本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
将配置快照传送到 Amazon S3 存储桶
AWS Config 向您在配置传递通道时指定的 Amazon S3 存储桶传送 AWS Config 记录的 AWS 资源的配置快照。
传送配置快照
当您调用 DeliverConfigSnapshot 操作或运行 AWS CLI deliver-config-snapshot 命令时,AWS Config 会生成配置快照。AWS Config 会将配置快照存储在您在启用 AWS Config 时指定的 Amazon S3 存储桶中。
键入 deliver-config-snapshot 命令,并指定在您配置传递通道时由 AWS Config 分配的名称,例如:
$ aws configservice deliver-config-snapshot --delivery-channel-namedefault{ "configSnapshotId": "94ccff53-83be-42d9-996f-b4624b3c1a55" }
来自 AWS Config 的配置快照示例
下面是 AWS Config 在配置快照中提供的信息示例。该快照描述了 AWS Config 在当前区域中为您的 AWS 账户记录的资源的相关配置,以及这些资源之间的关系。
注意
配置快照中可能会引用不支持的资源类型和资源 ID。
{ "fileVersion": "1.0", "requestId": "asudf8ow-4e34-4f32-afeb-0ace5bf3trye", "configurationItems": [ { "configurationItemVersion": "1.0", "resourceId": "vol-ce676ccc", "arn": "arn:aws:us-west-2b:123456789012:volume/vol-ce676ccc", "accountId": "12345678910", "configurationItemCaptureTime": "2014-03-07T23:47:08.918Z", "configurationStateID": "3e660fdf-4e34-4f32-afeb-0ace5bf3d63a", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adb69edbb1e4", "c376e30d-71a2-4694-89b7-a5a04ad92281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Volume", "resourceCreationTime": "2014-02-27T21:43:53.885Z", "tags": {}, "relationships": [ { "resourceId": "i-344c463d", "resourceType": "AWS::EC2::Instance", "name": "Attached to Instance" } ], "configuration": { "volumeId": "vol-ce676ccc", "size": 1, "snapshotId": "", "availabilityZone": "us-west-2b", "state": "in-use", "createTime": "2014-02-27T21:43:53.0885+0000", "attachments": [ { "volumeId": "vol-ce676ccc", "instanceId": "i-344c463d", "device": "/dev/sdf", "state": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } ], "tags": [ { "tagName": "environment", "tagValue": "PROD" }, { "tagName": "name", "tagValue": "DataVolume1" } ], "volumeType": "standard" } }, { "configurationItemVersion": "1.0", "resourceId": "i-344c463d", "accountId": "12345678910", "arn": "arn:aws:ec2:us-west-2b:123456789012:instance/i-344c463d", "configurationItemCaptureTime": "2014-03-07T23:47:09.523Z", "configurationStateID": "cdb571fa-ce7a-4ec5-8914-0320466a355e", "configurationItemStatus": "OK", "relatedEvents": [ "06c12a39-eb35-11de-ae07-adb69edbb1e4", "c376e30d-71a2-4694-89b7-a5a04ad92281" ], "availibilityZone": "us-west-2b", "resourceType": "AWS::EC2::Instance", "resourceCreationTime": "2014-02-26T22:56:35.000Z", "tags": { "Name": "integ-test-1", "examplename": "examplevalue" }, "relationships": [ { "resourceId": "vol-ce676ccc", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume" }, { "resourceId": "vol-ef0e06ed", "resourceType": "AWS::EC2::Volume", "name": "Attached Volume", "direction": "OUT" }, { "resourceId": "subnet-47b4cf2c", "resourceType": "AWS::EC2::SUBNET", "name": "Is contained in Subnet", "direction": "IN" } ], "configuration": { "instanceId": "i-344c463d", "imageId": "ami-ccf297fc", "state": { "code": 16, "name": "running" }, "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "stateTransitionReason": "", "keyName": "configDemo", "amiLaunchIndex": 