This topic describes the alert rules for permission control. These alert rules include the alert rules that you can use to monitor the changes of RAM policies, unexpected attachments of RAM policies, and changes of OSS bucket permissions. You can configure and enable alert rules in the Simple Log Service console. This allows you to monitor permission control issues. If an alert is triggered, you can identify the cause and fix the error at the earliest opportunity.
Alert rules
The following alert rules are supported. For information about how to set alert parameters, configure whitelists, and perform other related operations, see Configure alerts.
OSS Bucket Authority Change Alert
ID | sls_app_audit_cis_at_oss_policy_change |
Name | OSS Bucket Authority Change Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, CIS Standard, Permission Control |
Usage | Monitors the change of OSS Bucket permission. Changes of OSS Bucket permission will trigger an alert. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | Severity: Critical-10, High-8, Medium-6, Low-4, and Report-2. Default value: High-8 |
External Configurations | You can configure a whitelist of RAM users who can change the permissions of OSS buckets. If the RAM users on the whitelist change the permissions of OSS bucket, no alert is triggered. |
Solution | Use only the RAM users who are included in the whitelist to change the permissions of OSS buckets. |
Prerequisites | The Operations Log switch next to Action Trail is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
RAM Policy Change Alert
ID | sls_app_audit_cis_at_ram_policy_change |
Name | RAM Policy Change Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, CIS Standard, Permission Control |
Usage | Monitors the changes of RAM policy. If a RAM policy is changed, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | Severity: Critical-10, High-8, Medium-6, Low-4, and Report-2. Default value: Medium-6 |
External Configurations | You can configure a whitelist of RAM users who can change RAM policies. If the RAM users on the whitelist change RAM policies, no alert is triggered. |
Solution | Disable the change of RAM policy for RAM users that are not included in the whitelist. |
Prerequisites | The Operations Log switch next to Action Trail is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
RAM Policy Abnormal Attach Alert
ID | sls_app_audit_cis_at_ram_policy_attach |
Name | RAM Policy Abnormal Attach Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, CIS Standard, Permission Control |
Usage | Monitors whether RAM policies are unexpectedly attached to RAM users. You can attach RAM policies only to RAM user groups or RAM roles. If you attach RAM policies to RAM users, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | Severity: Critical-10, High-8, Medium-6, Low-4, and Report-2. Default value: Medium-6 |
External Configurations | You can configure a whitelist of RAM users to whom RAM policies can be attached. RAM policies can be attached to RAM users on the whitelist without triggering an alert. |
Solution | Attach RAM policies to user groups or roles instead of users. |
Prerequisites | The Operations Log switch next to Action Trail is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |