Added supported resourceTypes for Config from July to November 2025

aws-sdk-dotnet-automation · aws-sdk-dotnet-automation · commit f03905a8fe62 · 2025-12-22T19:20:12.000Z
diff --git a/generator/ServiceModels/config/config-2014-11-12.api.json b/generator/ServiceModels/config/config-2014-11-12.api.json
@@ -5369,7 +5369,98 @@
         "AWS::S3Express::DirectoryBucket",
         "AWS::SageMaker::InferenceExperiment",
         "AWS::SecurityHub::Standard",
-        "AWS::Transfer::Profile"
+        "AWS::Transfer::Profile",
+        "AWS::CloudFormation::StackSet",
+        "AWS::MediaPackageV2::Channel",
+        "AWS::S3::AccessGrantsLocation",
+        "AWS::S3::AccessGrant",
+        "AWS::S3::AccessGrantsInstance",
+        "AWS::EMRServerless::Application",
+        "AWS::Config::AggregationAuthorization",
+        "AWS::Bedrock::ApplicationInferenceProfile",
+        "AWS::ApiGatewayV2::Integration",
+        "AWS::SageMaker::MlflowTrackingServer",
+        "AWS::SageMaker::ModelBiasJobDefinition",
+        "AWS::SecretsManager::RotationSchedule",
+        "AWS::Deadline::QueueFleetAssociation",
+        "AWS::ECR::RepositoryCreationTemplate",
+        "AWS::CloudFormation::LambdaHook",
+        "AWS::EC2::SubnetNetworkAclAssociation",
+        "AWS::ApiGateway::UsagePlan",
+        "AWS::AppConfig::Extension",
+        "AWS::Deadline::Fleet",
+        "AWS::EMR::Studio",
+        "AWS::S3Tables::TableBucket",
+        "AWS::CloudFront::RealtimeLogConfig",
+        "AWS::BackupGateway::Hypervisor",
+        "AWS::BCMDataExports::Export",
+        "AWS::CloudFormation::GuardHook",
+        "AWS::CloudFront::PublicKey",
+        "AWS::CloudTrail::EventDataStore",
+        "AWS::EntityResolution::IdMappingWorkflow",
+        "AWS::EntityResolution::SchemaMapping",
+        "AWS::IoT::DomainConfiguration",
+        "AWS::PCAConnectorAD::DirectoryRegistration",
+        "AWS::RDS::Integration",
+        "AWS::Config::ConformancePack",
+        "AWS::RolesAnywhere::Profile",
+        "AWS::CodeArtifact::Domain",
+        "AWS::Backup::RestoreTestingPlan",
+        "AWS::Config::StoredQuery",
+        "AWS::SageMaker::DataQualityJobDefinition",
+        "AWS::SageMaker::ModelExplainabilityJobDefinition",
+        "AWS::SageMaker::ModelQualityJobDefinition",
+        "AWS::SageMaker::StudioLifecycleConfig",
+        "AWS::SES::DedicatedIpPool",
+        "AWS::SES::MailManagerTrafficPolicy",
+        "AWS::SSM::ResourceDataSync",
+        "AWS::BedrockAgentCore::Runtime",
+        "AWS::BedrockAgentCore::BrowserCustom",
+        "AWS::ElasticLoadBalancingV2::TargetGroup",
+        "AWS::EMRContainers::VirtualCluster",
+        "AWS::EntityResolution::MatchingWorkflow",
+        "AWS::IoTCoreDeviceAdvisor::SuiteDefinition",
+        "AWS::EC2::SecurityGroupVpcAssociation",
+        "AWS::EC2::VerifiedAccessInstance",
+        "AWS::KafkaConnect::CustomPlugin",
+        "AWS::NetworkManager::TransitGatewayPeering",
+        "AWS::OpenSearchServerless::SecurityConfig",
+        "AWS::Redshift::Integration",
+        "AWS::RolesAnywhere::TrustAnchor",
+        "AWS::Route53Profiles::ProfileAssociation",
+        "AWS::SSMIncidents::ResponsePlan",
+        "AWS::Transfer::Server",
+        "AWS::Glue::Database",
+        "AWS::Organizations::OrganizationalUnit",
+        "AWS::EC2::IPAMPoolCidr",
+        "AWS::EC2::VPCGatewayAttachment",
+        "AWS::Bedrock::Prompt",
+        "AWS::Comprehend::Flywheel",
+        "AWS::DataSync::Agent",
+        "AWS::MediaTailor::LiveSource",
+        "AWS::MSK::ServerlessCluster",
+        "AWS::IoTSiteWise::Asset",
+        "AWS::B2BI::Capability",
+        "AWS::CloudFront::KeyValueStore",
+        "AWS::Deadline::Monitor",
+        "AWS::GuardDuty::MalwareProtectionPlan",
+        "AWS::Location::APIKey",
+        "AWS::MediaPackageV2::OriginEndpoint",
+        "AWS::PCAConnectorAD::Connector",
+        "AWS::S3Tables::TableBucketPolicy",
+        "AWS::SecretsManager::ResourcePolicy",
+        "AWS::SSMContacts::Contact",
+        "AWS::IoT::ThingGroup",
+        "AWS::ImageBuilder::LifecyclePolicy",
+        "AWS::GameLift::Build",
+        "AWS::ECR::ReplicationConfiguration",
+        "AWS::EC2::SubnetCidrBlock",
