Trusted Advisor 使用範例 AWS CLI - AWS Command Line Interface

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

Trusted Advisor 使用範例 AWS CLI

下列程式碼範例說明如何使用 AWS Command Line Interface 與來執行動作及實作常見案例 Trusted Advisor。

Actions 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境和跨服務範例中查看內容中的動作。

Scenarios (案例) 是向您展示如何呼叫相同服務中的多個函數來完成特定任務的程式碼範例。

每個範例都包含一個連結 GitHub,您可以在其中找到如何在內容中設定和執行程式碼的指示。

主題

動作

下列程式碼範例會示範如何使用get-organization-recommendation

AWS CLI

若要取得組織建議

下列get-organization-recommendation範例會依其識別碼取得組織建議。

aws trustedadvisor get-organization-recommendation \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5

輸出:

{ "organizationRecommendation": { "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "description": "One or more lambdas are using a deprecated runtime", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" } }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用get-recommendation

AWS CLI

若要取得建議

下列get-recommendation範例會依其識別碼取得建議。

aws trustedadvisor get-recommendation \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578

輸出:

{ "recommendation": { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "description": "Enable multi-factor authentication", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" } }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用list-checks

AWS CLI

列出 Trusted Advisor 檢查

下列list-checks範例會列出所有 Trusted Advisor 檢查。

aws trustedadvisor list-checks

輸出:

{ "checkSummaries": [ { "arn": "arn:aws:trustedadvisor:::check/1iG5NDGVre", "awsServices": [ "EC2" ], "description": "Checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data)", "id": "1iG5NDGVre", "metadata": { "0": "Region", "1": "Security Group Name", "2": "Security Group ID", "3": "Protocol", "4": "Port", "5": "Status", "6": "IP Range" }, "name": "Security Groups - Unrestricted Access", "pillars": [ "security" ], "source": "ta_check" }, { "arn": "arn:aws:trustedadvisor:::check/1qazXsw23e", "awsServices": [ "RDS" ], "description": "Checks your usage of RDS and provides recommendations on purchase of Reserved Instances to help reduce costs incurred from using RDS On-Demand. AWS generates these recommendations by analyzing your On-Demand usage for the past 30 days. We then simulate every combination of reservations in the generated category of usage in order to identify the best number of each type of Reserved Instance to purchase to maximize your savings. This check covers recommendations based on partial upfront payment option with 1-year or 3-year commitment. This check is not available to accounts linked in Consolidated Billing. Recommendations are only available for the Paying Account.", "id": "1qazXsw23e", "metadata": { "0": "Region", "1": "Family", "2": "Instance Type", "3": "License Model", "4": "Database Edition", "5": "Database Engine", "6": "Deployment Option", "7": "Recommended number of Reserved Instances to purchase", "8": "Expected Average Reserved Instance Utilization", "9": "Estimated Savings with Recommendation (monthly)" "10": "Upfront Cost of Reserved Instances", "11": "Estimated cost of Reserved Instances (monthly)", "12": "Estimated On-Demand Cost Post Recommended Reserved Instance Purchase (monthly)", "13": "Estimated Break Even (months)", "14": "Lookback Period (days)", "15": "Term (years)" }, "name": "Amazon Relational Database Service (RDS) Reserved Instance Optimization", "pillars": [ "cost_optimizing" ], "source": "ta_check" }, { "arn": "arn:aws:trustedadvisor:::check/1qw23er45t", "awsServices": [ "Redshift" ], "description": "Checks your usage of Redshift and provides recommendations on purchase of Reserved Nodes to help reduce costs incurred from using Redshift On-Demand. AWS generates these recommendations by analyzing your On-Demand usage for the past 30 days. We then simulate every combination of reservations in the generated category of usage in order to identify the best number of each type of Reserved Nodes to purchase to maximize your savings. This check covers recommendations based on partial upfront payment option with 1-year or 3-year commitment. This check is not available to accounts linked in Consolidated Billing. Recommendations are only available for the Paying Account.", "id": "1qw23er45t", "metadata": { "0": "Region", "1": "Family", "2": "Node Type", "3": "Recommended number of Reserved Nodes to purchase", "4": "Expected Average Reserved Node Utilization", "5": "Estimated Savings with Recommendation (monthly)", "6": "Upfront Cost of Reserved Nodes", "7": "Estimated cost of Reserved Nodes (monthly)", "8": "Estimated On-Demand Cost Post Recommended Reserved Nodes Purchase (monthly)", "9": "Estimated Break Even (months)", "10": "Lookback Period (days)", "11": "Term (years)", }, "name": "Amazon Redshift Reserved Node Optimization", "pillars": [ "cost_optimizing" ], "source": "ta_check" }, ], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考ListChecks中的。

