当我使用AWS CLI运行以下命令以查找AWS Config规则的合规性状态时,会得到预期的响应:
$ aws configservice describe-compliance-by-config-rule --config-rule-names vpc-flow-logs-enabled
{
"ComplianceByConfigRules": [
{
"ConfigRuleName": "vpc-flow-logs-enabled",
"Compliance": {
"ComplianceType": "NON_COMPLIANT",
"ComplianceContributorCount": {
"CappedCount": 2,
"CapExceeded": false
}
}
}
]
}
如果我运行与Python相同的代码,则会得到botocore.errorfactory.NoSuchConfigRuleException
异常:
import boto3
session = boto3.Session(profile_name='ops')
config = session.client('config',region_name='eu-west-1')
print config.describe_compliance_by_config_rule(ConfigRuleNames=['vpc-flow-logs-enabled'])
完整的例外是
Traceback (most recent call last):
File "./test.py", line 7, in <module>
print config.describe_compliance_by_config_rule(ConfigRuleNames=['vpc-flow-logs-enabled'])
File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 320, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python2.7/site-packages/botocore/client.py", line 624, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.NoSuchConfigRuleException: An error occurred (NoSuchConfigRuleException) when calling the DescribeComplianceByConfigRule operation: The ConfigRule 'vpc-flow-logs-enabled' provided in the request is invalid. Please check the configRule name.
更广泛的上下文是describe_compliance_by_config_rule()
调用仅返回50条规则中的16条。这似乎不是分页器问题,因为返回输出不包含NextToken
。当包裹在分页器中时,这仅返回一页。如果单独测试返回的16条规则之一,则示例Python代码将正确返回。