All Products
Search
Document Center

Cloud Config:ListResourceEvaluationResults

Last Updated:Mar 01, 2024

Queries the compliance evaluation result of a resource.

Operation description

In this example, the compliance evaluation result of the 23642660635396**** resource is queried and the resource is a RAM user. The returned result indicates that the resource is evaluated as NON_COMPLIANT by using the cr-7f7d626622af0041**** rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
config:ListResourceEvaluationResultsList
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ResourceTypestringNo

The type of the resource.

For more information about how to query the type of a resource, see ListDiscoveredResources .

ACS::RAM::User
ResourceIdstringNo

The ID of the resource.

For more information about how to obtain the ID of a resource, see ListDiscoveredResources .

23642660635396****
ComplianceTypestringNo

The compliance evaluation result of the resource. Valid values:

  • COMPLIANT: The resource is evaluated as compliant.
  • NON_COMPLIANT: The resource is evaluated as non-compliant.
  • NOT_APPLICABLE: The rule does not apply to the resource.
  • INSUFFICIENT_DATA: No data is available.
  • IGNORED: The resource is ignored during compliance evaluation.
NON_COMPLIANT
NextTokenstringNo

The token that you want to use to initiate the current request. If the response of the previous request is truncated, you can use this token to initiate another request and obtain the remaining entries.``

IWBjqMYSy0is7zSMGu16****
MaxResultsintegerNo

The maximum number of entries to return for a single request. Valid values: 1 to 100.

10
RegionstringNo

The ID of the region where one or more resources you want to query reside. For example, the value global indicates global regions and the value cn-hangzhou indicates the China (Hangzhou) region.

For more information about how to obtain the ID of the region where a resource resides, see ListDiscoveredResources .

global

For more information about common request parameters, see Common parameters.

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

25C89DDB-BB79-487D-88C3-4A561F21EFC4
EvaluationResultsobject

The information about the compliance evaluation results returned.

NextTokenstring

The token that was used to initiate the next request.

IWBjqMYSy0is7zSMGu16****
MaxResultsinteger

The maximum number of entries to return for a single request.

10
EvaluationResultListobject []

The details of the compliance evaluation result.

RiskLevelinteger

The risk level of the resources that do not comply with the rule. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
1
ComplianceTypestring

The compliance evaluation result of the resources. Valid values:

  • COMPLIANT: The resources are evaluated as compliant.
  • NON_COMPLIANT: The resources are evaluated as incompliant.
  • NOT_APPLICABLE: The rule does not apply to your resources.
  • INSUFFICIENT_DATA: No resource data is available.
  • IGNORED: The resource is ignored during compliance evaluation.
NON_COMPLIANT
ResultRecordedTimestamplong

The timestamp when the compliance evaluation result was recorded. Unit: milliseconds.

1624932227595
Annotationstring

The annotation to the resource that is evaluated as incompliant. The following section describes the parameters that can be returned:

  • configuration: the current resource configuration that is evaluated as incompliant by using the rule.
  • desiredValue: the expected resource configuration that is evaluated as compliant by using the rule.
  • operator: the operator that is used to compare the current configuration with the expected configuration of the resource.
  • property: the JSON path of the current configuration in the resource property struct.
  • reason: the reason why the resource is evaluated as incompliant.
{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.LoginProfile.MFABindRequired\"}
ConfigRuleInvokedTimestamplong

The timestamp when the rule was triggered for the compliance evaluation. Unit: milliseconds.

1624932227157
InvokingEventMessageTypestring

The trigger type of the managed rule. Valid values:

  • ConfigurationItemChangeNotification: The managed rule is triggered by configuration changes.
  • ScheduledNotification: The managed rule is periodically triggered.
ScheduledNotification
EvaluationResultIdentifierobject

The identifying information about the compliance evaluation result.

OrderingTimestamplong

The timestamp when the compliance evaluation was performed. Unit: milliseconds.

1624932227157
EvaluationResultQualifierobject

The information about the evaluated resource returned in the compliance evaluation result.

ConfigRuleArnstring

The Alibaba Cloud Resource Name (ARN) of the rule.

acs:config::100931896542****:rule/cr-7f7d626622af0041****
ResourceTypestring

The type of the resource.

ACS::RAM::User
ConfigRuleNamestring

The name of the monitoring rule.

test-rule-name
ResourceIdstring

The ID of the resource.

23642660635396****
ConfigRuleIdstring

The ID of the rule.

cr-7f7d626622af0041****
ResourceNamestring

The name of the resource.

Alice
RegionIdstring

The ID of the region where your resources reside.

global
IgnoreDatestring

The date from which the system automatically re-evaluates the ignored incompliant resources.

Note If the value of this parameter is left empty, the system does not automatically re-evaluate the ignored incompliant resources. You must re-evaluate the ignored incompliant resources.
2022-06-01
RemediationEnabledboolean

Indicates whether the remediation template is enabled. Valid values:

  • true: The remediation template is enabled.
  • false: The remediation template is disabled.
true

Examples

Sample success responses

JSONformat

{
  "RequestId": "25C89DDB-BB79-487D-88C3-4A561F21EFC4",
  "EvaluationResults": {
    "NextToken": "IWBjqMYSy0is7zSMGu16****",
    "MaxResults": 10,
    "EvaluationResultList": [
      {
        "RiskLevel": 1,
        "ComplianceType": "NON_COMPLIANT",
        "ResultRecordedTimestamp": 1624932227595,
        "Annotation": "{\\\"configuration\\\":\\\"false\\\",\\\"desiredValue\\\":\\\"True\\\",\\\"operator\\\":\\\"StringEquals\\\",\\\"property\\\":\\\"$.LoginProfile.MFABindRequired\\\"}",
        "ConfigRuleInvokedTimestamp": 1624932227157,
        "InvokingEventMessageType": "ScheduledNotification",
        "EvaluationResultIdentifier": {
          "OrderingTimestamp": 1624932227157,
          "EvaluationResultQualifier": {
            "ConfigRuleArn": "acs:config::100931896542****:rule/cr-7f7d626622af0041****",
            "ResourceType": "ACS::RAM::User",
            "ConfigRuleName": "test-rule-name",
            "ResourceId": "23642660635396****",
            "ConfigRuleId": "cr-7f7d626622af0041****",
            "ResourceName": "Alice",
            "RegionId": "global",
            "IgnoreDate": "2022-06-01"
          }
        },
        "RemediationEnabled": true
      }
    ]
  }
}

Error codes

HTTP status codeError codeError messageDescription
400NoPermissionYou are not authorized to perform this operation.You are not authorized to perform this operation.
404CloudConfigServiceRoleNotExistedThe CloudConfigServiceRole does not exist.The CloudConfig service role does not exist.
404AccountNotExistedYour account does not exist.The specified account does not exist.
503ServiceUnavailableThe request has failed due to a temporary failure of the server.The request has failed due to a temporary failure of the server.

For a list of error codes, visit the Service error codes.