查看合规性包的详细信息和合规信息
重要
要准确报告合规性状态,必须记录 AWS::Config::ResourceCompliance 资源类型。有关更多信息,请参阅记录 AWS 资源。
您可以使用 AWS Config 控制台或 AWS CLI 查看您的合规性包。AWS Config 控制台具有统一的控制面板。AWS CLI 允许您运行命令以获取特定信息。
- Viewing Conformance Packs (Console)
-
要在 AWS Management Console中查看您的合规包,请参阅“合规包”控制面包。
- Viewing the Details for your Conformance Packs (AWS CLI)
-
-
输入以下 命令。
aws configservice describe-conformance-packs或
aws configservice describe-conformance-packs --conformance-pack-name="MyConformancePack1" -
您应该可以看到类似于如下所示的输出内容。
{ "conformancePackName": "MyConformancePack1", "conformancePackId": "conformance-pack-ID", "conformancePackArn": "arn:aws:config:us-west-2:AccountID:conformance-pack/MyConformancePack1/conformance-pack-ID", "conformancePackInputParameters": [], "lastUpdateRequestedTime": "Thu Jul 18 16:07:05 PDT 2019" }
-
- Viewing the Status for your Conformance Packs (AWS CLI)
-
-
输入以下 命令。
aws configservice describe-conformance-pack-status --conformance-pack-name="MyConformancePack1" -
您应该可以看到类似于如下所示的输出内容。
{ "stackArn": "arn:aws:cloudformation:us-west-2:AccountID:stack/awsconfigconforms-MyConformancePack1-conformance-pack-ID/d4301fe0-a9b1-11e9-994d-025f28dd83ba", "conformancePackName": "MyConformancePack1", "conformancePackId": "conformance-pack-ID", "lastUpdateCompletedTime": "Thu Jul 18 16:15:17 PDT 2019", "conformancePackState": "CREATE_COMPLETE", "conformancePackArn": "arn:aws:config:us-west-2:AccountID:conformance-pack/MyConformancePack1/conformance-pack-ID", "lastUpdateRequestedTime": "Thu Jul 18 16:14:35 PDT 2019" }
-
- Viewing the Compliance Status for your Conformance Packs (AWS CLI)
-
-
输入以下 命令。
aws configservice describe-conformance-pack-compliance --conformance-pack-name="MyConformancePack1" -
您应该可以看到类似于如下所示的输出内容。
{ "conformancePackName": "MyConformancePack1", "conformancePackRuleComplianceList": [ { "configRuleName": "awsconfigconforms-RuleName1-conformance-pack-ID", "complianceType": "NON_COMPLIANT" }, { "configRuleName": "awsconfigconforms-RuleName2-conformance-pack-ID", "complianceType": "COMPLIANT" } ] }
-
- Viewing the Compliance Details for your Conformance Packs (AWS CLI)
-
-
输入以下 命令。
aws configservice get-conformance-pack-compliance-details --conformance-pack-name="MyConformancePack1" -
您应该可以看到类似于如下所示的输出内容。
{ "conformancePackRuleEvaluationResults": [ { "evaluationResultIdentifier": { "orderingTimestamp": "Tue Jul 16 23:07:35 PDT 2019", "evaluationResultQualifier": { "resourceId": "resourceID", "configRuleName": "awsconfigconforms-RuleName1-conformance-pack-ID", "resourceType": "AWS::::Account" } }, "configRuleInvokedTime": "Tue Jul 16 23:07:50 PDT 2019", "resultRecordedTime": "Tue Jul 16 23:07:51 PDT 2019", "complianceType": "NON_COMPLIANT" }, { "evaluationResultIdentifier": { "orderingTimestamp": "Thu Jun 27 15:16:36 PDT 2019", "evaluationResultQualifier": { "resourceId": "resourceID", "configRuleName": "awsconfigconforms-RuleName2-conformance-pack-ID", "resourceType": "AWS::EC2::SecurityGroup" } }, "configRuleInvokedTime": "Thu Jul 11 23:08:06 PDT 2019", "resultRecordedTime": "Thu Jul 11 23:08:06 PDT 2019", "complianceType": "COMPLIANT" } ], "conformancePackName": "MyConformancePack1" } }
-
删除合规包
查看合规性历史记录