+        "AWS::Connect::SecurityProfile",
+        "AWS::CleanRoomsML::TrainingDataset",
+        "AWS::AppStream::AppBlockBuilder",
+        "AWS::Route53::DNSSEC",
+        "AWS::SageMaker::UserProfile",
+        "AWS::ApiGateway::Method"
       ]
     },
     "ResourceTypeList":{
diff --git a/generator/ServiceModels/config/config-2014-11-12.docs.json b/generator/ServiceModels/config/config-2014-11-12.docs.json
@@ -3433,7 +3433,7 @@
         "ConfigRuleEvaluationStatus$LastDebugLogDeliveryStatusReason": "<p>The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.</p>",
         "ConfigStreamDeliveryInfo$lastErrorCode": "<p>The error code from the last attempted delivery.</p>",
         "ConfigStreamDeliveryInfo$lastErrorMessage": "<p>The error message from the last attempted delivery.</p>",
-        "ConfigurationRecorder$roleARN": "<p>The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.</p> <note> <p> <b>The server will reject a request without a defined <code>roleARN</code> for the configuration recorder</b> </p> <p>While the API model does not require this field, the server will reject a request without a defined <code>roleARN</code> for the configuration recorder.</p> <p> <b>Policies and compliance results</b> </p> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM policies</a> and <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html\">other policies managed in Organizations</a> can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.</p> <p> <b>Keep Minimum Permisions When Reusing an IAM role</b> </p> <p>If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. </p> <p>For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.</p> <p> <b>The service-linked IAM role for Config must be used for service-linked configuration recorders</b> </p> <p>For service-linked configuration recorders, you must use the service-linked IAM role for Config: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/using-service-linked-roles.html\">AWSServiceRoleForConfig</a>.</p> </note>",
+        "ConfigurationRecorder$roleARN": "<p>The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.</p> <note> <p> <b>The server will reject a request without a defined <code>roleARN</code> for the configuration recorder</b> </p> <p>While the API model does not require this field, the server will reject a request without a defined <code>roleARN</code> for the configuration recorder.</p> <p> <b>Policies and compliance results</b> </p> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM policies</a> and <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html\">other policies managed in Organizations</a> can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.</p> <p> <b>Keep Minimum Permisions When Reusing an IAM role</b> </p> <p>If you use an Amazon Web Services service that uses Config, such as Security Hub CSPM or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. </p> <p>For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.</p> <p> <b>The service-linked IAM role for Config must be used for service-linked configuration recorders</b> </p> <p>For service-linked configuration recorders, you must use the service-linked IAM role for Config: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/using-service-linked-roles.html\">AWSServiceRoleForConfig</a>.</p> </note>",
         "ConfigurationRecorderStatus$name": "<p>The name of the configuration recorder.</p>",
         "ConfigurationRecorderStatus$lastErrorCode": "<p>The latest error code from when the recorder last failed.</p>",
         "ConfigurationRecorderStatus$lastErrorMessage": "<p>The latest error message from when the recorder last failed.</p>",
diff --git a/generator/ServiceModels/config/config-2014-11-12.normal.json b/generator/ServiceModels/config/config-2014-11-12.normal.json
@@ -2612,7 +2612,7 @@
         },
