• 2026 年 4 月 30 日之後將不再提供 AWS Systems Manager CloudWatch Dashboard。客戶可以繼續使用 Amazon CloudWatch 主控台來檢視、建立和管理其 Amazon CloudWatch 儀表板,就像現在一樣。如需詳細資訊,請參閱 [Amazon CloudWatch Dashboard 文件](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html)。 本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 使用 指派自訂合規中繼資料 AWS CLI 下列程序會逐步引導您使用 AWS Command Line Interface (AWS CLI) 呼叫 AWS Systems Manager [PutComplianceItems](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutComplianceItems.html) API 操作,將自訂合規中繼資料指派給資源。您也可以使用此 API 操作,手動將修補程式或關聯合規中繼資料指派至受管節點,如以下演練中所示。如需自訂合規的詳細資訊,請參閱 [關於自訂合規](compliance-about.md#compliance-custom)。 **將自訂合規中繼資料指派給受管執行個體 (AWS CLI)** 1. 如果您尚未安裝和設定 AWS Command Line Interface (AWS CLI)。 如需相關資訊,請參閱[安裝或更新最新版本的 AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)。 1. 執行以下命令,將自訂合規中繼資料指派給受管節點。將每個{{範例資源預留位置}}取代為您自己的資訊。`ResourceType` 參數僅支援 `ManagedInstance` 的值。即使您將自訂合規中繼資料指派給受管 AWS IoT Greengrass 核心裝置,也請指定此值。 ------ #### [ Linux & macOS ] ``` aws ssm put-compliance-items \ --resource-id {{instance_ID}} \ --resource-type ManagedInstance \ --compliance-type Custom:{{user-defined_string}} \ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}} \ --items Id={{user-defined_ID}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}} ``` ------ #### [ Windows ] ``` aws ssm put-compliance-items ^ --resource-id {{instance_ID}} ^ --resource-type ManagedInstance ^ --compliance-type Custom:{{user-defined_string}} ^ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}} ^ --items Id={{user-defined_ID}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}} ``` ------ 1. 重複之前的步驟,以指派更多自訂合規中繼資料到一個以上的節點。您也可以使用下列命令,手動指派修補程式或關聯合規中繼資料到受管節點: 關聯合規中繼資料 ------ #### [ Linux & macOS ] ``` aws ssm put-compliance-items \ --resource-id {{instance_ID}} \ --resource-type ManagedInstance \ --compliance-type Association \ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}} \ --items Id={{user-defined_ID}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}} ``` ------ #### [ Windows ] ``` aws ssm put-compliance-items ^ --resource-id {{instance_ID}} ^ --resource-type ManagedInstance ^ --compliance-type Association ^ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}} ^ --items Id={{user-defined_ID}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}} ``` ------ 修補程式合規中繼資料 ------ #### [ Linux & macOS ] ``` aws ssm put-compliance-items \ --resource-id {{instance_ID}} \ --resource-type ManagedInstance \ --compliance-type Patch \ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}},ExecutionId={{user-defined_ID}},ExecutionType=Command \ --items Id={{for_example, KB12345}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}},Details="{PatchGroup={{name_of_group}},PatchSeverity={{the_patch_severity, for example, CRITICAL}}}" ``` ------ #### [ Windows ] ``` aws ssm put-compliance-items ^ --resource-id {{instance_ID}} ^ --resource-type ManagedInstance ^ --compliance-type Patch ^ --execution-summary ExecutionTime={{user-defined_time_and/or_date_value}},ExecutionId={{user-defined_ID}},ExecutionType=Command ^ --items Id={{for_example, KB12345}},Title={{user-defined_title}},Severity={{one_or_more_comma-separated_severities:CRITICAL, MAJOR, MINOR,INFORMATIONAL, or UNSPECIFIED}},Status={{COMPLIANT or NON_COMPLIANT}},Details="{PatchGroup={{name_of_group}},PatchSeverity={{the_patch_severity, for example, CRITICAL}}}" ``` ------ 1. 