配置合规性演示 (AWS CLI) - AWS Systems Manager
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

如果我们为英文版本指南提供翻译,那么如果存在任何冲突,将以英文版本指南为准。在提供翻译时使用机器翻译。

配置合规性演示 (AWS CLI)

以下程序将引导您完成使用 PutCompliance项目 API操作 将自定义合规元数据分配给资源。您还可以使用此API操作 手动将修补程序或关联合规元数据分配给实例,如 演示之后。有关自定义合规性的详细信息,请参阅 关于自定义合规性.

要将自定义合规元数据分配给托管实例(AWS CLI)

  1. 安装并配置 AWS CLI(如果尚未执行该操作)。

    有关信息,请参阅安装或升级 AWS 命令行工具

  2. 运行下列命令以将自定义合规元数据分配给实例。目前唯一支持的资源类型是 ManagedInstance.

    Linux
    aws ssm put-compliance-items \ --resource-id instance_ID \ --resource-type ManagedInstance \ --compliance-type Custom:user-defined_string \ --execution-summary ExecutionTime=user-defined_time_and/or_date_value \ --items Id=user-defined_ID,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT
    Windows
    aws ssm put-compliance-items ^ --resource-id instance_ID ^ --resource-type ManagedInstance ^ --compliance-type Custom:user-defined_string ^ --execution-summary ExecutionTime=user-defined_time_and/or_date_value ^ --items Id=user-defined_ID,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT
  3. 重复上一步,将其他自定义合规元数据分配给 一个或多个实例。您还可以手动分配修补程序或关联 使用下列命令将合规元数据转换为托管实例:

    关联合规元数据

    Linux
    aws ssm put-compliance-items \ --resource-id instance_ID \ --resource-type ManagedInstance \ --compliance-type Association \ --execution-summary ExecutionTime=user-defined_time_and/or_date_value \ --items Id=user-defined_ID,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT
    Windows
    aws ssm put-compliance-items ^ --resource-id instance_ID ^ --resource-type ManagedInstance ^ --compliance-type Association ^ --execution-summary ExecutionTime=user-defined_time_and/or_date_value ^ --items Id=user-defined_ID,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT

    贴片合规元数据

    Linux
    aws ssm put-compliance-items \ --resource-id instance_ID \ --resource-type ManagedInstance \ --compliance-type Patch \ --execution-summary ExecutionTime=user-defined_time_and/or_date_value,ExecutionId=user-defined_ID,ExecutionType=Command \ --items Id=for_example, KB12345,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT,Details="{PatchGroup=name_of_group,PatchSeverity=the_patch_severity, for example, CRITICAL}"
    Windows
    aws ssm put-compliance-items ^ --resource-id instance_ID ^ --resource-type ManagedInstance ^ --compliance-type Patch ^ --execution-summary ExecutionTime=user-defined_time_and/or_date_value,ExecutionId=user-defined_ID,ExecutionType=Command ^ --items Id=for_example, KB12345,Title=user-defined_title,Severity=one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED,Status=COMPLIANT or NON_COMPLIANT,Details="{PatchGroup=name_of_group,PatchSeverity=the_patch_severity, for example, CRITICAL}"
  4. 运行下列命令以查看特定 托管实例。使用过滤器深入分析特定依从性 数据。

    Linux
    aws ssm list-compliance-items \ --resource-ids instance_ID \ --resource-types ManagedInstance \ --filters one_or_more_filters
    Windows
    aws ssm list-compliance-items ^ --resource-ids instance_ID ^ --resource-types ManagedInstance ^ --filters one_or_more_filters

    以下示例向您展示了如何通过过滤器使用这个命令。

    Linux
    aws ssm list-compliance-items \ --resource-ids i-1234567890abcdef0 \ --resource-type ManagedInstance \ --filters Key=DocumentName,Values=AWS-RunPowerShellScript Key=Status,Values=NON_COMPLIANT,Type=NotEqual Key=Id,Values=cee20ae7-6388-488e-8be1-a88cc6c46dcc Key=Severity,Values=UNSPECIFIED
    Windows
    aws ssm list-compliance-items ^ --resource-ids i-1234567890abcdef0 ^ --resource-type ManagedInstance ^ --filters Key=DocumentName,Values=AWS-RunPowerShellScript Key=Status,Values=NON_COMPLIANT,Type=NotEqual Key=Id,Values=cee20ae7-6388-488e-8be1-a88cc6c46dcc Key=Severity,Values=UNSPECIFIED
    Linux
    aws ssm list-resource-compliance-summaries \ --filters Key=OverallSeverity,Values=UNSPECIFIED
    Windows
    aws ssm list-resource-compliance-summaries ^ --filters Key=OverallSeverity,Values=UNSPECIFIED
    Linux
    aws ssm list-resource-compliance-summaries \ --filters Key=OverallSeverity,Values=UNSPECIFIED Key=ComplianceType,Values=Association Key=InstanceId,Values=i-1234567890abcdef0
    Windows
    aws ssm list-resource-compliance-summaries ^ --filters Key=OverallSeverity,Values=UNSPECIFIED Key=ComplianceType,Values=Association Key=InstanceId,Values=i-1234567890abcdef0
  5. 运行下列命令以查看合规状态摘要。使用 筛选器,以深入了解特定合规数据。

    aws ssm list-resource-compliance-summaries --filters One or more filters.

    以下示例向您展示了如何通过过滤器使用这个命令。

    Linux
    aws ssm list-resource-compliance-summaries \ --filters Key=ExecutionType,Values=Command
    Windows
    aws ssm list-resource-compliance-summaries ^ --filters Key=ExecutionType,Values=Command
    Linux
    aws ssm list-resource-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=OverallSeverity,Values=CRITICAL
    Windows
    aws ssm list-resource-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=OverallSeverity,Values=CRITICAL
  6. 运行下列命令以查看合规和 合规类型的不合规资源。使用过滤器深入分析 特定依从性数据。

    aws ssm list-compliance-summaries --filters One or more filters.

    以下示例向您展示了如何通过过滤器使用这个命令。

    Linux
    aws ssm list-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=PatchGroup,Values=TestGroup
    Windows
    aws ssm list-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=PatchGroup,Values=TestGroup
    Linux
    aws ssm list-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=ExecutionId,Values=4adf0526-6aed-4694-97a5-145222f4c2b6
    Windows
    aws ssm list-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=ExecutionId,Values=4adf0526-6aed-4694-97a5-145222f4c2b6