下列程式碼範例會示範如何使用list-organization-recommendation-accounts

AWS CLI

若要列出組織建議帳戶

下列list-organization-recommendation-accounts範例會依組織的識別碼列出組織建議的所有帳戶建議摘要。

aws trustedadvisor list-organization-recommendation-accounts \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5

輸出:

{ "accountRecommendationLifecycleSummaries": [{ "accountId": "000000000000", "accountRecommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "updateReason": "Resolved issue", "updateReasonCode": "valid_business_case", "lastUpdatedAt": "2023-01-17T18:25:44.552Z" }], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用list-organization-recommendation-resources

AWS CLI

若要列出組織建議資源

下列list-organization-recommendation-resources範例會依其識別碼列出組織建議的所有資源。

aws trustedadvisor list-organization-recommendation-resources \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0

輸出:

{ "organizationRecommendationResourceSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/bb38affc0ce0681d9a6cd13f30238ba03a8f63dfe7a379dc403c619119d86af", "awsResourceId": "database-1-instance-1", "id": "bb38affc0ce0681d9a6cd13f302383ba03a8f63dfe7a379dc403c619119d86af", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "208.79999999999998", "2": "database-1-instance-1", "3": "db.r5.large", "4": "false", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-1-instance-1", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/51fded4d7a3278818df9cfe344ff5762cec46c095a6763d1ba1ba53bd0e1b0e6", "awsResourceId": "database-1", "id": "51fded4d7a3278818df9cfe344ff5762cec46c095a6763d1ba1ba53bd0e1b0e6", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "31.679999999999996", "2": "database-1", "3": "db.t3.small", "4": "false", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-1", "7": "20" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/5a694939-2e54-45a2-ae72-730598fa89d0/f4d01bd20f4cd5372062aafc8786c489e48f0ead7cdab121463bf9f89e40a36b", "awsResourceId": "database-2-instance-1-us-west-2a", "id": "f4d01bd20f4cd5372062aafc8786c489e48f0ead7cdab121463bf9f89e40a36b", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "187.20000000000002", "2": "database-2-instance-1-us-west-2a", "3": "db.r6g.large", "4": "true", "5": "us-west-2", "6": "arn:aws:rds:us-west-2:000000000000:db:database-2-instance-1-us-west-2a", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor:::organization-recommendation/5a694939-2e54-45a2-ae72-730598fa89d0", "regionCode": "us-west-2", "status": "warning" }, ], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用list-organization-recommendations

AWS CLI

範例 1:列出組織建議

下列list-organization-recommendations範例會列出所有組織建議,且不包含篩選器。

aws trustedadvisor list-organization-recommendations

輸出:

{ "organizationRecommendationSummaries": [ { "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }, { "arn": "arn:aws:trustedadvisor:::organization-recommendation/4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }, ], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

範例 2:使用篩選條件列出組織建議

下列list-organization-recommendations範例會篩選並傳回屬於「安全性」支柱一部分的最多一個組織建議。

aws trustedadvisor list-organization-recommendations \ --pillar security \ --max-items 100

輸出:

{ "organizationRecommendationSummaries": [{ "arn": "arn:aws:trustedadvisor:::organization-recommendation/9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "9534ec9b-bf3a-44e8-8213-2ed68b39d9d5", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

範例 3:若要列出具有分頁權杖的組織建議

下列list-organization-recommendations範例會使用先前要求傳回的「nextToken」來擷取組織建議的下一頁。

aws trustedadvisor list-organization-recommendations \ --pillar security \ --max-items 100 \ --starting-token <next-token>

輸出:

{ "organizationRecommendationSummaries": [{ "arn": "arn:aws:trustedadvisor:::organization-recommendation/4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "name": "Lambda Runtime Deprecation Warning", "awsServices": [ "lambda" ], "checkArn": "arn:aws:trustedadvisor:::check/L4dfs2Q4C5", "id": "4ecff4d4-1bc1-4c99-a5b8-0fff9ee500d6", "lifecycleStage": "resolved", "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 0, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "warning", "type": "priority" }] }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用list-recommendation-resources

AWS CLI

若要列出建議資源

下列list-recommendation-resources範例會依其識別碼列出建議的所有資源。

aws trustedadvisor list-recommendation-resources \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578

輸出:

