事の発端
AWS CLIからワークロードを更新しようにも各種IDがわからず詰んでしまいました。
以下のようにAWS CLIからワークロードの更新をしようにも『どの質問』の『どの項目』なのかを示すIDが必要だったので調べてみた、ってのが今回のネタです。
$aws wellarchitected update-answer --lens-alias wellarchitected --is-applicable --workload-id ??? --question-id ??? --selected-choices ???
調べ方は実に地味
ひとまずAWS Management Consoleから適当にワークロードを定義します。
IDが欲しいだけなのでレビューの開始は不要です。
まずはワークロードの一覧を表示してみます。
$ aws wellarchitected list-workloads
{
"WorkloadSummaries": [
{
"WorkloadId": "0123456789abcdef0123456789abcdef",
"WorkloadArn": "arn:aws:wellarchitected:ap-northeast-1:111111111111:workload/0123456789abcdef0123456789abcdef",
"WorkloadName": "サンプルワークロード",
"Owner": "111111111111",
"UpdatedAt": "2021-03-29T04:25:10+00:00",
"Lenses": [
"wellarchitected"
],
"RiskCounts": {
"UNANSWERED": 48,
"NOT_APPLICABLE": 1,
"MEDIUM": 1,
"HIGH": 2
},
"ImprovementStatus": "NOT_APPLICABLE"
}
]
}
次にWorkloadId を指定して各質問に対する答えを表示してみます。
$ aws wellarchitected list-answers --workload-id 0123456789abcdef0123456789abcdef --lens-alias wellarchitected
{
"WorkloadId": "0123456789abcdef0123456789abcdef",
"LensAlias": "wellarchitected",
"AnswerSummaries": [
{
"QuestionId": "cloud-financial-management",
"PillarId": "costOptimization",
"QuestionTitle": "How do you implement cloud financial management?",
"Choices": [
{
"ChoiceId": "cost_cloud_financial_management_function",
"Title": "Establish a cost optimization function",
"Description": "Create a team that is responsible for establishing and\n maintaining cost awareness across your organization. The team requires people from finance,\n technology, and business roles across the organization.\n\t\t "
},
(省略)
NextToken が表示される場合はまだ出力すべき項目が残っているので、NextToken が表示されなくなるまで --next-token オプションを追加して再実行します。
各種IDを整理してみた
テキトーに出力結果を結合して、各種IDを抜き出して整理してみました。
Pillar ID
operationalExcellence
security
reliability
performance
costOptimization
Question Id
わかりやすいように『OPS 1』のように識別子を付けています。
OPS 1 priorities
OPS 2 ops-model
OPS 3 org-culture
OPS 4 telemetry
OPS 5 dev-integ
OPS 6 mit-deploy-risks
OPS 7 ready-to-support
OPS 8 workload-health
OPS 9 operations-health
OPS 10 event-response
OPS 11 evolve-ops
SEC 1 securely-operate
SEC 2 identities
SEC 3 permissions
SEC 4 detect-investigate-events
SEC 5 network-protection
SEC 6 protect-compute
SEC 7 data-classification
SEC 8 protect-data-rest
SEC 9 protect-data-transit
SEC 10 incident-response
REL 1 manage-service-limits
REL 2 planning-network-topology
REL 3 service-architecture
REL 4 prevent-interaction-failure
REL 5 mitigate-interaction-failure
REL 6 monitor-aws-resources
REL 7 adapt-to-changes
REL 8 tracking-change-management
REL 9 backing-up-data
REL 10 fault-isolation
REL 11 withstand-component-failures
REL 12 testing-resiliency
REL 13 planning-for-recovery
PERF 1 performing-architecture
PERF 2 select-compute
PERF 3 right-storage-solution
PERF 4 right-database-solution
PERF 5 select-network
PERF 6 continue-having-appropriate-resource-type
PERF 7 monitor-instances-post-launch
PERF 8 tradeoffs-performance
COST 1 cloud-financial-management
COST 2 govern-usage
COST 3 monitor-usage
COST 4 decomissioning-resources
COST 5 select-service
COST 6 type-size-number-resources
COST 7 pricing-model
COST 8 data-transfer
COST 9 manage-demand-resources
COST 10 evaluate-new-services
Choice ID
