If you want to deliver configuration change snapshots and scheduled snapshots of resources to Object Storage Service (OSS), you must specify a bucket. After the resource snapshots are delivered to the specified bucket, you can view or download JSON files.

Prerequisites

OSS is activated. For more information, see Activate OSS.

Background information

To achieve a balance between storage costs and scenario-specific requirements, we recommend that you select Standard for the Storage Class parameter when you create an OSS bucket. If you need only to store data that is infrequently accessed (once or twice each month) for a long period of time, we recommend that you select IA for the Storage Class parameter when you create an OSS bucket. For more information, see Create buckets.

Use an ordinary account

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Delivery Services > Deliver Logs to OSS.
  3. On the Deliver Logs to OSS page, turn on OSS Settings.
  4. Set the required parameters to specify an OSS bucket to store resource snapshots.
    The following table describes the parameters.
    Parameter Description
    Select Acceptable Content The type of resource snapshot to be delivered to the OSS bucket. Valid values:
    • Scheduled Snapshots: the scheduled snapshots. Cloud Config delivers scheduled snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
    • Historical Configuration Changes: the configuration change snapshots. Cloud Config delivers configuration change snapshots to the OSS bucket when the configurations of resources change.
    Region The region where the OSS bucket resides.
    Bucket The name of the OSS bucket. The bucket name must be unique.
    • If you select Create Bucket, you must specify a bucket name.
    • If you select Select Buckets, you must select an existing bucket from the Bucket drop-down list.
    Server-side Encryption Specifies whether and how to encrypt objects in the OSS bucket. This parameter must be specified if you select Create Bucket.
    Valid values:
    • No
    • AES256
    • KMS
  5. Click OK.

Use a management account

You can use a management account to specify an OSS bucket to receive the resource snapshots of the management account and its member accounts. The bucket must belong to the management account or a member account. Only management accounts are authorized to configure the delivery settings of resource snapshots. No member accounts have the relevant permissions.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Delivery Services > Deliver Logs to OSS.
  3. On the Deliver Logs to OSS page, turn on OSS Settings.
  4. Set the required parameters to specify an OSS bucket to store resource snapshots.
    You can create an OSS bucket within the management account, or select an existing OSS bucket that belongs to the management account or a member account. The OSS bucket stores the resource snapshots within the management account and its member accounts.
    • To deliver resource snapshots to an OSS bucket that belongs to the management account, select Create Bucket or Select Buckets, and then set the required parameters. The following table describes the parameters.
      Parameter Description
      Select Acceptable Content The type of resource snapshot to be delivered to the OSS bucket. Valid values:
      • Scheduled Snapshots: the scheduled snapshots. Cloud Config delivers scheduled snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
      • Historical Configuration Changes: the configuration change snapshots. Cloud Config delivers configuration change snapshots to the OSS bucket when the configurations of resources change.
      Region The region where the OSS bucket resides.
      Bucket The name of the OSS bucket. The bucket name must be unique.
      • If you select Create Bucket, you must specify a bucket name.
      • If you select Select Buckets, you must select an existing bucket from the Bucket drop-down list.
      Server-side Encryption Specifies whether and how to encrypt objects in the OSS bucket. This parameter must be specified if you select Create Bucket.
      Valid values:
      • No
      • AES256
      • KMS
    • To deliver resource snapshots to an OSS bucket that belongs to a member account, select Select Buckets from Other Enterprise Management Accounts, and then set the required parameters. Before you set the parameters, make sure that the member account has available buckets. The following table describes the parameters that are used to specify the Alibaba Cloud Resource Name (ARN) of the bucket within the member account and the ARN of the role to be assumed by the member account.
      Parameter Description
      Select Acceptable Content The type of resource snapshot to be delivered to the OSS bucket. Valid values:
      • Scheduled Snapshots: the scheduled snapshots. Cloud Config delivers scheduled snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
      • Historical Configuration Changes: the configuration change snapshots. Cloud Config delivers configuration change snapshots to the OSS bucket when the configurations of resources change.
      The ARN of the bucket that belongs to the destination account The ARN of the bucket within the member account. The ARN consists of the following information: the ID of the region where the bucket resides, the ID of the member account, and the name of the bucket. You can select the region from the Region drop-down list, the member account from the Member Accounts drop-down list, and the bucket from the Bucket drop-down list.
      The role ARN that belongs to the destination account The ARN of the role to be assumed by the member account. The ARN consists of the following information: the ID of the member account and the service-linked role for Cloud Config. You can select the member account from the drop-down list and use the default service-linked role.
  5. Click OK.
  6. In the The changes will apply to all member accounts in the organization. Are you sure you want to apply the changes? message, click OK.

What to do next

After the resource snapshots are delivered to the specified bucket, you can view or download JSON files on the Files page of the bucket in the OSS console. For information about the sample JSON code that is used to deliver snapshots, see Sample code used to deliver resource snapshots to OSS.

The path of each snapshot file is in the format of /ACSLogs/AccountId/Config/RegionId/yyyy/mm/dd/.