显示aws资源配置版本之间的历史记录和更改
awslog的Python项目详细描述
awslog
显示AWS资源配置版本之间的历史记录和更改
使用aws config获取资源的配置历史记录,仅对resources supported by AWS Config有效。
安装
pip install awslog
用法
确保你的AWS credentials are properly configured。
您可以使用aws cli通过发出aws sts get-caller-identity
来测试它。它应该报告有关当前cli会话的信息,而不会引发任何错误。
确保将AWS Config设置为记录资源的配置更改。
cli
usage: awslog [-h] [--type TYPE] [--number NUMBER] [--before BEFORE]
[--after AFTER] [--deleted] [--context CONTEXT] [--no-color]
name
positional arguments:
name name or ID of the resource to query
optional arguments:
-h, --help show this help message and exit
--type TYPE, -t TYPE the type of the resource to query list of supported
resource types: https://docs.aws.amazon.com/config/lat
est/developerguide/resource-config-reference.html
--number NUMBER, -n NUMBER
number of history items to show
--before BEFORE, -b BEFORE
show changes more recent than the specified date and
time
--after AFTER, -a AFTER
show changes older than the specified date and time
--deleted, -d include deleted resources
--context CONTEXT, -c CONTEXT
number of context lines in the diffs
--no-color, -o disable colored output
示例:
$ awslog sg-7235f203 --- arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:44:36 +++ arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:53:44 @@ -1,24 +1,24 @@ { "description": "default VPC security group", "groupId": "sg-7235f203", "groupName": "default", "ipPermissions": [ { "fromPort": 80, "ipProtocol": "tcp", "ipRanges": [ - "1.1.1.1/32" + "0.0.0.0/0" ], "ipv4Ranges": [ { - "cidrIp": "1.1.1.1/32" + "cidrIp": "0.0.0.0/0" } ], "ipv6Ranges": [], "prefixListIds": [], "toPort": 80, "userIdGroupPairs": [] } ], "ipPermissionsEgress": [ {
$ awslog --type AWS::IAM::User \ > --number 2 \ > --before '10 minutes ago' \ > --after '2018-01-01' \ > --deleted \ > --context 3 \ > --no-color \ > ReadOnly --- arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:28:16 +++ arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:53:02 @@ -1,10 +1,6 @@ { "arn": "arn:aws:iam::281519598877:user/ReadOnly", "attachedManagedPolicies": [ - { - "policyArn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", - "policyName": "AmazonEC2ReadOnlyAccess" - }, { "policyArn": "arn:aws:iam::aws:policy/AdministratorAccess", "policyName": "AdministratorAccess" --- arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 10:58:19 +++ arn:aws:iam::281519598877:user/ReadOnly/configuration 2018-09-13 11:28:16 @@ -4,6 +4,10 @@ { "policyArn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", "policyName": "AmazonEC2ReadOnlyAccess" + }, + { + "policyArn": "arn:aws:iam::aws:policy/AdministratorAccess", + "policyName": "AdministratorAccess" }, { "policyArn": "arn:aws:iam::aws:policy/IAMUserChangePassword",
python模块
>>>importboto3>>>importawslog>>>config=boto3.client('config')>>>after,before=list(awslog.get_config_history(config,'AWS::EC2::SecurityGroup','sg-7235f203'))>>>print('\n'.join(awslog.create_diff(after,before)))
--- arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:44:36
+++ arn:aws:ec2:us-east-1:281519598877:security-group/sg-7235f203/configuration 2018-09-12 23:53:44
@@ -1,24 +1,24 @@
{
"description": "default VPC security group",
"groupId": "sg-7235f203",
"groupName": "default",
"ipPermissions": [
{
"fromPort": 80,
"ipProtocol": "tcp",
"ipRanges": [
- "1.1.1.1/32"
+ "0.0.0.0/0"
],
"ipv4Ranges": [
{
- "cidrIp": "1.1.1.1/32"
+ "cidrIp": "0.0.0.0/0"
}
],
"ipv6Ranges": [],
"prefixListIds": [],
"toPort": 80,
"userIdGroupPairs": []
}
],
"ipPermissionsEgress": [
{