使用 AWS CLI 记录资源
您可以使用 AWS CLI 选择您希望 AWS Config 记录的资源类型。为此,您可以创建一个客户管理的配置记录器,以记录您在记录组中指定的资源类型。在记录组中,您可以指定是要记录所有受支持的资源类型,还是包括或排除特定类型的资源。
- Record all current and future supported resource types
-
设置,AWS Config以记录该区域中所有当前和未来支持的资源类型的配置更改。有关支持的资源类型列表,请参阅支持的资源类型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group字段。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder字段configurationRecorder.json文件指定配置记录器的name和roleArn以及默认记录频率(recordingMode)。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group字段recordingGroup.json文件指定要记录哪些资源类型。{ "allSupported": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "includeGlobalResourceTypes": true }有关这些字段的更多信息,请参阅《AWS CLI 命令参考》中的
put-configuration-recorder -
(可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下
describe-configuration-recorders命令。$ aws configservice describe-configuration-recorders以下为响应示例。
{ "ConfigurationRecorders": [ { "name": "default" "recordingGroup": { "allSupported": true, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
- Record all current and future supported resources types excluding the types you specify
-
设置,AWS Config以记录包括全局资源类型在内的所有当前和未来支持的资源类型的配置更改,但您指定要从记录中排除的资源类型除外。
如果您选择停止记录某一资源类型,则已记录的配置项将保持不变。有关支持的资源类型列表,请参阅支持的资源类型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group字段。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder字段configurationRecorder.json文件指定配置记录器的name和roleArn以及默认记录频率(recordingMode)。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group字段recordingGroup.json文件指定 AWS Config 将记录的资源类型。在exclusionByResourceTypes的resourceTypes字段中传递一个或多个要排除的资源类型,如以下示例所示。{ "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, }有关这些字段的更多信息,请参阅《AWS CLI 命令参考》中的
put-configuration-recorder -
(可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下
describe-configuration-recorders命令。$aws configservice describe-configuration-recorders以下为响应示例。
{ "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
- Record specific resource types
-
设置,AWS Config以仅记录您指定的资源类型的配置更改。
如果您选择停止记录某一资源类型,则已记录的配置项将保持不变。有关支持的资源类型列表,请参阅支持的资源类型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group字段。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder字段configurationRecorder.json文件指定配置记录器的name和roleArn以及默认记录频率(recordingMode)。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group字段recordingGroup.json文件指定 AWS Config 将记录的资源类型。在resourceTypes字段中传递一个或多个要排除的资源类型,如以下示例所示。{ "allSupported": false, "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "includeGlobalResourceTypes": false, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }有关这些字段的更多信息,请参阅《AWS CLI 命令参考》中的
put-configuration-recorder -
(可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下
describe-configuration-recorders命令。$aws configservice describe-configuration-recorders以下为响应示例。
{ "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": false "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
