GetComplianceDetailsByConfigRule与 Amazon SDK 或 CLI 配合使用 - Amazon Config
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

GetComplianceDetailsByConfigRule与 Amazon SDK 或 CLI 配合使用

以下代码示例演示如何使用 GetComplianceDetailsByConfigRule

CLI
Amazon CLI

获取 Amazon Config 规则的评估结果

以下命令返回所有不符合名为的 Amazon Config 规则的资源的评估结果InstanceTypesAreT2micro

aws configservice get-compliance-details-by-config-rule --config-rule-name InstanceTypesAreT2micro --compliance-types NON_COMPLIANT

输出:

{ "EvaluationResults": [ { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.261, "ConfigRuleInvokedTime": 1450314642.948, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.18, "ConfigRuleInvokedTime": 1450314642.902, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-3a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314643.346, "ConfigRuleInvokedTime": 1450314643.124, "ComplianceType": "NON_COMPLIANT" } ] }
PowerShell
用于 PowerShell

示例 1:此示例获取规则的评估结果 access-keys-rotated 并返回按合规类型分组的输出

Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated | Group-Object ComplianceType

输出:

Count Name Group ----- ---- ----- 2 COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult} 5 NON_COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationRes...

示例 2:此示例查询合规资源的规则 access-keys-rotated 的合规性详细信息。

Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated -ComplianceType COMPLIANT | ForEach-Object {$_.EvaluationResultIdentifier.EvaluationResultQualifier}

输出:

ConfigRuleName ResourceId ResourceType -------------- ---------- ------------ access-keys-rotated BCAB1CDJ2LITAPVEW3JAH AWS::IAM::User access-keys-rotated BCAB1CDJ2LITL3EHREM4Q AWS::IAM::User

有关 S Amazon DK 开发者指南和代码示例的完整列表,请参阅Amazon Config 与 Amazon SDK 一起使用。本主题还包括有关入门的信息以及有关先前的 SDK 版本的详细信息。