When you create a rule, you can bind a correction template to the rule and set the template to be run manually. If the resource configuration is non-compliant, you can manually run the template to correct the configuration.

Background information

This topic describes how to set manual correction by using the required-tags rule as an example.

The managed rule required-tags is used to check whether resources are bound to specified tags. For example, if you want all Elastic Compute Service (ECS) instances to be bound to the tag "Project=A", you can use the required-tags rule to monitor all ECS instances. When Cloud Config detects that some ECS instances are not bound to the tag, the rule is evaluated as Non-compliant. If you subscribe to resource compliance events, Cloud Config sends a non-compliance alert to the specified Message Service (MNS) topic. For more information, see Subscribe to events.

Procedure

  1. Configure the correction settings.
    1. Log on to the Cloud Config console.
    2. In the left-side navigation pane, click Rules.
    3. On the Rules page that appears, click Create Rule.
    4. In the Basic Settings step of the Create Rule wizard, set Execution Method to Managed Rule, search for and select the required-tags rule, set the risk level of the rule, and then click Next.
      Basic Settings step
    5. In the Scheduling Settings step of the Create Rule wizard, use the default values for the trigger type, related resources, and input parameters, enter the key and value of a tag, and then click Next.
      Scheduling Settings step

      If you need to check multiple tags, you can set the keys and values of these tags one by one. Cloud Config allows you to check up to six tags. The rule is evaluated as Compliant only when the target resources are bound to all the tags that you have specified. If you want to check whether resources are bound to any tag in a group of tags, create a rule for each of the tags based on the required-tags rule.

      For example, if you want all the resources in your account to be bound to the tag "Project=A", you can create a rule based on the required-tags rule to check the resources for this tag. When Cloud Config detects that some resources are not bound to the tag, the rule is evaluated as Non-compliant.

      Note Use the default values for the trigger type, related resources, and input parameters.
    6. In the Correction Settings step of the Create Rule wizard, set Correction Method to Manual Execution, use the official template selected by default in the Workflow drop-down list, complete service authorization as prompted, and then click Submit.
      Manual correction
    7. View the rule creation result.
      In the Complete step of the Create Rule wizard, you can view the rule creation result.
      • Click View Details. On the page that appears, you can view the rule details and correction details of the current rule.
      • Click Return to Rule List. On the Rules page that appears, you can view the rule, the status of which is Active.
  2. Perform the correction.
    If you receive a resource non-compliance alert or find non-compliant resources, you can manually trigger the correction template on the Correction Details tab of the rule details page to change the resource configuration to the preset expected value. To manually correct the configuration, follow these steps:
    1. On the Rules page, find the target rule and click the link in the Rule Name/Rule ID column or Details in the Action column.
    2. On the details page of the target rule, click the Correction Details tab.
    3. On the Correction Details tab, click Perform Manual Correction.
      Perform manual correction
  3. View the correction results.
    If the rule is evaluated as non-compliant, Cloud Config triggers the correction template. The resource configuration is automatically changed to your preset expected value.
    • View the correction results on the Rules page
      1. On the Rules page, find the rule whose Compliance is Non-compliant.
      2. Click the link in the Rule Name/Rule ID column or Details in the Action column.
      3. Click the Correction Details tab. On the Correction Details tab, you can view the correction settings and correction history.
    • View the correction results on Resources page
      1. On the Resources page, find the non-compliant resource by using the filter or search feature.
      2. Click the link in the Resource ID/Resource Name column. On the resource details page that appears, check the most recent evaluation results.
      3. Click View Details in the Evaluation Result column or the link in the Rule Name column of the target rule to go to the rule details page.
      4. Click the Correction Details tab. On the Correction Details tab, you can view the correction settings and correction history.
    Note
    • If you modify the parameters of a correction template and then save the correction template, the existing correction results and history are deleted.
    • Modifying the execution method of a correction template does not affect the existing correction results and history.
    Results of the required-tags rule