AWS文件開發套件範例
搭配使用 DescribeComplianceByResource 與 CLI
下列程式碼範例示範如何使用 DescribeComplianceByResource。
- CLI
-
- AWS CLI
-
取得 AWS 資源的合規資訊
下列命令會傳回 AWS Config 所記錄,且違反一或多個規則的每個 EC2 執行個體的合規資訊:
aws configservice describe-compliance-by-resource --resource-typeAWS::EC2::Instance--compliance-typesNON_COMPLIANT在輸出中,每個
CappedCount屬性的值表示資源違反多少規則。例如,下列輸出表示執行個體i-1a2b3c4d違反 2 個規則。輸出:
{ "ComplianceByResources": [ { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-1a2b3c4d", "Compliance": { "ComplianceContributorCount": { "CappedCount": 2, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" } }, { "ResourceType": "AWS::EC2::Instance", "ResourceId": "i-2a2b3c4d ", "Compliance": { "ComplianceContributorCount": { "CappedCount": 3, "CapExceeded": false }, "ComplianceType": "NON_COMPLIANT" } } ] }-
如需 API 詳細資訊,請參閱《AWS CLI 命令參考》中的 DescribeComplianceByResource
。
-
- PowerShell
-
- Tools for PowerShell V4
-
範例 1:此範例會檢查 'COMPLIANT' 合規類型的
AWS::SSM::ManagedInstanceInventory資源類型。Get-CFGComplianceByResource -ComplianceType COMPLIANT -ResourceType AWS::SSM::ManagedInstanceInventory輸出:
Compliance ResourceId ResourceType ---------- ---------- ------------ Amazon.ConfigService.Model.Compliance i-0123bcf4b567890e3 AWS::SSM::ManagedInstanceInventory Amazon.ConfigService.Model.Compliance i-0a1234f6f5d6b78f7 AWS::SSM::ManagedInstanceInventory-
如需 API 詳細資訊,請參閱《AWS Tools for PowerShell Cmdlet 參考 (V4)》中的 DescribeComplianceByResource。
-
- Tools for PowerShell V5
-
範例 1:此範例會檢查 'COMPLIANT' 合規類型的
AWS::SSM::ManagedInstanceInventory資源類型。Get-CFGComplianceByResource -ComplianceType COMPLIANT -ResourceType AWS::SSM::ManagedInstanceInventory輸出:
Compliance ResourceId ResourceType ---------- ---------- ------------ Amazon.ConfigService.Model.Compliance i-0123bcf4b567890e3 AWS::SSM::ManagedInstanceInventory Amazon.ConfigService.Model.Compliance i-0a1234f6f5d6b78f7 AWS::SSM::ManagedInstanceInventory-
如需 API 詳細資訊,請參閱《AWS Tools for PowerShell Cmdlet 參考 (V5)》中的 DescribeComplianceByResource。
-
DescribeComplianceByConfigRule
DescribeConfigRuleEvaluationStatus