AWS Config
开发人员指南
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

通过电子邮件监控 AWS Config 资源变更

如果您已将 AWS Config 设置为将配置变更和通知流式传输到 Amazon SNS 主题,则可通过电子邮件监控这些变更。这些电子邮件中可能包含配置历史记录、规则合规性、快照信息和变更通知。您也可以基于主题行或邮件正文设置电子邮件筛选条件,以查找特定变更。

通过邮件电子监控资源变更

  1. 如果您尚未执行此操作,请对 AWS Config 进行设置以将通知传递到 Amazon SNS 主题。有关更多信息,请参阅 使用控制台设置 AWS Config使用 AWS CLI 设置 AWS Config

  2. 通过以下网址打开 Amazon SNS 控制台:https://console.amazonaws.cn/sns/v2/home

  3. 在 Amazon SNS 控制台的导航窗格中,选择 Topics

  4. Topics 页面上,打开您在设置 AWS Config 时指定的 Amazon SNS 主题,方法是选择其在 ARN 列中的名称。

  5. Topic details 页面上,选择 Subscriptions 下的 Create subscription

  6. Create Subscription 对话框中,为 Protocol 选择 Email

  7. 对于 Endpoint,键入您要发送通知的电子邮件地址。

  8. 选择 Create subscription

    查看您的电子邮件是否有电子邮件确认。同时,控制台会在 Subscription ID 列中显示 PendingConfirmation

  9. 打开来自“AWS 通知”的电子邮件,然后选择 Confirm subscription

    提示

    如果您想监控特定资源或其他重要变更,则可在电子邮件应用程序中设置电子邮件筛选条件。

电子邮件格式和筛选条件示例

如果您创建了对 Amazon SNS 主题的电子邮件订阅,则可以按照主题行和消息正文中的信息筛选您接收到的电子邮件。要创建对 Amazon SNS 主题的订阅,请参阅 通过电子邮件监控 AWS Config 资源变更

电子邮件的主题行如以下示例所示:

Copy
[AWS Config:us-west-2] AWS::EC2::Instance i-12abcd3e Created in Account 123456789012

在电子邮件客户端应用程序中,您可以设置电子邮件筛选条件或规则,以查看特定更改或整理您收到的通知。例如,您可以按区域、资源类型、资源名称或 AWS 账户来整理电子邮件通知。电子邮件筛选条件可以帮助您管理来自多个账户的通知或您账户中的很多资源。

电子邮件订阅的消息正文通过 Email 协议创建,其中包含与您的 AWS 资源的创建、更新和删除事件相关的信息。以下示例显示了一份通过 Email 协议创建的电子邮件消息正文。此通知包含针对资源的配置项变更。

Copy
View the Timeline for this Resource in AWS Config Management Console: https://console.aws.amazon.com/config/home?region=us-west-2#/timeline/AWS:: EC2::Instance/i-12abcd3e New State and Change Record: ---------------------------- { "configurationItemDiff": { "changedProperties": {}, "changeType": "CREATE" }, "configurationItem": { "configurationItemVersion": "1.0", "configurationItemCaptureTime": "2015-03-19T21:20:35.737Z", "configurationStateId": 1, "relatedEvents": [ "4f8abc4f-6def-4g42-hi03-46j3b48k0lmn" ], "awsAccountId": "123456789012", "configurationItemStatus": "ResourceDiscovered", "resourceId": "i-92aeda5b", "ARN": "arn:aws:ec2:us-west-2:123456789012:instance/i-12abcd3e", "awsRegion": "us-west-2", "availabilityZone": "us-west-2c", "configurationStateMd5Hash": "123456789e0f930642026053208e", "resourceType": "AWS::EC2::Instance", "resourceCreationTime": "2015-03-19T21:13:05.000Z", "tags": {}, "relationships": [ { "resourceId": "abc-1234de56", "resourceType": "AWS::EC2::NetworkInterface", "name": "Contains NetworkInterface" }, { "resourceId": "ab-c12defg3", "resourceType": "AWS::EC2::SecurityGroup", "name": "Is associated with SecurityGroup" }, { "resourceId": "subnet-a1b2c3d4", "resourceType": "AWS::EC2::Subnet", "name": "Is contained in Subnet" }, { "resourceId": "vol-a1bc234d", "resourceType": "AWS::EC2::Volume", "name": "Is attached to Volume" }, { "resourceId": "vpc-a12bc345", "resourceType": "AWS::EC2::VPC", "name": "Is contained in Vpc" } ], "configuration": { "instanceId": "i-12abcd3e", "imageId": "ami-123a4567", "state": { "code": 16, "name": "running" }, "privateDnsName": "ip-000-00-0-000.us-west-2.compute.internal", "publicDnsName": "ec2-12-345-678-910.us-west-2.compute.amazonaws.com", "stateTransitionReason": "", "keyName": null, "amiLaunchIndex": 0, "productCodes": [], "instanceType": "t2.micro", "launchTime": "2015-03-19T21:13:05.000Z", "placement": { "availabilityZone": "us-west-2c", "groupName": "", "tenancy": "default" }, "kernelId": null, "ramdiskId": null, "platform": null, "monitoring": { "state": "disabled" }, "subnetId": "subnet-a1b2c3d4", "vpcId": "vpc-a12bc345", "privateIpAddress": "000.00.0.000", "publicIpAddress": "00.000.000.000", "stateReason": null, "architecture": "x86_64", "rootDeviceType": "ebs", "rootDeviceName": "/dev/abcd", "blockDeviceMappings": [ { "deviceName": "/dev/abcd", "ebs": { "volumeId": "vol-a1bc234d", "status": "attached", "attachTime": "2015-03-19T21:13:07.000Z", "deleteOnTermination": true } } ], "virtualizationType": "hvm", "instanceLifecycle": null, "spotInstanceRequestId": null, "clientToken": "ab1234c5-6d78-910-1112-13ef14g15hi16", "tags": [], "securityGroups": [ { "groupName": "default", "groupId": "sg-a12bcde3" } ], "sourceDestCheck": true, "hypervisor": "xen", "networkInterfaces": [ { "networkInterfaceId": "eni-1234ab56", "subnetId": "subnet-a1b2c3d4", "vpcId": "vpc-a12bc345", "description": "", "ownerId": "123456789012", "status": "in-use", "macAddress": "1a:23:45:67:b8", "privateIpAddress": "000.00.0.000", "privateDnsName": "ip-000-00-0-000.us-west-2.compute.internal", "sourceDestCheck": true, "groups": [ { "groupName": "default", "groupId": "sg-a12bcde3" } ], "attachment": { "attachmentId": "eni-attach-123a4b5c", "deviceIndex": 0, "status": "attached", "attachTime": "2015-03-19T21:13:05.000Z", "deleteOnTermination": true }, "association": { "publicIp": "00.000.000.000", "publicDnsName": "ec2-00-000-000-000.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" }, "privateIpAddresses": [ { "privateIpAddress": "000.00.0.000", "privateDnsName": "ip-000-00-0-000.us-west-2.compute.internal", "primary": true, "association": { "publicIp": "00.000.000.000", "publicDnsName": "ec2-000-00-0-000.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" } } ] } ], "iamInstanceProfile": null, "ebsOptimized": false, "sriovNetSupport": null } }, "notificationCreationTime": "2015-03-19T21:20:36.808Z", "messageType": "ConfigurationItemChangeNotification", "recordVersion": "1.2" }