わかりやすいように『OPS 1-1』のように識別子を付けています。
OPS 1-1 ops_priorities_ext_cust_needs
OPS 1-2 ops_priorities_int_cust_needs
OPS 1-3 ops_priorities_governance_reqs
OPS 1-4 ops_priorities_compliance_reqs
OPS 1-5 ops_priorities_eval_threat_landscape
OPS 1-6 ops_priorities_eval_tradeoffs
OPS 1-7 ops_priorities_manage_risk_benefit
OPS 1-8 ops_priorities_no
OPS 2-1 ops_ops_model_def_resource_owners
OPS 2-2 ops_ops_model_def_proc_owners
OPS 2-3 ops_ops_model_def_activity_owners
OPS 2-4 ops_ops_model_know_my_job
OPS 2-5 ops_ops_model_find_owner
OPS 2-6 ops_ops_model_req_add_chg_exception
OPS 2-7 ops_ops_model_def_neg_team_agreements
OPS 2-8 ops_ops_model_no
OPS 3-1 ops_org_culture_executive_sponsor
OPS 3-2 ops_org_culture_team_emp_take_action
OPS 3-3 ops_org_culture_team_enc_escalation
OPS 3-4 ops_org_culture_effective_comms
OPS 3-5 ops_org_culture_team_enc_experiment
OPS 3-6 ops_org_culture_team_enc_learn
OPS 3-7 ops_org_culture_team_res_appro
OPS 3-8 ops_org_culture_diverse_inc_access
OPS 3-9 ops_org_culture_no
OPS 4-1 ops_telemetry_application_telemetry
OPS 4-2 ops_telemetry_workload_telemetry
OPS 4-3 ops_telemetry_customer_telemetry
OPS 4-4 ops_telemetry_dependency_telemetry
OPS 4-5 ops_telemetry_dist_trace
OPS 4-6 ops_telemetry_no
OPS 5-1 ops_dev_integ_version_control
OPS 5-2 ops_dev_integ_test_val_chg
OPS 5-3 ops_dev_integ_conf_mgmt_sys
OPS 5-4 ops_dev_integ_build_mgmt_sys
OPS 5-5 ops_dev_integ_patch_mgmt
OPS 5-6 ops_dev_integ_share_design_stds
OPS 5-7 ops_dev_integ_code_quality
OPS 5-8 ops_dev_integ_multi_env
OPS 5-9 ops_dev_integ_freq_sm_rev_chg
OPS 5-10 ops_dev_integ_auto_integ_deploy
OPS 5-11 ops_dev_integ_no
OPS 6-1 ops_mit_deploy_risks_plan_for_unsucessful_changes
OPS 6-2 ops_mit_deploy_risks_test_val_chg
OPS 6-3 ops_mit_deploy_risks_deploy_mgmt_sys
OPS 6-4 ops_mit_deploy_risks_test_limited_deploy
OPS 6-5 ops_mit_deploy_risks_deploy_to_parallel_env
OPS 6-6 ops_mit_deploy_risks_freq_sm_rev_chg
OPS 6-7 ops_mit_deploy_risks_auto_integ_deploy
OPS 6-8 ops_mit_deploy_risks_auto_testing_and_rollback
OPS 6-9 ops_mit_deploy_risks_no
OPS 7-1 ops_ready_to_support_personnel_capability
OPS 7-2 ops_ready_to_support_const_orr
OPS 7-3 ops_ready_to_support_use_runbooks
OPS 7-4 ops_ready_to_support_use_playbooks
OPS 7-5 ops_ready_to_support_informed_deploy_decisions
OPS 7-6 ops_ready_to_support_no
OPS 8-1 ops_workload_health_define_workload_kpis
OPS 8-2 ops_workload_health_design_workload_metrics
OPS 8-3 ops_workload_health_collect_analyze_workload_metrics
OPS 8-4 ops_workload_health_workload_metric_baselines
OPS 8-5 ops_workload_health_learn_workload_usage_patterns
OPS 8-6 ops_workload_health_workload_outcome_alerts
OPS 8-7 ops_workload_health_workload_anomaly_alerts
OPS 8-8 ops_workload_health_biz_level_view_workload
OPS 8-9 ops_workload_health_no
OPS 9-1 ops_operations_health_define_ops_kpis
OPS 9-2 ops_operations_health_design_ops_metrics
OPS 9-3 ops_operations_health_collect_analyze_ops_metrics
OPS 9-4 ops_operations_health_ops_metric_baselines
OPS 9-5 ops_operations_health_learn_ops_usage_patterns
OPS 9-6 ops_operations_health_ops_outcome_alerts
OPS 9-7 ops_operations_health_ops_anomaly_alerts
OPS 9-8 ops_operations_health_biz_level_view_ops
OPS 9-9 ops_operations_health_no
