- 最新
- 最多得票
- 最多評論
You can query the AWS Config API for advanced queries with the SelectResourceConfig
API call. See the AWS documentation for an (CLI) example.
You could use AWS Eventbridge (what used to be called Cloudwatch Events earlier) to create a Scheduler rule that will trigger at periodic intervals. You can define a lambda function as the target of the Lambda function.
Inside the lambda function you can call the relevant API that will give you what you want. For example, if you want to use the AWS Config API ListDiscoveredResources, then you can call the API from inside your lambda function. There are samples provided in the documentation for supported languages - https://docs.aws.amazon.com/config/latest/APIReference/API_ListDiscoveredResources.html. You could write the output to a file and save it on S3.
Please follow our blog article on this: https://aws.amazon.com/blogs/mt/how-to-get-a-daily-report-for-your-resources-configuration-changes/
def create_report(aggregator_name, today):
client = boto3.client('config')
response = client.select_aggregate_resource_config(
Expression=f"SELECT * WHERE configurationItemCaptureTime LIKE '{today}%'",
ConfigurationAggregatorName=aggregator_name
)
changed_resources = response["Results"]
json_list = [json.loads(line) for line in changed_resources]
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 年前
I created lambda function and invoking the SelectResourceConfig API using aws cli using below query and it is failing with "Syntax error in module 'lambda_function': invalid syntax (lambda_function.py, line 23)".
import subprocess import logging import boto3
logger = logging.getLogger() logger.setLevel(logging.INFO)
def run_command(command): command_list = command.split(' ') #print(command_list) try: logger.info("Running shell command: "{}"".format(command)) result = subprocess.run(command_list, stderr=subprocess.STDOUT, stdout=subprocess.PIPE); #print(result) logger.info("Command output:\n---\n{}\n---".format(result.stdout.decode('UTF-8'))) except Exception as e: logger.error("Exception: {}".format(e)) return False
def lambda_handler(event, context):
resourceName, resourceType, configuration.tags.value, configuration.vpcId, configuration.subnetId, configuration.publicDnsName, configuration.privateIpAddress, configuration.imageId, configuration.iamInstanceProfile.arn, configuration.instanceId, configuration.instanceType, configuration.securityGroups, configuration.platform, configuration.architecture, configuration.availabilityZone, configuration.state.name WHERE resourceType = 'AWS::EC2::Instance' order by resourceId, resourceName, resourceType, configuration.state.name"')