There are more AWS SDK examples available in the AWS Doc SDK Examples
Use GetComplianceDetailsByConfigRule with a CLI
The following code examples show how to use GetComplianceDetailsByConfigRule.
- CLI
-
- AWS CLI
-
To get the evaluation results for an AWS Config rule
The following command returns the evaluation results for all of the resources that don't comply with an AWS Config rule named
InstanceTypesAreT2micro:aws configservice get-compliance-details-by-config-rule --config-rule-nameInstanceTypesAreT2micro--compliance-typesNON_COMPLIANTOutput:
{ "EvaluationResults": [ { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.261, "ConfigRuleInvokedTime": 1450314642.948, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314645.18, "ConfigRuleInvokedTime": 1450314642.902, "ComplianceType": "NON_COMPLIANT" }, { "EvaluationResultIdentifier": { "OrderingTimestamp": 1450314635.065, "EvaluationResultQualifier": { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-3a2b3c4d", "ConfigRuleName": "InstanceTypesAreT2micro" } }, "ResultRecordedTime": 1450314643.346, "ConfigRuleInvokedTime": 1450314643.124, "ComplianceType": "NON_COMPLIANT" } ] }-
For API details, see GetComplianceDetailsByConfigRule
in AWS CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell V4
-
Example 1: This example obtains the evaluation results for the rule access-keys-rotated and returns the output grouped by compliance-type
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated | Group-Object ComplianceTypeOutput:
Count Name Group ----- ---- ----- 2 COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult} 5 NON_COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationRes...Example 2: This example queries compliance details for the rule access-keys-rotated for COMPLIANT resources.
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated -ComplianceType COMPLIANT | ForEach-Object {$_.EvaluationResultIdentifier.EvaluationResultQualifier}Output:
ConfigRuleName ResourceId ResourceType -------------- ---------- ------------ access-keys-rotated BCAB1CDJ2LITAPVEW3JAH AWS::IAM::User access-keys-rotated BCAB1CDJ2LITL3EHREM4Q AWS::IAM::User-
For API details, see GetComplianceDetailsByConfigRule in AWS Tools for PowerShell Cmdlet Reference (V4).
-
- Tools for PowerShell V5
-
Example 1: This example obtains the evaluation results for the rule access-keys-rotated and returns the output grouped by compliance-type
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated | Group-Object ComplianceTypeOutput:
Count Name Group ----- ---- ----- 2 COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult} 5 NON_COMPLIANT {Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationResult, Amazon.ConfigService.Model.EvaluationRes...Example 2: This example queries compliance details for the rule access-keys-rotated for COMPLIANT resources.
Get-CFGComplianceDetailsByConfigRule -ConfigRuleName access-keys-rotated -ComplianceType COMPLIANT | ForEach-Object {$_.EvaluationResultIdentifier.EvaluationResultQualifier}Output:
ConfigRuleName ResourceId ResourceType -------------- ---------- ------------ access-keys-rotated BCAB1CDJ2LITAPVEW3JAH AWS::IAM::User access-keys-rotated BCAB1CDJ2LITL3EHREM4Q AWS::IAM::User-
For API details, see GetComplianceDetailsByConfigRule in AWS Tools for PowerShell Cmdlet Reference (V5).
-