OPS 10-1 ops_event_response_event_incident_problem_process
OPS 10-2 ops_event_response_process_per_alert
OPS 10-3 ops_event_response_prioritize_events
OPS 10-4 ops_event_response_define_escalation_paths
OPS 10-5 ops_event_response_push_notify
OPS 10-6 ops_event_response_dashboards
OPS 10-7 ops_event_response_auto_event_response
OPS 10-8 ops_event_response_no
OPS 11-1 ops_evolve_ops_process_cont_imp
OPS 11-2 ops_evolve_ops_perform_rca_process
OPS 11-3 ops_evolve_ops_feedback_loops
OPS 11-4 ops_evolve_ops_knowledge_management
OPS 11-5 ops_evolve_ops_drivers_for_imp
OPS 11-6 ops_evolve_ops_validate_insights
OPS 11-7 ops_evolve_ops_metrics_review
OPS 11-8 ops_evolve_ops_share_lessons_learned
OPS 11-9 ops_evolve_ops_allocate_time_for_imp
OPS 11-10 ops_evolve_ops_no
SEC 1-1 sec_securely_operate_multi_accounts
SEC 1-2 sec_securely_operate_aws_account
SEC 1-3 sec_securely_operate_control_objectives
SEC 1-4 sec_securely_operate_updated_threats
SEC 1-5 sec_securely_operate_updated_recommendations
SEC 1-6 sec_securely_operate_test_validate_pipeline
SEC 1-7 sec_securely_operate_threat_model
SEC 1-8 sec_securely_operate_implement_services_features
SEC 1-9 sec_securely_operate_no
SEC 2-1 sec_identities_enforce_mechanisms
SEC 2-2 sec_identities_unique
SEC 2-3 sec_identities_secrets
SEC 2-4 sec_identities_identity_provider
SEC 2-5 sec_identities_audit
SEC 2-6 sec_identities_groups_attributes
SEC 2-7 sec_identities_no
SEC 3-1 sec_permissions_define
SEC 3-2 sec_permissions_least_privileges
SEC 3-3 sec_permissions_emergency_process
SEC 3-4 sec_permissions_continuous_reduction
SEC 3-5 sec_permissions_define_guardrails
SEC 3-6 sec_permissions_lifecycle
SEC 3-7 sec_permissions_analyze_cross_account
SEC 3-8 sec_permissions_share_securely
SEC 3-9 sec_permissions_no
SEC 4-1 sec_detect_investigate_events_app_service_logging
SEC 4-2 sec_detect_investigate_events_analyze_all
SEC 4-3 sec_detect_investigate_events_auto_response
SEC 4-4 sec_detect_investigate_events_actionable_events
SEC 4-5 sec_detect_investigate_events_no
SEC 5-1 sec_network_protection_create_layers
SEC 5-2 sec_network_protection_layered
SEC 5-3 sec_network_protection_auto_protect
SEC 5-4 sec_network_protection_inspection
SEC 5-5 sec_network_protection_no
SEC 6-1 sec_protect_compute_vulnerability_management
SEC 6-2 sec_protect_compute_reduce_surface
SEC 6-3 sec_protect_compute_implement_managed_services
SEC 6-4 sec_protect_compute_auto_protection
SEC 6-5 sec_protect_compute_actions_distance
SEC 6-6 sec_protect_compute_validate_software_integrity
SEC 6-7 sec_protect_compute_no
SEC 7-1 sec_data_classification_identify_data
SEC 7-2 sec_data_classification_define_protection
SEC 7-3 sec_data_classification_auto_classification
SEC 7-4 sec_data_classification_lifecycle_management
SEC 7-5 sec_data_classification_no
SEC 8-1 sec_protect_data_rest_key_mgmt
SEC 8-2 sec_protect_data_rest_encrypt
SEC 8-3 sec_protect_data_rest_automate_protection
SEC 8-4 sec_protect_data_rest_access_control
SEC 8-5 sec_protect_data_rest_use_people_away
SEC 8-6 sec_protect_data_rest_no
SEC 9-1 sec_protect_data_transit_key_cert_mgmt
SEC 9-2 sec_protect_data_transit_encrypt
SEC 9-3 sec_protect_data_transit_auto_unintended_access
SEC 9-4 sec_protect_data_transit_authentication
SEC 9-5 sec_protect_data_transit_no
