本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # 使用 CLI AWS 記錄資源 您可以使用 AWS CLI 來選取要 AWS Config 記錄的資源類型。您可以透過建立客戶受管組態記錄器來執行此操作,該記錄器會記錄您在記錄群組中指定的資源類型。在記錄群組中,您需要指定是要記錄所有支援的資源類型,還是包含或排除特定的資源類型。 ------ #### [ Record all current and future supported resource types ] 設定 AWS Config 以記錄此區域中所有目前和未來支援之資源類型的組態變更。如需支援的資源類型清單,請參閱[支援的資源類型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder`和 `---recording-group` 欄位。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 欄位** `configurationRecorder.json` 檔案會指定 `name`和 `roleArn` ,以及組態記錄器的預設記錄頻率 (`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 欄位** `recordingGroup.json` 檔案會指定要記錄的資源類型。 ``` { "allSupported": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "includeGlobalResourceTypes": true } ``` 如需這些欄位的詳細資訊,請參閱《 *AWS CLI 命令參考*[https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html)》中的 。 1. (選用) 若要確認您的客戶受管組態記錄器具有所需的設定,請使用下列[https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html)命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下是回應範例。 ``` { "ConfigurationRecorders": [ { "name": "default" "recordingGroup": { "allSupported": true, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": true, "recordingStrategy": { "useOnly": "ALL_SUPPORTED_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------ #### [ Record all current and future supported resources types excluding the types you specify ] 設定 AWS Config 以記錄所有目前和未來支援之資源類型的組態變更,包括全域資源類型,但您指定從記錄排除的資源類型除外。 如果您選擇停止記錄某個資源類型,則已記錄的組態項目會保持不變。如需支援的資源類型清單,請參閱[支援的資源類型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder`和 `---recording-group` 欄位。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 欄位** `configurationRecorder.json` 檔案會指定 `name`和 `roleArn` ,以及組態記錄器的預設記錄頻率 (`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 欄位** `recordingGroup.json` 檔案會指定 AWS Config 要記錄的資源類型。傳遞一或多個要排除在 `resourceTypes`欄位中的資源類型`exclusionByResourceTypes`,如下列範例所示。 ``` { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, } ``` 如需這些欄位的詳細資訊,請參閱《 *AWS CLI 命令參考*[https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html)》中的 。 1. (選用) 若要確認您的客戶受管組態記錄器具有所需的設定,請使用下列[https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html)命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下是回應範例。 ``` { "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [ "AWS::Redshift::ClusterSnapshot", "AWS::RDS::DBClusterSnapshot", "AWS::CloudFront::StreamingDistribution" ] }, "includeGlobalResourceTypes": false, "recordingStrategy": { "useOnly": "EXCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [], }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------ #### [ Record specific resource types ] 設定 AWS Config 僅記錄您指定的資源類型的組態變更。 如果您選擇停止記錄某個資源類型,則已記錄的組態項目會保持不變。如需支援的資源類型清單,請參閱[支援的資源類型](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html)。 1. 使用 [https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html) 命令: 此命令使用 `--configuration-recorder`和 `---recording-group` 欄位。 ``` $ aws configservice put-configuration-recorder \ --configuration-recorder file://configurationRecorder.json \ --recording-group file://recordingGroup.json ``` **`configuration-recorder` 欄位** `configurationRecorder.json` 檔案會指定 `name`和 `roleArn` ,以及組態記錄器的預設記錄頻率 (`recordingMode`)。 ``` { "name": "default", "roleARN": "arn:aws:iam::123456789012:role/config-role", "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override", "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override ] } ] } } ``` **`recording-group` 欄位** `recordingGroup.json` 檔案會指定 AWS Config 要記錄的資源類型。在 `resourceTypes` 欄位中傳遞要排除的一或多個資源類型,如下列範例所示。 ``` { "allSupported": false, "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "includeGlobalResourceTypes": false, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] } ``` 如需這些欄位的詳細資訊,請參閱《 *AWS CLI 命令參考*[https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/put-configuration-recorder.html)》中的 。 1. (選用) 若要確認您的客戶受管組態記錄器具有所需的設定,請使用下列[https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html](https://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorders.html)命令。 ``` $ aws configservice describe-configuration-recorders ``` 以下是回應範例。 ``` { "ConfigurationRecorders": [ { "name": "default", "recordingGroup": { "allSupported": false, "exclusionByResourceTypes": { "resourceTypes": [] }, "includeGlobalResourceTypes": false "recordingStrategy": { "useOnly": "INCLUSION_BY_RESOURCE_TYPES" }, "resourceTypes": [ "AWS::EC2::EIP", "AWS::EC2::Instance", "AWS::EC2::NetworkAcl", "AWS::EC2::SecurityGroup", "AWS::CloudTrail::Trail", "AWS::EC2::Volume", "AWS::EC2::VPC", "AWS::IAM::User", "AWS::IAM::Policy" ] }, "recordingMode": { "recordingFrequency": CONTINUOUS or DAILY, "recordingModeOverrides": [ { "description": "Description you provide for the override, "recordingFrequency": CONTINUOUS or DAILY, "resourceTypes": [ Comma-separated list of resource types to include in the override] } ] }, "roleARN": "arn:aws:iam::123456789012:role/config-role" } ] } ``` ------