When you create a rule, you can specify a remediation template for the rule and configure manual execution for the template. If the configuration of a resource is non-compliant, you can manually run the template to remediate the configuration.

Background information

This topic describes how to configure manual remediation by creating a rule based on the required-tags managed rule.

The required-tags managed rule checks whether the associated resources have all the specified tags. You may want the tag "Project=A" to be attached to all Elastic Compute Service (ECS) instances within your Alibaba Cloud account. In this case, you can create a rule based on the required-tags managed rule to monitor all your ECS instances. If Cloud Config detects that the tag is not attached to one or more ECS instances, these resources are evaluated to be non-compliant based on the rule. If you subscribe to resource non-compliance events, Cloud Config sends notifications of resource non-compliance events to a specified Message Service (MNS) topic. For more information, see Send notifications of resource events to an MNS topic.

Use an ordinary account

  1. Configure the manual remediation settings.
    1. Log on to the Cloud Config console.
    2. In the left-side navigation pane, click Rules.
    3. On the Rules page, click Create Rule.
    4. On the Create Rule page, find the managed rule based on which you want to create a rule.
    5. Click Apply Rule.
    6. In the Properties step, set the Rule Name and Risk Level parameters. Then, click Next.
      The Rule Name, Risk Level, and Trigger Type parameters have default values. You can change the values of the Rule Name and Risk Level parameters.
    7. In the Access Resource Scope step, keep the default resource type and click Next.
    8. In the Parameters step, enter the key and value of a tag and click Next.

      If you want to check multiple tags, you can specify multiple key-value pairs in sequence. You can specify up to six key-value pairs. If specific resources have all the specified tags, these resources are evaluated to be compliant based on the rule. If you want to check whether a specified tag is attached to specific resources, you must create a rule for each tag based on the required-tags managed rule.

      You may want the tag "Project=A" to be attached to all the resources within your Alibaba Cloud account. In this case, you can create a rule based on the required-tags managed rule to monitor all your resources. If Cloud Config detects that the tag is not attached to one or more of your resources, these resources are evaluated to be non-compliant.

    9. In the Modify step, select the check box next to Modify, select Manual Remediation, set the Remediation Type parameter to Operation Orchestration Service, enter the key-value pairs of the required tags, and then click Next.
      Note You must specify the key-value pairs of the tags that you want to attach to your resources.
    10. In the Preview and Save step, check the settings and click Submit.
  2. Perform manual remediation.
    If you receive notifications of resource non-compliance events or find non-compliant resources, you can manually trigger the remediation template on the Correction Details tab of the details page for the specified rule. Then, the configurations of the non-compliant resources are changed to the preset values. To manually remediate non-compliant resources, perform the following steps:
    1. In the left-side navigation pane, click Rules.
    2. On the Rules page, find the created rule, and click Details in the Actions column or the rule name in the Rule Name/Rule ID column.
    3. On the rule details page, click the Correction Details tab.
    4. On the Correction Details tab, click Perform Manual Correction next to Remediation Method.
  3. On the Correction Details tab, view the remediation results.

Use a management account

  1. Configure the manual remediation settings.
    1. Log on to the Cloud Config console.
    2. In the left-side navigation pane, click Rules.
    3. On the Rules page, click the required account group tab.
    4. On the account group tab, click Create Rule.
    5. On the Create Rule page, find the managed rule based on which you want to create a rule.
    6. Click Apply Rule.
    7. In the Properties step, set the Rule Name and Risk Level parameters. Then, click Next.
      The Rule Name, Risk Level, and Trigger Type parameters have default values. You can change the values of the Rule Name and Risk Level parameters.
    8. In the Access Resource Scope step, keep the default resource type and click Next.
    9. In the Parameters step, enter the key and value of a tag and click Next.

      If you want to check multiple tags, you can specify multiple key-value pairs in sequence. You can specify up to six key-value pairs. If specific resources have all the specified tags, these resources are evaluated to be compliant based on the rule. If you want to check whether a specified tag is attached to specific resources, you must create a rule for each tag based on the required-tags managed rule.

      You may want the tag "Project=A" to be attached to all the resources within your Alibaba Cloud account. In this case, you can create a rule based on the required-tags managed rule to monitor all your resources. If Cloud Config detects that the tag is not attached to one or more of your resources, these resources are evaluated to be non-compliant.

    10. In the Modify step, select the check box next to Modify, select Manual Remediation, set the Remediation Type parameter to Operation Orchestration Service, enter the key-value pairs of the required tags, and then click Next.
      Note You must specify the key-value pairs of the tags that you want to attach to your resources.
    11. In the Preview and Save step, check the settings and click Submit.
  2. Perform manual remediation.
    If you receive notifications of resource non-compliance events or find non-compliant resources, you can manually trigger the remediation template on the Correction Details tab of the details page for the specified rule. Then, the configurations of the non-compliant resources are changed to the preset values. To manually remediate non-compliant resources, perform the following steps:
    1. In the left-side navigation pane, click Rules.
    2. On the Rules page, click the required account group tab.
    3. On the account group tab, find the created rule, and click Details in the Actions column or the rule name in the Rule Name/Rule ID column.
    4. On the rule details page, click the Correction Details tab.
    5. On the Correction Details tab, click Perform Manual Correction next to Remediation Method.
  3. On the Correction Details tab, view the remediation results.