- 최신
- 최다 투표
- 가장 많은 댓글
You can query the AWS Config API for advanced queries with the SelectResourceConfig API call. See the AWS documentation for an (CLI) example.
You could use AWS Eventbridge (what used to be called Cloudwatch Events earlier) to create a Scheduler rule that will trigger at periodic intervals. You can define a lambda function as the target of the Lambda function.
Inside the lambda function you can call the relevant API that will give you what you want. For example, if you want to use the AWS Config API ListDiscoveredResources, then you can call the API from inside your lambda function. There are samples provided in the documentation for supported languages - https://docs.aws.amazon.com/config/latest/APIReference/API_ListDiscoveredResources.html. You could write the output to a file and save it on S3.
Please follow our blog article on this: https://aws.amazon.com/blogs/mt/how-to-get-a-daily-report-for-your-resources-configuration-changes/
def create_report(aggregator_name, today):
client = boto3.client('config')
response = client.select_aggregate_resource_config(
Expression=f"SELECT * WHERE configurationItemCaptureTime LIKE '{today}%'",
ConfigurationAggregatorName=aggregator_name
)
changed_resources = response["Results"]
json_list = [json.loads(line) for line in changed_resources]
관련 콘텐츠
AWS 공식업데이트됨 3년 전
I created lambda function and invoking the SelectResourceConfig API using aws cli using below query and it is failing with "Syntax error in module 'lambda_function': invalid syntax (lambda_function.py, line 23)".
import subprocess import logging import boto3
logger = logging.getLogger() logger.setLevel(logging.INFO)
def run_command(command): command_list = command.split(' ') #print(command_list) try: logger.info("Running shell command: "{}"".format(command)) result = subprocess.run(command_list, stderr=subprocess.STDOUT, stdout=subprocess.PIPE); #print(result) logger.info("Command output:\n---\n{}\n---".format(result.stdout.decode('UTF-8'))) except Exception as e: logger.error("Exception: {}".format(e)) return False
def lambda_handler(event, context):
resourceName, resourceType, configuration.tags.value, configuration.vpcId, configuration.subnetId, configuration.publicDnsName, configuration.privateIpAddress, configuration.imageId, configuration.iamInstanceProfile.arn, configuration.instanceId, configuration.instanceType, configuration.securityGroups, configuration.platform, configuration.architecture, configuration.availabilityZone, configuration.state.name WHERE resourceType = 'AWS::EC2::Instance' order by resourceId, resourceName, resourceType, configuration.state.name"')