         "roleARN":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.</p> <note> <p> <b>The server will reject a request without a defined <code>roleARN</code> for the configuration recorder</b> </p> <p>While the API model does not require this field, the server will reject a request without a defined <code>roleARN</code> for the configuration recorder.</p> <p> <b>Policies and compliance results</b> </p> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM policies</a> and <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html\">other policies managed in Organizations</a> can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.</p> <p> <b>Keep Minimum Permisions When Reusing an IAM role</b> </p> <p>If you use an Amazon Web Services service that uses Config, such as Security Hub or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. </p> <p>For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.</p> <p> <b>The service-linked IAM role for Config must be used for service-linked configuration recorders</b> </p> <p>For service-linked configuration recorders, you must use the service-linked IAM role for Config: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/using-service-linked-roles.html\">AWSServiceRoleForConfig</a>.</p> </note>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role assumed by Config and used by the specified configuration recorder.</p> <note> <p> <b>The server will reject a request without a defined <code>roleARN</code> for the configuration recorder</b> </p> <p>While the API model does not require this field, the server will reject a request without a defined <code>roleARN</code> for the configuration recorder.</p> <p> <b>Policies and compliance results</b> </p> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM policies</a> and <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html\">other policies managed in Organizations</a> can impact whether Config has permissions to record configuration changes for your resources. Additionally, rules directly evaluate the configuration of a resource and rules don't take into account these policies when running evaluations. Make sure that the policies in effect align with how you intend to use Config.</p> <p> <b>Keep Minimum Permisions When Reusing an IAM role</b> </p> <p>If you use an Amazon Web Services service that uses Config, such as Security Hub CSPM or Control Tower, and an IAM role has already been created, make sure that the IAM role that you use when setting up Config keeps the same minimum permissions as the pre-existing IAM role. You must do this to ensure that the other Amazon Web Services service continues to run as expected. </p> <p>For example, if Control Tower has an IAM role that allows Config to read S3 objects, make sure that the same permissions are granted to the IAM role you use when setting up Config. Otherwise, it may interfere with how Control Tower operates.</p> <p> <b>The service-linked IAM role for Config must be used for service-linked configuration recorders</b> </p> <p>For service-linked configuration recorders, you must use the service-linked IAM role for Config: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/using-service-linked-roles.html\">AWSServiceRoleForConfig</a>.</p> </note>"
         },
         "recordingGroup":{
           "shape":"RecordingGroup",
@@ -8022,7 +8022,98 @@
         "AWS::S3Express::DirectoryBucket",
         "AWS::SageMaker::InferenceExperiment",
         "AWS::SecurityHub::Standard",
-        "AWS::Transfer::Profile"
+        "AWS::Transfer::Profile",
+        "AWS::CloudFormation::StackSet",
+        "AWS::MediaPackageV2::Channel",
+        "AWS::S3::AccessGrantsLocation",
+        "AWS::S3::AccessGrant",
+        "AWS::S3::AccessGrantsInstance",
+        "AWS::EMRServerless::Application",
+        "AWS::Config::AggregationAuthorization",
+        "AWS::Bedrock::ApplicationInferenceProfile",
+        "AWS::ApiGatewayV2::Integration",
+        "AWS::SageMaker::MlflowTrackingServer",
+        "AWS::SageMaker::ModelBiasJobDefinition",
+        "AWS::SecretsManager::RotationSchedule",
+        "AWS::Deadline::QueueFleetAssociation",
+        "AWS::ECR::RepositoryCreationTemplate",
+        "AWS::CloudFormation::LambdaHook",
+        "AWS::EC2::SubnetNetworkAclAssociation",
+        "AWS::ApiGateway::UsagePlan",
+        "AWS::AppConfig::Extension",
+        "AWS::Deadline::Fleet",
+        "AWS::EMR::Studio",
+        "AWS::S3Tables::TableBucket",
+        "AWS::CloudFront::RealtimeLogConfig",
+        "AWS::BackupGateway::Hypervisor",
+        "AWS::BCMDataExports::Export",
+        "AWS::CloudFormation::GuardHook",
