本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
合规包
一致性包是 AWS Config 规则和补救措施的集合,可以轻松地将其作为单个实体部署到一个账户和一个区域或整个组织中 AWS Organizations。
通过编写一个包含 AWS Config 规则(托管或自定义)和修复操作列表的 YAML 模板,可以创建一致性包。您还可以使用 AWS Systems Manager 文档(SSM 文档)将合规包模板存储在上面, AWS 并使用 SSM 文档名称直接部署一致性包。您可以使用 AWS Config 控制台或 AWS CLI部署模板。要快速入门并评估您的 AWS 环境,请使用其中一个样本一致性包模板。您也可以基于自定义合规包,从头开始创建合规包 YAML 文件。
主题
区域支持
以下区域支持一致性包。
| 区域名称 | 区域 | 端点 | 协议 |
|---|---|---|---|
| 美国东部(俄亥俄州) | us-east-2 | config.us-east-2.amazonaws.com | HTTPS |
| 美国东部(弗吉尼亚州北部) | us-east-1 | config.us-east-1.amazonaws.com | HTTPS |
| 美国西部(北加利福尼亚) | us-west-1 | config.us-west-1.amazonaws.com | HTTPS |
| 美国西部(俄勒冈州) | us-west-2 | config.us-west-2.amazonaws.com | HTTPS |
| 亚太地区(香港) | ap-east-1 | config.ap-east-1.amazonaws.com | HTTPS |
| 亚太地区(墨尔本) | ap-southeast-4 | config.ap-southeast-4.amazonaws.com | HTTPS |
| 亚太地区(孟买) | ap-south-1 | config.ap-south-1.amazonaws.com | HTTPS |
| 亚太地区(首尔) | ap-northeast-2 | config.ap-northeast-2.amazonaws.com | HTTPS |
| 亚太地区(新加坡) | ap-southeast-1 | config.ap-southeast-1.amazonaws.com | HTTPS |
| 亚太地区(悉尼) | ap-southeast-2 | config.ap-southeast-2.amazonaws.com | HTTPS |
| 亚太地区(东京) | ap-northeast-1 | config.ap-northeast-1.amazonaws.com | HTTPS |
| 加拿大(中部) | ca-central-1 | config.ca-central-1.amazonaws.com | HTTPS |
| 欧洲地区(法兰克福) | eu-central-1 | config.eu-central-1.amazonaws.com | HTTPS |
| 欧洲地区(爱尔兰) | eu-west-1 | config.eu-west-1.amazonaws.com | HTTPS |
| 欧洲地区(伦敦) | eu-west-2 | config.eu-west-2.amazonaws.com | HTTPS |
| 欧洲地区(巴黎) | eu-west-3 | config.eu-west-3.amazonaws.com | HTTPS |
| 欧洲地区(斯德哥尔摩) | eu-north-1 | config.eu-north-1.amazonaws.com | HTTPS |
| 中东(巴林) | me-south-1 | config.me-south-1.amazonaws.com | HTTPS |
| 南美洲(圣保罗) | sa-east-1 | config.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (美国东部) | us-gov-east-1 | config.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (美国西部) | us-gov-west-1 | config.us-gov-west-1.amazonaws.com | HTTPS |
以下区域支持跨 AWS 组织成员账户部署合规包。
| 区域名称 | 区域 | 端点 | 协议 |
|---|---|---|---|
| 美国东部(俄亥俄州) | us-east-2 | config.us-east-2.amazonaws.com | HTTPS |
| 美国东部(弗吉尼亚州北部) | us-east-1 | config.us-east-1.amazonaws.com | HTTPS |
| 美国西部(北加利福尼亚) | us-west-1 | config.us-west-1.amazonaws.com | HTTPS |
| 美国西部(俄勒冈州) | us-west-2 | config.us-west-2.amazonaws.com | HTTPS |
| 亚太地区(墨尔本) | ap-southeast-4 | config.ap-southeast-4.amazonaws.com | HTTPS |
| 亚太地区(孟买) | ap-south-1 | config.ap-south-1.amazonaws.com | HTTPS |
| 亚太地区(首尔) | ap-northeast-2 | config.ap-northeast-2.amazonaws.com | HTTPS |
| 亚太地区(新加坡) | ap-southeast-1 | config.ap-southeast-1.amazonaws.com | HTTPS |
| 亚太地区(悉尼) | ap-southeast-2 | config.ap-southeast-2.amazonaws.com | HTTPS |
| 亚太地区(东京) | ap-northeast-1 | config.ap-northeast-1.amazonaws.com | HTTPS |
| 加拿大(中部) | ca-central-1 | config.ca-central-1.amazonaws.com | HTTPS |
| 欧洲地区(法兰克福) | eu-central-1 | config.eu-central-1.amazonaws.com | HTTPS |
| 欧洲地区(爱尔兰) | eu-west-1 | config.eu-west-1.amazonaws.com | HTTPS |
| 欧洲地区(伦敦) | eu-west-2 | config.eu-west-2.amazonaws.com | HTTPS |
| 欧洲地区(巴黎) | eu-west-3 | config.eu-west-3.amazonaws.com | HTTPS |
| 欧洲地区(斯德哥尔摩) | eu-north-1 | config.eu-north-1.amazonaws.com | HTTPS |
| 南美洲(圣保罗) | sa-east-1 | config.sa-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (美国东部) | us-gov-east-1 | config.us-gov-east-1.amazonaws.com | HTTPS |
| AWS GovCloud (美国西部) | us-gov-west-1 | config.us-gov-west-1.amazonaws.com | HTTPS |
故障排除
如果在创建、更新或删除一致性包时收到指示操作失败的错误,则可以检查一致性包的状态。
aws configservice describe-conformance-pack-status --conformance-pack-name MyConformancePack1
您应该可以看到类似于如下所示的输出内容。
"ConformancePackStatusDetails": [ { "ConformancePackName": "ConformancePackName", "ConformancePackId": "ConformancePackId", "ConformancePackArn": "ConformancePackArn", "ConformancePackState": "CREATE_FAILED", "StackArn": "CloudFormation stackArn", "ConformancePackStatusReason": "Failure Reason", "LastUpdateRequestedTime": 1573865201.619, "LastUpdateCompletedTime": 1573864244.653 } ]
有关故障的信息 ConformancePackStatusReason,请查看。
响应中有 stackArn 时
如果错误消息不明确,或者由于内部错误造成失败,请转到 AWS CloudFormation 控制台并执行以下操作:
-
在输出中搜索 stackArn。
-
选择 AWS CloudFormation 堆栈的 “事件” 选项卡并检查是否有失败的事件。
状态原因指示一致性包失败的原因。
响应中没有 stackArn 时
如果您在创建一致性包时收到错误但状态响应中没有 stackArn,则可能是因为堆栈创建失败, AWS CloudFormation 回滚并删除了堆栈。前往 AWS CloudFormation 控制台,搜索处于 “已删除” 状态的堆栈。失败的堆栈可能在那里可用。 AWS CloudFormation 堆栈包含一致性包名称。如果找到失败的堆栈,请选择堆 AWS CloudFormation 栈的 “事件” 选项卡并检查失败的事件。
如果这些步骤都不起作用,并且失败原因是内部服务错误,请重试操作或联系 AWS Config 支持人员。
