Copy page

AWS

Config Inventory

Fetches a full inventory snapshot of AWS resource configurations using AWS Config's SelectResourceConfig API.

Details

AWS Config continuously records the configuration state of your AWS resources. This input queries AWS Config to retrieve a full snapshot of resource configurations for one or more resource types. Each record includes the resource's ID, type, ARN, account, region, configuration details, tags, and relationships.

Use this input to build an up-to-date asset inventory or to detect configuration drift across your AWS environment.

Functionality

On each run, Monad queries AWS Config for every resource type listed in Resource Types. For each type, it pages through all results and emits one record per resource. Resources with a configurationItemStatus of ResourceNotRecorded are skipped. Every run is a full snapshot — there is no incremental cursor.

Requirements

• AWS Config must be enabled with an active configuration recorder in the target region.
• The authenticated principal must have the following IAM permission:

Code
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "config:SelectResourceConfig"
      ],
      "Resource": "*"
    }
  ]
}

Configuration

Settings

Setting	Type	Required	Description
Region	string	Yes	The AWS region to query AWS Config in.
Authentication	one of	Yes	Authentication method. Choose IAM Role (recommended) or Static Credentials.
Resource Types	array of string	Yes	One or more AWS Config resource type strings to query. At least one value is required.

IAM Role (recommended)

Field	Type	Required	Description
Role ARN	string	Yes	ARN of the IAM role to assume (e.g. arn:aws:iam::123456789012:role/MonadRole).

Static Credentials

Field	Type	Required	Description
Access Key	secret	Yes	AWS access key ID.
Secret Key	secret	Yes	AWS secret access key.

Resource Types

The Resource Types field accepts any valid AWS Config resource type string. The full list of supported resource types is maintained by AWS:

• AWS Config supported resource types

Common examples:

Resource Type	Description
AWS::EC2::Instance	EC2 instances
AWS::EC2::SecurityGroup	EC2 security groups
AWS::EC2::VPC	VPCs
AWS::S3::Bucket	S3 buckets
AWS::IAM::Role	IAM roles
AWS::IAM::User	IAM users
AWS::IAM::Policy	IAM policies
AWS::RDS::DBInstance	RDS database instances
AWS::Lambda::Function	Lambda functions
AWS::EKS::Cluster	EKS clusters
AWS::KMS::Key	KMS keys
AWS::CloudTrail::Trail	CloudTrail trails

Related Articles

• AWS Config User Guide
• AWS Config supported resource types
• SelectResourceConfig API Reference

Sample Record

Code
{
  "resourceId": "i-0a1b2c3d4e5f67890",
  "resourceType": "AWS::EC2::Instance",
  "resourceName": "web-server-01",
  "arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-0a1b2c3d4e5f67890",
  "accountId": "123456789012",
  "awsRegion": "us-east-1",
  "availabilityZone": "us-east-1a",
  "configurationItemCaptureTime": "2026-05-07T12:00:00Z",
  "configurationItemStatus": "OK",
  "resourceCreationTime": "2026-01-15T08:30:00Z",
  "configuration": {
    "instanceId": "i-0a1b2c3d4e5f67890",
    "instanceType": "t3.medium",
    "imageId": "ami-0abcdef1234567890",
    "state": {
      "code": 16,
      "name": "running"
    },
    "privateIpAddress": "10.0.1.42",
    "publicIpAddress": "54.210.100.1",
    "vpcId": "vpc-0abc123def456789",
    "subnetId": "subnet-0abc123def456789",
    "architecture": "x86_64"
  },
  "tags": [
    { "key": "Name", "value": "web-server-01" },
    { "key": "Environment", "value": "production" }
  ],
  "relationships": [
    {
      "resourceType": "AWS::EC2::VPC",
      "resourceId": "vpc-0abc123def456789",
      "name": "Is contained in Vpc"
    }
  ]
}