The evaluation logic of a compliance rule is implemented based on functions in the Function Compute service. You can create a rule from a managed rule that is preset in Cloud Config for Enterprise or from a function in the Function Compute service. You can also use a visual editor to create a custom rule.

Prerequisites

The master account is used to log on to the Cloud Config for Enterprise console.

Background information

Before creating a rule, you must familiarize yourself with the definition of rules and how rules work. For more information, see Rule definition and principles.

Create a rule from a managed rule

For the list of managed rules, see Managed rules.

  1. Log on to the Cloud Config for Enterprise console.
  2. In the left-side navigation pane, click Rules.
  3. On the Rules page that appears, click Create Rule.
  4. In the Basic Settings step of the Create Rule wizard, select Managed Rule for the Execution Method parameter. Select a rule and risk level, and determine whether to apply the rule to all member accounts. Then click Next.
    Create a rule from a managed rule
  5. In the Scheduling Settings step of the Create Rule wizard, specify the value for the rule parameter. Default values are used for the trigger type, monitored resource, and the key of rule parameter. Then click Submit.
  6. A message appears if you have selected Yes for the Apply Rule to All Members parameter in the Basic Settings step of the Create Rule wizard. In the message, click Confirm. Then, the rule is applied to all member accounts. You can specify the Apply Rule to All Members parameter only when you create a rule, and the parameter cannot be modified after the rule is created.
    The message to confirm whether to apply the rule to all member accounts
  7. View the created rule.
    In the Complete step of the Create Rule wizard, you can view the creation results.
    • Click View Details. On the page that appears, you can view the Basic Information, Trigger, and Compliance Result for Related Resources of the rule.
    • Click Return to Rule List. On the Rules page that appears, you can view the created rule in the rule list, and the status of the rule is Active.

Create a rule from a function in Function Compute

You can also create a custom function in Function Compute and use the function to create a rule. For more information, see Create a custom rule.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, click Rules.
  3. On the Rules page that appears, click Create Rule.
  4. In the Basic Settings step of the Create Rule wizard, select Function Compute for the Execution Method parameter. Enter a rule name, select a function ARN and risk level, and determine whether to apply the rule to all member accounts. Then click Next.
    Create a rule from a function in Function Compute

    Make sure that you have created a function in Function Compute before using the function to create a rule. If existing functions cannot meet your requirements, click Create New Function. For more information about how to create a function, see Create a function.

  5. In the Scheduling Settings step of the Create Rule wizard, select a trigger type and related resources, and specify rule parameters. Then click Submit.
    • The rule monitors all selected types of resource under your account. A rule can monitor one or more resource types.
    • You can click Add Rule Parameter to add one or more rule parameters. You must specify the Key and Value parameters for each rule parameter. The key of the rule parameter must be the same as that specified during resource configuration.
  6. A message appears if you have selected Yes for the Apply Rule to All Members parameter in the Basic Settings step of the Create Rule wizard. In the message, click Confirm. Then, the rule is applied to all member accounts. You can specify the Apply Rule to All Members parameter only when you create a rule, and the parameter cannot be modified after the rule is created.
    The message to confirm whether to apply the rule to all member accounts

Use the visual editor to create a rule

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, click Rules.
  3. On the Rules page that appears, click Create Rule.
  4. In the Basic Settings step of the Create Rule wizard, select Visual Editor for the Execution Method parameter. Enter a rule name, select a risk level, and determine whether to apply the rule to all member accounts. Then click Next.
    Create Rule
  5. In the Scheduling Settings step of the Create Rule wizard, select a trigger type and related resources, and specify rule parameters. Then click Submit.
    • The rule monitors all selected types of resource under your account. A rule can monitor one or more resource types.
    • You can click Add Rule Parameter to add one or more rule parameters. You must specify the Key and Value parameters for each rule parameter. The key of the rule parameter must be the same as that specified during resource configuration.
  6. A message appears if you have selected Yes for the Apply Rule to All Members parameter in the Basic Settings step of the Create Rule wizard. In the message, click Confirm. Then, the rule is applied to all member accounts. You can specify the Apply Rule to All Members parameter only when you create a rule, and the parameter cannot be modified after the rule is created.
    The message to confirm whether to apply the rule to all member accounts
  7. View the created rule.
    In the Complete step of the Create Rule wizard, you can view the creation results.
    • Click View Details. On the page that appears, you can view the Basic Information, Trigger, and Compliance Result for Related Resources of the rule.
    • Click Return to Rule List. On the Rules page that appears, you can view the created rule in the rule list, and the status of the rule is Active.