+        "AWS::CloudFront::PublicKey",
+        "AWS::CloudTrail::EventDataStore",
+        "AWS::EntityResolution::IdMappingWorkflow",
+        "AWS::EntityResolution::SchemaMapping",
+        "AWS::IoT::DomainConfiguration",
+        "AWS::PCAConnectorAD::DirectoryRegistration",
+        "AWS::RDS::Integration",
+        "AWS::Config::ConformancePack",
+        "AWS::RolesAnywhere::Profile",
+        "AWS::CodeArtifact::Domain",
+        "AWS::Backup::RestoreTestingPlan",
+        "AWS::Config::StoredQuery",
+        "AWS::SageMaker::DataQualityJobDefinition",
+        "AWS::SageMaker::ModelExplainabilityJobDefinition",
+        "AWS::SageMaker::ModelQualityJobDefinition",
+        "AWS::SageMaker::StudioLifecycleConfig",
+        "AWS::SES::DedicatedIpPool",
+        "AWS::SES::MailManagerTrafficPolicy",
+        "AWS::SSM::ResourceDataSync",
+        "AWS::BedrockAgentCore::Runtime",
+        "AWS::BedrockAgentCore::BrowserCustom",
+        "AWS::ElasticLoadBalancingV2::TargetGroup",
+        "AWS::EMRContainers::VirtualCluster",
+        "AWS::EntityResolution::MatchingWorkflow",
+        "AWS::IoTCoreDeviceAdvisor::SuiteDefinition",
+        "AWS::EC2::SecurityGroupVpcAssociation",
+        "AWS::EC2::VerifiedAccessInstance",
+        "AWS::KafkaConnect::CustomPlugin",
+        "AWS::NetworkManager::TransitGatewayPeering",
+        "AWS::OpenSearchServerless::SecurityConfig",
+        "AWS::Redshift::Integration",
+        "AWS::RolesAnywhere::TrustAnchor",
+        "AWS::Route53Profiles::ProfileAssociation",
+        "AWS::SSMIncidents::ResponsePlan",
+        "AWS::Transfer::Server",
+        "AWS::Glue::Database",
+        "AWS::Organizations::OrganizationalUnit",
+        "AWS::EC2::IPAMPoolCidr",
+        "AWS::EC2::VPCGatewayAttachment",
+        "AWS::Bedrock::Prompt",
+        "AWS::Comprehend::Flywheel",
+        "AWS::DataSync::Agent",
+        "AWS::MediaTailor::LiveSource",
+        "AWS::MSK::ServerlessCluster",
+        "AWS::IoTSiteWise::Asset",
+        "AWS::B2BI::Capability",
+        "AWS::CloudFront::KeyValueStore",
+        "AWS::Deadline::Monitor",
+        "AWS::GuardDuty::MalwareProtectionPlan",
+        "AWS::Location::APIKey",
+        "AWS::MediaPackageV2::OriginEndpoint",
+        "AWS::PCAConnectorAD::Connector",
+        "AWS::S3Tables::TableBucketPolicy",
+        "AWS::SecretsManager::ResourcePolicy",
+        "AWS::SSMContacts::Contact",
+        "AWS::IoT::ThingGroup",
+        "AWS::ImageBuilder::LifecyclePolicy",
+        "AWS::GameLift::Build",
+        "AWS::ECR::ReplicationConfiguration",
+        "AWS::EC2::SubnetCidrBlock",
+        "AWS::Connect::SecurityProfile",
+        "AWS::CleanRoomsML::TrainingDataset",
+        "AWS::AppStream::AppBlockBuilder",
+        "AWS::Route53::DNSSEC",
+        "AWS::SageMaker::UserProfile",
+        "AWS::ApiGateway::Method"
       ]
     },
     "ResourceTypeList":{
diff --git a/sdk/src/Services/ConfigService/Generated/Model/ConfigurationRecorder.cs b/sdk/src/Services/ConfigService/Generated/Model/ConfigurationRecorder.cs
@@ -257,11 +257,11 @@ internal bool IsSetRecordingScope()
         /// </para>
         ///  
         /// <para>
-        /// If you use an Amazon Web Services service that uses Config, such as Security Hub or
-        /// Control Tower, and an IAM role has already been created, make sure that the IAM role
-        /// that you use when setting up Config keeps the same minimum permissions as the pre-existing
-        /// IAM role. You must do this to ensure that the other Amazon Web Services service continues
-        /// to run as expected. 
+        /// If you use an Amazon Web Services service that uses Config, such as Security Hub CSPM
+        /// or Control Tower, and an IAM role has already been created, make sure that the IAM
+        /// role that you use when setting up Config keeps the same minimum permissions as the
+        /// pre-existing IAM role. You must do this to ensure that the other Amazon Web Services
+        /// service continues to run as expected. 
         /// </para>
         ///  
         /// <para>
diff --git a/sdk/src/Services/ConfigService/Generated/ServiceEnumerations.cs b/sdk/src/Services/ConfigService/Generated/ServiceEnumerations.cs
