本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 錄製資源 AWS CLI
您可以使用 AWS CLI來選取要 AWS Config 記錄的資源類型。您可以透過建立客戶受管組態記錄器來執行此操作,該記錄器會記錄您在記錄群組中指定的資源類型。在記錄群組中,您需要指定是要記錄所有支援的資源類型,還是包含或排除特定的資源類型。
- Record all current and future supported resource types
-
設定 AWS Config 以記錄此區域中所有目前和未來支援之資源類型的組態變更。如需支援的資源類型清單,請參閱支援的資源類型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group欄位。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder欄位configurationRecorder.json檔案會指定組態記錄器 () 的預設記錄頻率nameroleArn和recordingMode。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group欄位recordingGroup.json檔案會指定要記錄的資源類型。{ "allSupported": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "includeGlobalResourceTypes": true }如需這些欄位的詳細資訊,請參閱 AWS CLI 命令參考
put-configuration-recorder中的 。 -
(選用) 若要確認您的客戶受管組態記錄器具有所需的設定,請使用下列
describe-configuration-recorders命令。$ aws configservice describe-configuration-recorders以下是回應範例。
{ "ConfigurationRecorders": [ { "name": "default" "recordingGroup": { "allSupported": true, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
- Record all current and future supported resources types excluding the types you specify
-
設定 AWS Config 以記錄所有目前和未來支援資源類型的組態變更,包括全域資源類型,但您指定從記錄排除的資源類型除外。
如果您選擇停止記錄某個資源類型,則已記錄的組態項目會保持不變。如需支援的資源類型清單,請參閱支援的資源類型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group欄位。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder欄位configurationRecorder.json檔案會指定組態記錄器 () 的預設記錄頻率nameroleArn和recordingMode。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group欄位recordingGroup.json檔案可指定 AWS Config 記錄的資源類型。傳遞一或多個資源類型以在resourceTypes欄位中排除exclusionByResourceTypes,如下列範例所示。{ "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, }如需這些欄位的詳細資訊,請參閱 AWS CLI 命令參考
put-configuration-recorder中的 。 -
(選用) 若要確認您的客戶受管組態記錄器具有您想要的設定,請使用下列
describe-configuration-recorders命令。$aws configservice describe-configuration-recorders以下是回應範例。
{ "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
- Record specific resource types
-
設定 AWS Config 以記錄僅您指定的資源類型的組態變更。
如果您選擇停止記錄某個資源類型,則已記錄的組態項目會保持不變。如需支援的資源類型清單,請參閱支援的資源類型。
-
使用
put-configuration-recorder命令:此命令使用
--configuration-recorder和---recording-group欄位。$ aws configservice put-configuration-recorder \ --configuration-recorderfile://configurationRecorder.json\ --recording-groupfile://recordingGroup.jsonconfiguration-recorder欄位configurationRecorder.json檔案會指定組態記錄器 () 的預設記錄頻率nameroleArn和recordingMode。{ "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] } }recording-group欄位recordingGroup.json檔案可指定 AWS Config 記錄的資源類型。傳遞一或多個資源類型以在resourceTypes欄位中排除,如下列範例所示。{ "allSupported": false, "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "includeGlobalResourceTypes": false, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }如需這些欄位的詳細資訊,請參閱 AWS CLI 命令參考
put-configuration-recorder中的 。 -
(選用) 若要確認您的客戶受管組態記錄器具有所需的設定,請使用下列
describe-configuration-recorders命令。$aws configservice describe-configuration-recorders以下是回應範例。
{ "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": false "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }, "recordingMode": { "recordingFrequency":CONTINUOUSorDAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency":CONTINUOUSorDAILY, "resourceTypes": [Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] }
-
