exclusionByResourceTypes": {"resourceTypes": []}, "recordingStrategy": {"useOnly": "EXCLUSION_BY_RESOURCE_TYPES"}, }, + { + "resourceTypes": ["AWS::S3::Bucket"], + "exclusionByResourceTypes": {"resourceTypes": ["AWS::S3::Bucket"]}, + }, {"includeGlobalResourceTypes": False, "resourceTypes": []}, {"includeGlobalResourceTypes": True}, {"resourceTypes": []}, @@ -199,6 +203,7 @@ def test_put_configuration_recorder(): "allSupported": False, "includeGlobalResourceTypes": False, "resourceTypes": ["AWS::EC2::Volume", "AWS::EC2::VPC"], + "exclusionByResourceTypes": {"resourceTypes": []}, }, } ) @@ -256,6 +261,24 @@ def test_put_configuration_recorder(): "recordingGroup" ]["allSupported"] + # Try this again, but this time, supply all the excess fields as empty: + client.put_configuration_recorder( + ConfigurationRecorder={ + "name": "testrecorder", + "roleARN": "somearn", + "recordingGroup": { + "allSupported": True, + "includeGlobalResourceTypes": True, + "resourceTypes": [], + "exclusionByResourceTypes": {"resourceTypes": []}, + "recordingStrategy": {"useOnly": "ALL_SUPPORTED_RESOURCE_TYPES"}, + }, + } + ) + assert client.describe_configuration_recorders()["ConfigurationRecorders"][0][ + "recordingGroup" + ]["allSupported"] + # Update again for exclusions: client.put_configuration_recorder( ConfigurationRecorder={