SEC 10-1 sec_incident_response_identify_personnel
SEC 10-2 sec_incident_response_develop_management_plans
SEC 10-3 sec_incident_response_prepare_forensic
SEC 10-4 sec_incident_response_auto_contain
SEC 10-5 sec_incident_response_pre_provision_access
SEC 10-6 sec_incident_response_pre_deploy_tools
SEC 10-7 sec_incident_response_run_game_days
SEC 10-8 sec_incident_response_no
REL 1-1 rel_manage_service_limits_aware_quotas_and_constraints
REL 1-2 rel_manage_service_limits_limits_considered
REL 1-3 rel_manage_service_limits_aware_fixed_limits
REL 1-4 rel_manage_service_limits_monitor_manage_limits
REL 1-5 rel_manage_service_limits_automated_monitor_limits
REL 1-6 rel_manage_service_limits_suff_buffer_limits
REL 1-7 rel_manage_service_limits_no
REL 2-1 rel_planning_network_topology_ha_conn_users
REL 2-2 rel_planning_network_topology_ha_conn_private_networks
REL 2-3 rel_planning_network_topology_ip_subnet_allocation
REL 2-4 rel_planning_network_topology_prefer_hub_and_spoke
REL 2-5 rel_planning_network_topology_non_overlap_ip
REL 2-6 rel_planning_network_topology_no
REL 3-1 rel_service_architecture_monolith_soa_microservice
REL 3-2 rel_service_architecture_business_domains
REL 3-3 rel_service_architecture_api_contracts
REL 3-4 rel_service_architecture_no
REL 4-1 rel_prevent_interaction_failure_identify
REL 4-2 rel_prevent_interaction_failure_loosely_coupled_system
REL 4-3 rel_prevent_interaction_failure_idempotent
REL 4-4 rel_prevent_interaction_failure_constant_work
REL 4-5 rel_prevent_interaction_failure_no
REL 5-1 rel_mitigate_interaction_failure_graceful_degradation
REL 5-2 rel_mitigate_interaction_failure_throttle_requests
REL 5-3 rel_mitigate_interaction_failure_limit_retries
REL 5-4 rel_mitigate_interaction_failure_fail_fast
REL 5-5 rel_mitigate_interaction_failure_client_timeouts
REL 5-6 rel_mitigate_interaction_failure_stateless
REL 5-7 rel_mitigate_interaction_failure_emergency_levers
REL 5-8 rel_mitigate_interaction_failure_no
REL 6-1 rel_monitor_aws_resources_monitor_resources
REL 6-2 rel_monitor_aws_resources_notification_aggregation
REL 6-3 rel_monitor_aws_resources_notification_monitor
REL 6-4 rel_monitor_aws_resources_automate_response_monitor
REL 6-5 rel_monitor_aws_resources_storage_analytics
REL 6-6 rel_monitor_aws_resources_review_monitoring
REL 6-7 rel_monitor_aws_resources_end_to_end
REL 6-8 rel_monitor_aws_resources_no
REL 7-1 rel_adapt_to_changes_autoscale_adapt
REL 7-2 rel_adapt_to_changes_reactive_adapt_auto
REL 7-3 rel_adapt_to_changes_proactive_adapt_auto
REL 7-4 rel_adapt_to_changes_load_tested_adapt
REL 7-5 rel_adapt_to_changes_no
REL 8-1 rel_tracking_change_management_planned_changemgmt
REL 8-2 rel_tracking_change_management_functional_testing
REL 8-3 rel_tracking_change_management_resiliency_testing
REL 8-4 rel_tracking_change_management_immutable_infrastructure
REL 8-5 rel_tracking_change_management_automated_changemgmt
REL 8-6 rel_tracking_change_management_no
REL 9-1 rel_backing_up_data_identified_backups_data
REL 9-2 rel_backing_up_data_secured_backups_data
REL 9-3 rel_backing_up_data_automated_backups_data
REL 9-4 rel_backing_up_data_periodic_recovery_testing_data
REL 9-5 rel_backing_up_data_no
REL 10-1 rel_fault_isolation_multiaz_region_system