執行以下命令來檢視特定受管節點的合規項目清單。使用篩選條件來深入檢視特定的合規資料。 ------ #### [ Linux & macOS ] ``` aws ssm list-compliance-items \ --resource-ids {{instance_ID}} \ --resource-types ManagedInstance \ --filters {{one_or_more_filters}} ``` ------ #### [ Windows ] ``` aws ssm list-compliance-items ^ --resource-ids {{instance_ID}} ^ --resource-types ManagedInstance ^ --filters {{one_or_more_filters}} ``` ------ 以下範例說明如何搭配篩選條件使用此命令。 ------ #### [ Linux & macOS ] ``` aws ssm list-compliance-items \ --resource-ids i-02573cafcfEXAMPLE \ --resource-type ManagedInstance \ --filters Key=DocumentName,Values=AWS-RunPowerShellScript Key=Status,Values=NON_COMPLIANT,Type=NotEqual Key=Id,Values=cee20ae7-6388-488e-8be1-a88ccEXAMPLE Key=Severity,Values=UNSPECIFIED ``` ------ #### [ Windows ] ``` aws ssm list-compliance-items ^ --resource-ids i-02573cafcfEXAMPLE ^ --resource-type ManagedInstance ^ --filters Key=DocumentName,Values=AWS-RunPowerShellScript Key=Status,Values=NON_COMPLIANT,Type=NotEqual Key=Id,Values=cee20ae7-6388-488e-8be1-a88ccEXAMPLE Key=Severity,Values=UNSPECIFIED ``` ------ ------ #### [ Linux & macOS ] ``` aws ssm list-resource-compliance-summaries \ --filters Key=OverallSeverity,Values=UNSPECIFIED ``` ------ #### [ Windows ] ``` aws ssm list-resource-compliance-summaries ^ --filters Key=OverallSeverity,Values=UNSPECIFIED ``` ------ ------ #### [ Linux & macOS ] ``` aws ssm list-resource-compliance-summaries \ --filters Key=OverallSeverity,Values=UNSPECIFIED Key=ComplianceType,Values=Association Key=InstanceId,Values=i-02573cafcfEXAMPLE ``` ------ #### [ Windows ] ``` aws ssm list-resource-compliance-summaries ^ --filters Key=OverallSeverity,Values=UNSPECIFIED Key=ComplianceType,Values=Association Key=InstanceId,Values=i-02573cafcfEXAMPLE ``` ------ 1. 執行下列命令以檢視合規狀態摘要。使用篩選條件來深入檢視特定的合規資料。 ``` aws ssm list-resource-compliance-summaries --filters {{One or more filters.}} ``` 以下範例說明如何搭配篩選條件使用此命令。 ------ #### [ Linux & macOS ] ``` aws ssm list-resource-compliance-summaries \ --filters Key=ExecutionType,Values=Command ``` ------ #### [ Windows ] ``` aws ssm list-resource-compliance-summaries ^ --filters Key=ExecutionType,Values=Command ``` ------ ------ #### [ Linux & macOS ] ``` aws ssm list-resource-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=OverallSeverity,Values=CRITICAL ``` ------ #### [ Windows ] ``` aws ssm list-resource-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=OverallSeverity,Values=CRITICAL ``` ------ 1. 執行以下命令以檢視合規類型的合規與不合規資源計數摘要。使用篩選條件來深入檢視特定的合規資料。 ``` aws ssm list-compliance-summaries --filters {{One or more filters.}} ``` 以下範例說明如何搭配篩選條件使用此命令。 ------ #### [ Linux & macOS ] ``` aws ssm list-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=PatchGroup,Values=TestGroup ``` ------ #### [ Windows ] ``` aws ssm list-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=PatchGroup,Values=TestGroup ``` ------ ------ #### [ Linux & macOS ] ``` aws ssm list-compliance-summaries \ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=ExecutionId,Values=4adf0526-6aed-4694-97a5-14522EXAMPLE ``` ------ #### [ Windows ] ``` aws ssm list-compliance-summaries ^ --filters Key=AWS:InstanceInformation.PlatformType,Values=Windows Key=ExecutionId,Values=4adf0526-6aed-4694-97a5-14522EXAMPLE ``` ------