查看合规包的详细信息和合规信息 - AWS Config

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

查看合规包的详细信息和合规信息

重要

要准确报告合规性状态,必须记录 AWS::Config::ResourceCompliance 资源类型。有关更多信息,请参阅录制 AWS 资源

您可以使用 AWS Config 控制台或查看 AWS CLI 您的一致性包。 AWS Config 控制台具有统一的仪表板。 AWS CLI 允许您运行命令以获取特定信息。

Viewing Conformance Packs (Console)

要在中查看您的一致性包 AWS Management Console,请参阅 Conform ance Pack 控制面板包

Viewing the Details for your Conformance Packs (AWS CLI)

  1. 输入以下 命令。

    aws configservice describe-conformance-packs 

    aws configservice describe-conformance-packs --conformance-pack-name="MyConformancePack1"

  2. 您应该可以看到类似于如下所示的输出内容。

    {
    "conformancePackName": "MyConformancePack1",
    "conformancePackId": "conformance-pack-ID",
    "conformancePackArn": "arn:aws:config:us-west-2:AccountID:conformance-pack/MyConformancePack1/conformance-pack-ID",
    "conformancePackInputParameters": [],
    "lastUpdateRequestedTime": "Thu Jul 18 16:07:05 PDT 2019"
}
Viewing the Status for your Conformance Packs (AWS CLI)

  1. 输入以下 命令。

    aws configservice describe-conformance-pack-status --conformance-pack-name="MyConformancePack1"

  2. 您应该可以看到类似于如下所示的输出内容。

    {
    "stackArn": "arn:aws:cloudformation:us-west-2:AccountID:stack/awsconfigconforms-MyConformancePack1-conformance-pack-ID/d4301fe0-a9b1-11e9-994d-025f28dd83ba",
    "conformancePackName": "MyConformancePack1",
    "conformancePackId": "conformance-pack-ID",
    "lastUpdateCompletedTime": "Thu Jul 18 16:15:17 PDT 2019",
    "conformancePackState": "CREATE_COMPLETE",
    "conformancePackArn": "arn:aws:config:us-west-2:AccountID:conformance-pack/MyConformancePack1/conformance-pack-ID",
    "lastUpdateRequestedTime": "Thu Jul 18 16:14:35 PDT 2019"
}
Viewing the Compliance Status for your Conformance Packs (AWS CLI)

  1. 输入以下 命令。

    aws configservice describe-conformance-pack-compliance --conformance-pack-name="MyConformancePack1"

  2. 您应该可以看到类似于如下所示的输出内容。

    {
    "conformancePackName": "MyConformancePack1",
    "conformancePackRuleComplianceList": [
        {
            "configRuleName": "awsconfigconforms-RuleName1-conformance-pack-ID",
            "complianceType": "NON_COMPLIANT"
        },
        {
            "configRuleName": "awsconfigconforms-RuleName2-conformance-pack-ID",
            "complianceType": "COMPLIANT"
        }
    ]
}
Viewing the Compliance Details for your Conformance Packs (AWS CLI)

  1. 输入以下 命令。

    aws configservice get-conformance-pack-compliance-details --conformance-pack-name="MyConformancePack1"

  2. 您应该可以看到类似于如下所示的输出内容。

    {
    "conformancePackRuleEvaluationResults": [
        {
            "evaluationResultIdentifier": {
                "orderingTimestamp": "Tue Jul 16 23:07:35 PDT 2019",
                "evaluationResultQualifier": {
                    "resourceId": "resourceID",
                    "configRuleName": "awsconfigconforms-RuleName1-conformance-pack-ID",
                    "resourceType": "AWS::::Account"
                }
            },
            "configRuleInvokedTime": "Tue Jul 16 23:07:50 PDT 2019",
            "resultRecordedTime": "Tue Jul 16 23:07:51 PDT 2019",
            "complianceType": "NON_COMPLIANT"
        },
        {
            "evaluationResultIdentifier": {
                "orderingTimestamp": "Thu Jun 27 15:16:36 PDT 2019",
                "evaluationResultQualifier": {
                    "resourceId": "resourceID",
                    "configRuleName": "awsconfigconforms-RuleName2-conformance-pack-ID",
                    "resourceType": "AWS::EC2::SecurityGroup"
                }
            },
           "configRuleInvokedTime": "Thu Jul 11 23:08:06 PDT 2019",
            "resultRecordedTime": "Thu Jul 11 23:08:06 PDT 2019",
            "complianceType": "COMPLIANT"
        }
    ],
    "conformancePackName": "MyConformancePack1"
}
}