本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 使用 AWS CLI 记录资源 您可以使用 C AWS LI 来选择 AWS Config 要记录的资源类型。为此,您可以创建一个客户管理的配置记录器,以记录您在记录组中指定的资源类型。在记录组中,您可以指定是要记录所有受支持的资源类型,还是包括或排除特定类型的资源。 ------ #### [ Record all current and future supported resource types ] 设置 AWS Config 为记录该区域所有当前和 future 支持的资源类型的配置更改。有关支持的资源类型列表,请参阅[支持的资源类型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder` 和 `---recording-group` 字段。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 字段** `configurationRecorder.json` 文件指定配置记录器的 `name` 和 `roleArn` 以及默认记录频率(`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 字段** `recordingGroup.json` 文件指定要记录哪些资源类型。 ``` { "allSupported": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "includeGlobalResourceTypes": true } ``` 有关这些字段的更多信息,请参阅《AWS CLI 命令参考》**中的 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 1. (可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下 [https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html) 命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下为响应示例。 ``` { "ConfigurationRecorders": [ { "name": "default" "recordingGroup": { "allSupported": true, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------ #### [ Record all current and future supported resources types excluding the types you specify ] 设置 AWS Config 为记录所有当前和 future 支持的资源类型的配置更改,包括全局资源类型,但您指定要从记录中排除的资源类型除外。 如果您选择停止记录某一资源类型,则已记录的配置项将保持不变。有关支持的资源类型列表,请参阅[支持的资源类型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder` 和 `---recording-group` 字段。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 字段** `configurationRecorder.json` 文件指定配置记录器的 `name` 和 `roleArn` 以及默认记录频率(`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 字段** 该`recordingGroup.json`文件指定 AWS Config 将记录哪些类型的资源。在 `exclusionByResourceTypes` 的 `resourceTypes` 字段中传递一个或多个要排除的资源类型,如以下示例所示。 ``` { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, } ``` 有关这些字段的更多信息,请参阅《AWS CLI 命令参考》**中的 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 1. (可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下 [https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html) 命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下为响应示例。 ``` { "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------ #### [ Record specific resource types ] 设置 AWS Config 为仅记录您指定的资源类型的配置更改。 如果您选择停止记录某一资源类型,则已记录的配置项将保持不变。有关支持的资源类型列表,请参阅[支持的资源类型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder` 和 `---recording-group` 字段。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 字段** `configurationRecorder.json` 文件指定配置记录器的 `name` 和 `roleArn` 以及默认记录频率(`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 字段** 该`recordingGroup.json`文件指定 AWS Config 将记录哪些类型的资源。在 `resourceTypes` 字段中传递一个或多个要排除的资源类型,如以下示例所示。 ``` { "allSupported": false, "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "includeGlobalResourceTypes": false, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] } ``` 有关这些字段的更多信息,请参阅《AWS CLI 命令参考》**中的 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 1. (可选)要验证您的客户管理的配置记录器是否拥有您所需的设置,请使用以下 [https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html) 命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下为响应示例。 ``` { "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": false "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------