Use DescribeComplianceByConfigRule with a CLI - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use DescribeComplianceByConfigRule with a CLI

The following code examples show how to use DescribeComplianceByConfigRule.

CLI
Amazon CLI

To get compliance information for your Amazon Config rules

The following command returns compliance information for each Amazon Config rule that is violated by one or more Amazon resources:

aws configservice describe-compliance-by-config-rule --compliance-types NON_COMPLIANT

In the output, the value for each CappedCount attribute indicates how many resources do not comply with the related rule. For example, the following output indicates that 3 resources do not comply with the rule named InstanceTypesAreT2micro.

Output:

{
    "ComplianceByConfigRules": [
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 3,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "InstanceTypesAreT2micro"
        },
        {
            "Compliance": {
                "ComplianceContributorCount": {
                    "CappedCount": 10,
                    "CapExceeded": false
                },
                "ComplianceType": "NON_COMPLIANT"
            },
            "ConfigRuleName": "RequiredTagsForVolumes"
        }
    ]
}
PowerShell
Tools for PowerShell V4

Example 1: This example retrieves compliances details for the rule ebs-optimized-instance, for which there is no current evaluation results for the rule, hence it returns INSUFFICIENT_DATA

(Get-CFGComplianceByConfigRule -ConfigRuleName ebs-optimized-instance).Compliance

Output:

ComplianceContributorCount ComplianceType
-------------------------- --------------
                           INSUFFICIENT_DATA

Example 2: This example returns the number of non-compliant resources for the rule ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK.

(Get-CFGComplianceByConfigRule -ConfigRuleName ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK -ComplianceType NON_COMPLIANT).Compliance.ComplianceContributorCount

Output:

CapExceeded CappedCount
----------- -----------
False       2
Tools for PowerShell V5

Example 1: This example retrieves compliances details for the rule ebs-optimized-instance, for which there is no current evaluation results for the rule, hence it returns INSUFFICIENT_DATA

(Get-CFGComplianceByConfigRule -ConfigRuleName ebs-optimized-instance).Compliance

Output:

ComplianceContributorCount ComplianceType
-------------------------- --------------
                           INSUFFICIENT_DATA

Example 2: This example returns the number of non-compliant resources for the rule ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK.

(Get-CFGComplianceByConfigRule -ConfigRuleName ALB_HTTP_TO_HTTPS_REDIRECTION_CHECK -ComplianceType NON_COMPLIANT).Compliance.ComplianceContributorCount

Output:

CapExceeded CappedCount
----------- -----------
False       2

For a complete list of Amazon SDK developer guides and code examples, see Using Amazon Config with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.