0, "productCodes": [], "instanceType": "t1.micro", "launchTime": "2014-02-26T22:56:35.0000+0000", "placement": { "availabilityZone": "us-west-2b", "groupName": "", "tenancy": "default" }, "kernelId": "aki-fc8f11cc", "monitoring": { "state": "disabled" }, "subnetId": "subnet-47b4cf2c", "vpcId": "vpc-41b4cf2a", "privateIpAddress": "172.31.21.63", "publicIpAddress": "54.218.4.189", "architecture": "x86_64", "rootDeviceType": "ebs", "rootDeviceName": "/dev/sda1", "blockDeviceMappings": [ { "deviceName": "/dev/sda1", "ebs": { "volumeId": "vol-ef0e06ed", "status": "attached", "attachTime": "2014-02-26T22:56:38.0000+0000", "deleteOnTermination": true } }, { "deviceName": "/dev/sdf", "ebs": { "volumeId": "vol-ce676ccc", "status": "attached", "attachTime": "2014-03-07T23:46:28.0000+0000", "deleteOnTermination": false } } ], "virtualizationType": "paravirtual", "clientToken": "aBCDe123456", "tags": [ { "key": "Name", "value": "integ-test-1" }, { "key": "examplekey", "value": "examplevalue" } ], "securityGroups": [ { "groupName": "launch-wizard-2", "groupId": "sg-892adfec" } ], "sourceDestCheck": true, "hypervisor": "xen", "networkInterfaces": [ { "networkInterfaceId": "eni-55c03d22", "subnetId": "subnet-47b4cf2c", "vpcId": "vpc-41b4cf2a", "description": "", "ownerId": "12345678910", "status": "in-use", "privateIpAddress": "172.31.21.63", "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "sourceDestCheck": true, "groups": [ { "groupName": "launch-wizard-2", "groupId": "sg-892adfec" } ], "attachment": { "attachmentId": "eni-attach-bf90c489", "deviceIndex": 0, "status": "attached", "attachTime": "2014-02-26T22:56:35.0000+0000", "deleteOnTermination": true }, "association": { "publicIp": "54.218.4.189", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" }, "privateIpAddresses": [ { "privateIpAddress": "172.31.21.63", "privateDnsName": "ip-172-31-21-63.us-west-2.compute.internal", "primary": true, "association": { "publicIp": "54.218.4.189", "publicDnsName": "ec2-54-218-4-189.us-west-2.compute.amazonaws.com", "ipOwnerId": "amazon" } } ] } ], "ebsOptimized": false } } ] }
下一步是验证配置快照是否成功传送到了传递通道。
验证传送状态
键入describe-delivery-channel-status 命令以验 AWS Config 是否已开始将配置传送到指定的传递通道,例如:
$ aws configservice describe-delivery-channel-status { "DeliveryChannelsStatus": [ { "configStreamDeliveryInfo": { "lastStatusChangeTime": 1415138614.125, "lastStatus": "SUCCESS" }, "configHistoryDeliveryInfo": { "lastSuccessfulTime": 1415148744.267, "lastStatus": "SUCCESS", "lastAttemptTime": 1415148744.267 }, "configSnapshotDeliveryInfo": { "lastSuccessfulTime": 1415333113.4159999, "lastStatus": "SUCCESS", "lastAttemptTime": 1415333113.4159999 }, "name": "default" } ] }
对命令的响应会列出 AWS Config 将配置传送到您的存储桶和主题时使用的所有三种传输格式的状态。
请查看 lastSuccessfulTime 中的 configSnapshotDeliveryInfo 字段。时间应与您上次请求传送配置快照的时间一致。
注意
AWS Config 使用 UTC 格式(协调世界时)来记录时间。
查看 Amazon S3 存储桶中的配置快照
登录到 AWS Management Console,然后通过以下网址打开 Amazon S3 控制台:https://console.aws.amazon.com/s3/
。 -
在 Amazon S3 控制台的所有存储桶列表中,单击您的 Amazon S3 存储桶名称。
-
单击查看您的存储桶中的嵌套文件夹,找到快照 ID 与由命令返回的 ID 相匹配的
ConfigSnapshot对象。下载并打开对象以查看配置快照。S3 存储桶还包含一个名为
ConfigWritabilityCheckFile的空文件。AWS Config 创建该文件的目的是验证服务是否能成功写入 S3 存储桶。