{ "recommendationResourceSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/18959a1f1973cff8e706e9d9bde28bba36cd602a6b2cb86c8b61252835236010", "id": "18959a1f1973cff8e706e9d9bde28bba36cd602a6b2cb86c8b61252835236010", "awsResourceId": "webcms-dev-01", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "123.12000000000002", "2": "webcms-dev-01", "3": "db.m6i.large", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:webcms-dev-01", "7": "20" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/e6367ff500ac90db8e4adeb4892e39ee9c36bbf812dcbce4b9e4fefcec9eb63e", "id": "e6367ff500ac90db8e4adeb4892e39ee9c36bbf812dcbce4b9e4fefcec9eb63e", "awsResourceId": "aws-dev-db-stack-instance-1", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "29.52", "2": "aws-dev-db-stack-instance-1", "3": "db.t2.small", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:aws-dev-db-stack-instance-1", "7": "1" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation-resource/55fa4d2e-bbb7-491a-833b-5773e9589578/31aa78ba050a5015d2d38cca7f5f1ce88f70857c4e1c3ad03f8f9fd95dad7459", "id": "31aa78ba050a5015d2d38cca7f5f1ce88f70857c4e1c3ad03f8f9fd95dad7459", "awsResourceId": "aws-awesome-apps-stack-db", "lastUpdatedAt": "2023-11-01T15:09:51.891Z", "metadata": { "0": "14", "1": "114.48000000000002", "2": "aws-awesome-apps-stack-db", "3": "db.m6g.large", "4": "false", "5": "us-east-1", "6": "arn:aws:rds:us-east-1:000000000000:db:aws-awesome-apps-stack-db", "7": "100" }, "recommendationArn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "regionCode": "us-east-1", "status": "warning" } ], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用list-recommendations

AWS CLI

範例 1:列出建議

下列list-recommendations範例會列出所有建議,且不包含篩選器。

aws trustedadvisor list-recommendations

輸出:

{ "recommendationSummaries": [ { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" }, { "arn": "arn:aws:trustedadvisor::000000000000:recommendation/8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "name": "RDS clusters quota warning", "awsServices": [ "rds" ], "checkArn": "arn:aws:trustedadvisor:::check/gjqMBn6pjz", "id": "8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "lastUpdatedAt": "2023-11-01T15:58:17.397Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "service_limits" ], "resourcesAggregates": { "errorCount": 0, "okCount": 3, "warningCount": 6 }, "source": "ta_check", "status": "warning", "type": "standard" } ], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

範例 2:使用篩選條件列出建議

下列list-recommendations範例會列出建議並包含篩選器。

aws trustedadvisor list-recommendations \ --aws-service iam \ --max-items 100

輸出:

{ "recommendationSummaries": [{ "arn": "arn:aws:trustedadvisor::000000000000:recommendation/55fa4d2e-bbb7-491a-833b-5773e9589578", "name": "MFA Recommendation", "awsServices": [ "iam" ], "checkArn": "arn:aws:trustedadvisor:::check/7DAFEmoDos", "id": "55fa4d2e-bbb7-491a-833b-5773e9589578", "lastUpdatedAt": "2023-11-01T15:57:58.673Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "security" ], "resourcesAggregates": { "errorCount": 1, "okCount": 0, "warningCount": 0 }, "source": "ta_check", "status": "error", "type": "standard" }], "nextToken": "REDACTED" }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

範例 3:若要列出含有分頁記號的建議

下列list-recommendations範例會使用先前要求傳回的「nextToken」,擷取已篩選建議的下一頁。

aws trustedadvisor list-recommendations \ --aws-service rds \ --max-items 100 \ --starting-token <next-token>

輸出:

{ "recommendationSummaries": [{ "arn": "arn:aws:trustedadvisor::000000000000:recommendation/8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "name": "RDS clusters quota warning", "awsServices": [ "rds" ], "checkArn": "arn:aws:trustedadvisor:::check/gjqMBn6pjz", "id": "8b602b6f-452d-4cb2-8a9e-c7650955d9cd", "lastUpdatedAt": "2023-11-01T15:58:17.397Z", "pillarSpecificAggregates": { "costOptimizing": { "estimatedMonthlySavings": 0.0, "estimatedPercentMonthlySavings": 0.0 } }, "pillars": [ "service_limits" ], "resourcesAggregates": { "errorCount": 0, "okCount": 3, "warningCount": 6 }, "source": "ta_check", "status": "warning", "type": "standard" }] }

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用update-organization-recommendation-lifecycle

AWS CLI

若要更新組織建議生命週期

下列update-organization-recommendation-lifecycle範例會依組織建議的識別碼來更新組織建議的生命週期。

aws trustedadvisor update-organization-recommendation-lifecycle \ --organization-recommendation-identifier arn:aws:trustedadvisor:::organization-recommendation/96b5e5ca-7930-444c-90c6-06d386128100 \ --lifecycle-stage dismissed \ --update-reason-code not_applicable

此命令不會產生輸出。

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用

下列程式碼範例會示範如何使用update-recommendation-lifecycle

AWS CLI

若要更新建議生命週期

下列update-recommendation-lifecycle範例會依其識別碼更新建議的生命週期。

aws trustedadvisor update-recommendation-lifecycle \ --recommendation-identifier arn:aws:trustedadvisor::000000000000:recommendation/861c9c6e-f169-405a-8b59-537a8caccd7a \ --lifecycle-stage resolved \ --update-reason-code valid_business_case

此命令不會產生輸出。

如需詳細資訊,請參閱受信任的建議程式使用者指南中的AWS Trusted Advisor API 開始使用