REL 10-2 rel_fault_isolation_single_az_system
REL 10-3 rel_fault_isolation_use_bulkhead
REL 10-4 rel_fault_isolation_no
REL 11-1 rel_withstand_component_failures_monitoring_health
REL 11-2 rel_withstand_component_failures_failover2good
REL 11-3 rel_withstand_component_failures_auto_healing_system
REL 11-4 rel_withstand_component_failures_static_stability
REL 11-5 rel_withstand_component_failures_notifications_sent_system
REL 11-6 rel_withstand_component_failures_no
REL 12-1 rel_testing_resiliency_playbook_resiliency
REL 12-2 rel_testing_resiliency_rca_resiliency
REL 12-3 rel_testing_resiliency_test_functional
REL 12-4 rel_testing_resiliency_test_non_functional
REL 12-5 rel_testing_resiliency_failure_injection_resiliency
REL 12-6 rel_testing_resiliency_game_days_resiliency
REL 12-7 rel_testing_resiliency_no
REL 13-1 rel_planning_for_recovery_objective_defined_recovery
REL 13-2 rel_planning_for_recovery_disaster_recovery
REL 13-3 rel_planning_for_recovery_dr_tested
REL 13-4 rel_planning_for_recovery_config_drift
REL 13-5 rel_planning_for_recovery_auto_recovery
REL 13-6 rel_planning_for_recovery_no
PERF 1-1 perf_performing_architecture_evaluate_resources
PERF 1-2 perf_performing_architecture_process
PERF 1-3 perf_performing_architecture_cost
PERF 1-4 perf_performing_architecture_use_policies
PERF 1-5 perf_performing_architecture_external_guidance
PERF 1-6 perf_performing_architecture_benchmark
PERF 1-7 perf_performing_architecture_load_test
PERF 1-8 perf_performing_architecture_no
PERF 2-1 perf_select_compute_evaluate_options
PERF 2-2 perf_select_compute_config_options
PERF 2-3 perf_select_compute_collect_metrics
PERF 2-4 perf_select_compute_right_sizing
PERF 2-5 perf_select_compute_elasticity
PERF 2-6 perf_select_compute_use_metrics
PERF 2-7 perf_select_compute_no
PERF 3-1 perf_right_storage_solution_understand_char
PERF 3-2 perf_right_storage_solution_evaluated_options
PERF 3-3 perf_right_storage_solution_optimize_patterns
PERF 3-4 perf_right_storage_solution_no
PERF 4-1 perf_right_database_solution_understand_char
PERF 4-2 perf_right_database_solution_evaluate_options
PERF 4-3 perf_right_database_solution_collect_metrics
PERF 4-4 perf_right_database_solution_access_patterns
PERF 4-5 perf_right_database_solution_optimize_metrics
PERF 4-6 perf_right_database_solution_no
PERF 5-1 perf_select_network_understand_impact
PERF 5-2 perf_select_network_evaluate_features
PERF 5-3 perf_select_network_hybrid
PERF 5-4 perf_select_network_encryption_offload
PERF 5-5 perf_select_network_protocols
PERF 5-6 perf_select_network_location
PERF 5-7 perf_select_network_optimize
PERF 5-8 perf_select_network_no
PERF 6-1 perf_continue_having_appropriate_resource_type_keep_up_to_date
PERF 6-2 perf_continue_having_appropriate_resource_type_define_process
PERF 6-3 perf_continue_having_appropriate_resource_type_evolve
PERF 6-4 perf_continue_having_appropriate_resource_type_no
PERF 7-1 perf_monitor_instances_post_launch_record_metrics
PERF 7-2 perf_monitor_instances_post_launch_review_metrics
PERF 7-3 perf_monitor_instances_post_launch_establish_kpi
PERF 7-4 perf_monitor_instances_post_launch_generate_alarms
PERF 7-5 perf_monitor_instances_post_launch_review_metrics_collected
