本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 使用 AWS Backup API 创建报告计划 您也可以通过编程方式使用报告计划。 有两种类型的报告。一种是**作业报告**,它显示过去 24 小时内完成的作业以及所有活动作业。另一种报告是**合规性报告**。合规性报告可以监控资源级别或有效的不同控件。创建报告时,您可以选择要创建的报告类型。 与*备份计划*类似,您可以创建*报告计划*来自动创建报告并定义其目的地 Amazon S3 存储桶。报告计划要求您拥有 S3 存储桶才能接收报告。有关设置新 S3 存储桶的说明,请参阅《Amazon Simple Storage Service 用户指南》**中的[步骤 1:创建您的第一个 S3 存储桶](https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html#creating-bucket)。 如果您使用自定义 KMS 密钥加密存储桶,则 KMS 密钥策略必须满足以下要求: + `Principal` 属性必须包含 Backup Audit Manager 服务相关角色 [https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports) ARN。 + `Action` 属性必须至少包含 `kms:GenerateDataKey` 和 `kms:Decrypt`。 该策略[AWSServiceRolePolicyForBackupReports](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports)具有这些权限。 对于单账户、单区域报告,请使用以下语法调用 [CreateReportPlan](API_CreateReportPlan.md)。 ``` { "ReportPlanName": "string", "ReportPlanDescription": "string", "ReportSetting": { "ReportTemplate": enum, // Can be RESOURCE_COMPLIANCE_REPORT, CONTROL_COMPLIANCE_REPORT, BACKUP_JOB_REPORT, COPY_JOB_REPORT, or RESTORE_JOB_REPORT. Only include "ReportCoverageList" if your report is a COMPLIANCE_REPORT. "ReportDeliveryChannel": { "S3BucketName": "string", "S3KeyPrefix": "string", "Formats": [ enum ] // Optional. Can be either CSV, JSON, or both. Default is CSV if left blank. }, "ReportPlanTags": { "string" : "string" // Optional. }, "IdempotencyToken": "string" } ``` 当您使用报告计划的唯一名称调用 [DescribeReportPlan](API_DescribeReportPlan.md) 时, AWS Backup API 会响应并返回以下信息。 ``` { "ReportPlanArn": "string", "ReportPlanName": "string", "ReportPlanDescription": "string", "ReportSetting": { "ReportTemplate": enum, }, "ReportDeliveryChannel": { "S3BucketName": "string", "S3KeyPrefix": "string", "Formats": [ enum ] }, "DeploymentStatus": enum "CreationTime": timestamp, "LastAttemptExecutionTime": timestamp, "LastSuccessfulExecutionTime": timestamp } ``` 对于多账户、多区域报告,请使用以下语法调用 [CreateReportPlan](API_CreateReportPlan.md)。 ``` { "IdempotencyToken": "string", "ReportDeliveryChannel": { "Formats": [ "string" ], *//Organization report only support CSV file* "S3BucketName": "string", "S3KeyPrefix": "string" }, "ReportPlanDescription": "string", "ReportPlanName": "string", "ReportPlanTags": { "string" : "string" }, "ReportSetting": { "Accounts": [ "string" ], // Use string value of "ROOT" to include all organizational units "OrganizationUnits": [ "string" ], "Regions": ["string"], // Use wildcard value in string to include all Regions "FrameworkArns": [ "string" ], "NumberOfFrameworks": number, "ReportTemplate": "string" } } ``` 当您使用报告计划的唯一名称调用 [DescribeReportPlan](API_DescribeReportPlan.md) 时,对于多账户、多区域计划, AWS Backup API 会响应并返回以下信息: ``` { "ReportPlan": { "CreationTime": number, "DeploymentStatus": "string", "LastAttemptedExecutionTime": number, "LastSuccessfulExecutionTime": number, "ReportDeliveryChannel": { "Formats": [ "string" ], "S3BucketName": "string", "S3KeyPrefix": "string" }, "ReportPlanArn": "string", "ReportPlanDescription": "string", "ReportPlanName": "string", "ReportSetting": { "Accounts":[ "string" ], "OrganizationUnits":[ "string" ], "Regions": [ "string" ], "FrameworkArns": [ "string" ], "NumberOfFrameworks": number, "ReportTemplate": "string" } } } ```