Use GetComplianceDetailsByConfigRule
with an Amazon SDK or CLI
The following code examples show how to use GetComplianceDetailsByConfigRule
.
- CLI
-
- Amazon CLI
-
To get the evaluation results for an Amazon Config rule
The following command returns the evaluation results for all of the resources that don't comply with an Amazon Config rule named
InstanceTypesAreT2micro
:aws configservice get-compliance-details-by-config-rule --config-rule-name
InstanceTypesAreT2micro
--compliance-typesNON_COMPLIANT
Output:
{ "EvaluationResults": [ { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.261, "ConfigRuleInvokedTime": 1450314642.948, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.18, "ConfigRuleInvokedTime": 1450314642.902, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-3a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314643.346, "ConfigRuleInvokedTime": 1450314643.124, "ComplianceType": "NON_COMPLIANT" } ] }
-
For API details, see GetComplianceDetailsByConfigRule
in Amazon CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example obtains the evaluation results for the rule access-keys-rotated and returns the output grouped by compliance-type
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated | Group-Object ComplianceType
Output:
Count Name Group ----- ---- ----- 2 COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult} 5 NON_COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationRes...
Example 2: This example queries compliance details for the rule access-keys-rotated for COMPLIANT resources.
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated -ComplianceType COMPLIANT | ForEach-Object {$_.EvaluationResultIdentifier.EvaluationResultQualifier}
Output:
ConfigRuleName ResourceId ResourceType -------------- ---------- ------------ access-keys-rotated BCAB1CDJ2LITAPVEW3JAH AWS::IAM::User access-keys-rotated BCAB1CDJ2LITL3EHREM4Q AWS::IAM::User
-
For API details, see GetComplianceDetailsByConfigRule
in Amazon Tools for PowerShell Cmdlet Reference.
-
For a complete list of Amazon SDK developer guides and code examples, see Using Amazon Config with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.