Creates a compliance package for an account group.

You can use your management account to create up to five compliance packages for each account group.

The sample request in this topic shows you how to create a compliance package named ClassifiedProtectionPreCheck for the ca-f632626622af0079**** account group. The compliance package contains the eip-bandwidth-limit managed rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateAggregateCompliancePack

The operation that you want to perform. Set the value to CreateAggregateCompliancePack.

CompliancePackTemplateId String Yes ct-5f26ff4e06a300c4****

The ID of the compliance package template.

For more information about how to obtain the ID of a compliance package template, see ListCompliancePackTemplates.

CompliancePackName String Yes ClassifiedProtectionPreCheck

The name of the compliance package.

Description String Yes The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency.

The description of the compliance package.

RiskLevel Integer Yes 1

The risk level of the resources that are not compliant with the managed rules in the compliance package. Valid values:

  • 1: high risk level.
  • 2: medium risk level.
  • 3: low risk level.
AggregatorId String Yes ca-f632626622af0079****

The ID of the account group.

For more information about how to obtain the ID of an account group, see ListAggregators.

ConfigRules Array Yes

The details of the managed rules to be enabled in the compliance package.

ManagedRuleIdentifier String Yes eip-bandwidth-limit

The identifier of the managed rule.

For more information about how to obtain the identifier of a managed rule, see ListCompliancePackTemplates.

ConfigRuleName String No eip-bandwidth-limit

The name of the managed rule.

ConfigRuleParameters Array No

The input parameters of the managed rule.

ParameterName String No bandwidth

The name of the input parameter.

For more information about how to obtain the name of an input parameter for a managed rule, see ListCompliancePackTemplates.

ParameterValue String No 10

The expected value of the input parameter.

For more information about how to obtain the expected value of an input parameter for a managed rule, see ListCompliancePackTemplates.

ClientToken String No 1594295238-f9361358-5843-4294-8d30-b5183fac****

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. The client token can contain only ASCII characters. It cannot exceed 64 characters in length.

For information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
CompliancePackId String cp-fc56626622af00f9****

The ID of the compliance package.

RequestId String CC0CE5EB-E51E-48EB-B4AB-9A9E131ECC0F

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateAggregateCompliancePack
&CompliancePackTemplateId=ct-5f26ff4e06a300c4****
&CompliancePackName=ClassifiedProtectionPreCheck
&Description=The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency. 
&RiskLevel=1
&AggregatorId=ca-f632626622af0079****
&ConfigRules=[{"ManagedRuleIdentifier":"eip-bandwidth-limit","ConfigRuleName":"eip-bandwidth-limit","ConfigRuleParameters":[{"ParameterName":"bandwidth","ParameterValue":"10"}]}]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateAggregateCompliancePackResponse>
    <CompliancePackId>cp-fc56626622af00f9****</CompliancePackId>
    <RequestId>CC0CE5EB-E51E-48EB-B4AB-9A9E131ECC0F</RequestId>
</CreateAggregateCompliancePackResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "CompliancePackId" : "cp-fc56626622af00f9****",
  "RequestId" : "CC0CE5EB-E51E-48EB-B4AB-9A9E131ECC0F"
}

Error codes

HTTP status code Error code Error message Description
400 CompliancePackExists The compliance pack already exists. The error message returned because the specified compliance package name already exists.
400 Invalid.AggregatorId.Value The specified AggregatorId is invalid. The error message returned because the specified account group ID does not exist or you are not authorized to use the account group.
400 CompliancePackExceedMaxCount The maximum number of compliance pack is exceeded. The error message returned because the number of existing compliance packages reaches the upper limit, which is 5.
400 Invalid.CompliancePackName.Value The specified CompliancePackName is invalid. The error message returned because the format of the specified compliance package name is invalid.
400 Invalid.CompliancePackTemplateId.Value The specified CompliancePackTemplateId does not exist. The error message returned because the specified compliance package template ID does not exist.
400 Invalid.ConfigRules.Empty You must specify ConfigRules. The error message returned because no rule is specified for the compliance package.
400 Invalid.ConfigRules.Value The specified ConfigRules is invalid. The error message returned because the specified input parameter of the rule in the compliance package is invalid.
400 ConfigRuleExceedMaxRuleCount The maximum number of config rules is exceeded. The error message returned because the number of existing rules reaches the upper limit.
403 AggregatorMemberNoPermission The aggregator member is not authorized to perform the operation. The error message returned because you are using a member account and you are not authorized to perform the specified operation.
404 AccountNotExisted Your account does not exist. The error message returned because your account does not exist.
503 ServiceUnavailable The request has failed due to a temporary failure of the server. The error message returned because the service is unavailable.

For a list of error codes, visit the API Error Center.