This topic introduces the basic terms involved in Cloud Config.
|resource type||A resource type is a category of resources. For example, the resource type of Elastic
Compute Service (ECS) instances is Instance. Resources can be divided into the following
|resource configurations||Cloud Config retrieves all your resources by using the APIs of Alibaba Cloud services. In a resource list, you can click a resource ID to view the configurations of the resource. You can also manage the resource in the Alibaba Cloud Management Console.|
|monitoring scope||You can configure the monitoring scope of Cloud Config by specifying the types of
resources to be monitored.
|rule||A rule is a function that is used to determine whether a resource configuration is
compliant. Cloud Config runs rule code by using functions of Function Compute. Assume
that a rule is applied to a resource type in Cloud Config. If the configurations of
a resource of this type change, Cloud Config re-evaluates the resource based on the
rule and checks whether the configuration is compliant. Cloud Config can also trigger
rules at a specified time to periodically evaluate the compliance of all resources.
The rules in Cloud Config are divided into the following categories:
|configuration timeline||Cloud Config provides a configuration timeline for each resource that is monitored.
|compliance timeline||Cloud Config evaluates resources based on rules. A compliance record is generated
when a rule is triggered. Cloud Config displays the compliance records over time in
the compliance timeline. The compliance records that are displayed in the compliance
timeline depend on the trigger type.
|classified protection precheck||The classified protection precheck feature of Cloud Config monitors and evaluates your Alibaba Cloud resources in a continuous manner. You can view the compliance evaluation result in real time and remediate non-compliant resources. This simplifies the procedure of an official assessment. For more information, see Baseline for Classified Protection of Cybersecurity 2.0.|
|CIS||The Center for Internet Security (CIS) is a community of organizations and individuals that want actionable security resources. The CIS Controls are a set of 20 controls designed to help organizations safeguard their systems and data.|
Resource Directory allows you to manage the relationships among multiple levels of enterprise resources (accounts).
A management account is an account that is used to enable a resource directory and is the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the member accounts in the resource directory. Only an Alibaba Cloud account that has passed enterprise real-name verification can be used as a management account. Each resource directory has only one management account.
Note A management account does not belong to a resource directory and is not limited by the control policies of a resource directory.
A member account serves as a container for resources and is also an organizational unit in a resource directory. A member account indicates a project or application. The resources of different member accounts are isolated. You can use a management account to authorize RAM users, user groups, or roles to access the resources of member accounts.
You can use a management account to invite a member account to join a resource directory or create a member account in a resource directory.
An account group is a collection of member accounts. In a resource directory, the management account can add all or some member accounts to an account group for centralized compliance management. An account group is also a resource pool formed by gathering resources from multiple member accounts.
The management account can view the resource lists, resource details, resource configuration timelines, resource compliance timelines, and associated resources of all member accounts in the account group. It can also create rules and compliance packages in the account group. These rules and compliance packages take effect on resources of all member accounts in the account group for continuous compliance evaluation.