All Products
Search
Document Center

Cloud Config:Example of resource non-compliance events

Last Updated:Sep 06, 2023

This topic provides an example of resource non-compliance events that are delivered to Simple Log Service for storage. The following sections describe the content of the example and the parameters involved.

Example

In single-account mode, you use an Alibaba Cloud account whose ID is 120886317861**** and you have an Object Storage Service (OSS) bucket named test_bucket in the China (Beijing) region. The non-compliance events of the resource are delivered to Simple Log Service. The following code shows a sample event:

accountId:120886317861****
annotation:{"configuration":"public-read","desiredValue":"read","operator":"NotStringContains","property":"$.AccessControlList.Grant"}
complianceType:NON_COMPLIANT
dataType:NonCompliantNotification
evaluationResultIdentifier:{"orderingTimestamp":1630481784685,"evaluationResultQualifier":{"resourceId":"test_bucket","configRuleName":"oss-bucket-public-read-prohibited","configRuleId":"cr-2d736457e0d90044****","captureTime":1630481784685,"resourceName":"test_bucket","configRuleArn":"acs:config::120886317861****:rule/cr-2d736457e0d90044****","regionId":"cn-beijing","resourceOwnerId":120886317861****,"resourceType":"ACS::OSS::Bucket"}}
eventName:NonCompliant
eventType:ResourceCompliance
invokingEventMessageType:Manual
notificationCreationTime:1630481787932
requestId:62e70b45-1171-4648-8db0-233d18f6adb5
riskLevel:Critical

Parameters

The following table describes the parameters involved in resource non-compliance events that are delivered to Simple Log Service.

Parameter

Description

accountId

The ID of the account to which the resource belongs. The account ID depends on the account mode.

  • Single-account mode: Enter the ID of an independent Alibaba Cloud account that is not added to a resource directory by using a management account.

  • Multi-account mode: Enter a management account ID or a member account ID.

annotation

The description of the non-compliant configuration.

complianceType

The compliance evaluation result. Set the value to NON_COMPLIANT.

dataType

The type of the log received by Simple Log Service. Valid values:

  • ConfigurationItemChangeNotification: resource change log

  • NonCompliantNotification: resource non-compliance event

evaluationResultIdentifier

The information about the compliance evaluation result.

eventName

The name of the event. Set the value to NonCompliant.

eventType

The type of the event. Valid values:

  • ResourceChange: resource change event

  • ResourceCompliance: resource non-compliance event

invokingEventMessageType

The trigger type of the rule. Valid values:

  • ScheduledNotification: The rule is periodically triggered.

  • ConfigurationItemChangeNotification: The rule is triggered by configuration changes.

  • Manual: The rule is manually triggered.

notificationCreationTime

The timestamp when the message was generated.

riskLevel

The risk level of the resources that are not compliant with the rule. Valid values:

  • Info: low risk

  • Warning: medium risk

  • Critical: high risk