显示aws资源配置版本之间的历史记录和更改
awslog的Python项目详细描述
awslog
显示AWS资源配置版本之间的历史记录和更改
使用aws config获取资源的配置历史记录,仅对resources supported by AWS Config有效。
安装
pip install awslog
用法
确保你的AWS credentials are properly configured。
您可以使用aws cli通过发出aws sts get-caller-identity来测试它。它应该报告有关当前cli会话的信息,而不会引发任何错误。
确保将AWS Config设置为记录资源的配置更改。
cli
usage: awslog [-h] [--type TYPE] [--number NUMBER] [--before BEFORE]
[--after AFTER] [--deleted] [--context CONTEXT] [--no-color]
name
positional arguments:
name name or ID of the resource to query
optional arguments:
-h, --help show this help message and exit
--type TYPE, -t TYPE the type of the resource to query list of supported
resource types: https://docs.aws.amazon.com/config/lat
est/developerguide/resource-config-reference.html
--number NUMBER, -n NUMBER
number of history items to show
--before BEFORE, -b BEFORE
show changes more recent than the specified date and
time
--after AFTER, -a AFTER
show changes older than the specified date and time
--deleted, -d include deleted resources
--context CONTEXT, -c CONTEXT
number of context lines in the diffs
--no-color, -o disable colored output
示例:
$ awslog sg-7235f203
--- arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:44:36
+++ arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:53:44
@@ -1,24 +1,24 @@
{
"description": "default VPC security group",
"groupId": "sg-7235f203",
"groupName": "default",
"ipPermissions": [
{
"fromPort": 80,
"ipProtocol": "tcp",
"ipRanges": [
- "1.1.1.1/32"
+ "0.0.0.0/0"
],
"ipv4Ranges": [
{
- "cidrIp": "1.1.1.1/32"
+ "cidrIp": "0.0.0.0/0"
}
],
"ipv6Ranges": [],
"prefixListIds": [],
"toPort": 80,
"userIdGroupPairs": []
}
],
"ipPermissionsEgress": [
{
$ awslog --type AWS::IAM::User \
> --number 2 \
> --before '10 minutes ago' \
> --after '2018-01-01' \
> --deleted \
> --context 3 \
> --no-color \
> ReadOnly
--- arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:28:16
+++ arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:53:02
@@ -1,10 +1,6 @@
{
"arn": "arn:aws:iam::281519598877:user/ReadOnly",
"attachedManagedPolicies": [
- {
- "policyArn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
- "policyName": "AmazonEC2ReadOnlyAccess"
- },
{
"policyArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"policyName": "AdministratorAccess"
--- arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 10:58:19
+++ arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:28:16
@@ -4,6 +4,10 @@
{
"policyArn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
"policyName": "AmazonEC2ReadOnlyAccess"
+ },
+ {
+ "policyArn": "arn:aws:iam::aws:policy/AdministratorAccess",
+ "policyName": "AdministratorAccess"
},
{
"policyArn": "arn:aws:iam::aws:policy/IAMUserChangePassword",
python模块
>>>importboto3>>>importawslog>>>config=boto3.client('config')>>>after,before=list(awslog.get_config_history(config,'AWS::EC2::SecurityGroup','sg-7235f203'))>>>print('\n'.join(awslog.create_diff(after,before)))
--- arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:44:36
+++ arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:53:44
@@ -1,24 +1,24 @@
{
"description": "default VPC security group",
"groupId": "sg-7235f203",
"groupName": "default",
"ipPermissions": [
{
"fromPort": 80,
"ipProtocol": "tcp",
"ipRanges": [
- "1.1.1.1/32"
+ "0.0.0.0/0"
],
"ipv4Ranges": [
{
- "cidrIp": "1.1.1.1/32"
+ "cidrIp": "0.0.0.0/0"
}
],
"ipv6Ranges": [],
"prefixListIds": [],
"toPort": 80,
"userIdGroupPairs": []
}
],
"ipPermissionsEgress": [
{
欢迎加入QQ群-->: 979659372