PERF 7-6 perf_monitor_instances_post_launch_proactive
PERF 7-7 perf_monitor_instances_post_launch_no
PERF 8-1 perf_tradeoffs_performance_critical_areas
PERF 8-2 perf_tradeoffs_performance_design_patterns
PERF 8-3 perf_tradeoffs_performance_understand_impact
PERF 8-4 perf_tradeoffs_performance_measure
PERF 8-5 perf_tradeoffs_performance_implement_strategy
PERF 8-6 perf_tradeoffs_performance_no
COST 1-1 cost_cloud_financial_management_function
COST 1-2 cost_cloud_financial_management_partnership
COST 1-3 cost_cloud_financial_management_budget_forecast
COST 1-4 cost_cloud_financial_management_cost_awareness
COST 1-5 cost_cloud_financial_management_usage_report
COST 1-6 cost_cloud_financial_management_proactive_process
COST 1-7 cost_cloud_financial_management_scheduled
COST 1-8 cost_cloud_financial_management_no
COST 2-1 cost_govern_usage_policies
COST 2-2 cost_govern_usage_goal_target
COST 2-3 cost_govern_usage_account_structure
COST 2-4 cost_govern_usage_groups_roles
COST 2-5 cost_govern_usage_controls
COST 2-6 cost_govern_usage_track_lifecycle
COST 2-7 cost_govern_usage_no
COST 3-1 cost_monitor_usage_detailed_source
COST 3-2 cost_monitor_usage_define_attribution
COST 3-3 cost_monitor_usage_define_kpi
COST 3-4 cost_monitor_usage_config_tools
COST 3-5 cost_monitor_usage_org_information
COST 3-6 cost_monitor_usage_allocate_outcome
COST 3-7 cost_monitor_usage_no
COST 4-1 cost_decomissioning_resources_track
COST 4-2 cost_decomissioning_resources_implement_process
COST 4-3 cost_decomissioning_resources_decommission
COST 4-4 cost_decomissioning_resources_decomm_automated
COST 4-5 cost_decomissioning_resources_no
COST 5-1 cost_select_service_requirements
COST 5-2 cost_select_service_analyze_all
COST 5-3 cost_select_service_thorough_analysis
COST 5-4 cost_select_service_licensing
COST 5-5 cost_select_service_select_for_cost
COST 5-6 cost_select_service_analyze_over_time
COST 5-7 cost_select_service_no
COST 6-1 cost_type_size_number_resources_cost_modeling
COST 6-2 cost_type_size_number_resources_data
COST 6-3 cost_type_size_number_resources_metrics
COST 6-4 cost_type_size_number_resources_no
COST 7-1 cost_pricing_model_analysis
COST 7-2 cost_pricing_model_region_cost
COST 7-3 cost_pricing_model_third_party
COST 7-4 cost_pricing_model_implement_models
COST 7-5 cost_pricing_model_master_analysis
COST 7-6 cost_pricing_model_no
COST 8-1 cost_data_transfer_modeling
COST 8-2 cost_data_transfer_optimized_components
COST 8-3 cost_data_transfer_implement_services
COST 8-4 cost_data_transfer_no
COST 9-1 cost_manage_demand_resources_cost_analysis
COST 9-2 cost_manage_demand_resources_buffer_throttle
COST 9-3 cost_manage_demand_resources_dynamic
COST 9-4 cost_manage_demand_resources_no
COST 10-1 cost_evaluate_new_services_review_process
COST 10-2 cost_evaluate_new_services_review_workload
COST 10-3 cost_evaluate_new_services_no
AWS CLI でワークロードを更新する
こんな感じですかね。
$ aws wellarchitected update-answer --workload-id 0123456789abcdef0123456789abcdef --lens-alias wellarchitected --question-id permissions --selected-choices "sec_permissions_define" "sec_permissions_least_privileges" --is-applicable
おまけ
AWS CLIの出力結果を眺めているとアッパーキャメルケースかなー、と思いきや、Pillar IDはローワーキャメルケース、Question IDはケバブケース、Choice IDはスネークケース。
何か意図があるんだろうか。少し気になる。