This topic provides an example of resource non-compliance events that are delivered to Log Service for storage. The following sections describe the content of the example and the parameters involved.

Example

For example, you use an ordinary account whose ID is 120886317861**** and you have an Object Storage Service (OSS) bucket named test_bucket in the China (Beijing) region. The non-compliance events of the resource are delivered to Log Service. The following code shows a sample event:
accountId:120886317861****
annotation:{"configuration":"public-read","desiredValue":"read","operator":"NotStringContains","property":"$.AccessControlList.Grant"}
compliancePackId:null
complianceType:NON_COMPLIANT
configAggregatorId:null
configRuleInvokedTimestamp:1630481784685
dataType:NonCompliantNotification
evaluationResultIdentifier:{"orderingTimestamp":1630481784685,"evaluationResultQualifier":{"resourceId":"test_bucket","configRuleName":"oss-bucket-public-read-prohibited","configRuleId":"cr-2d736457e0d90044****","captureTime":1630481784685,"resourceName":"test_bucket","configRuleArn":"acs:config::120886317861****:rule/cr-2d736457e0d90044****","regionId":"cn-beijing","resourceOwnerId":120886317861****,"resourceType":"ACS::OSS::Bucket"}}
eventName:NonCompliant
eventType:ResourceCompliance
invokingEventMessageType:Manual
notificationCreationTime:1630481787932
requestId:62e70b45-1171-4648-8db0-233d18f6adb5
resultRecordedTimestamp:1630481784781
resultToken:null
riskLevel:Critical

Parameters

The following table describes the parameters involved in resource non-compliance events that are delivered to Log Service.
Parameter Description
accountId
The ID of the account to which the resource belongs. Cloud Config supports the following types of accounts:
  • Ordinary account: An ordinary account is an independent Alibaba Cloud account that is not included in a resource directory by a management account.
  • Management account: A management account is an Alibaba Cloud account that enables a resource directory and manages all member accounts.
  • Member account: A member account is an Alibaba Cloud account in a resource directory.
annotation The description of the non-compliant configuration.
compliancePackId The ID of the compliance package. If the rule triggered does not belong to a compliance package, the value is null.
complianceType The compliance evaluation result. The value is fixed to NON_COMPLIANT.
configAggregators The information about the account group, including the ID of the management account that created the account group and the ID of the account group. The value varies with the type of the account to which the resource belongs.
  • If the resource belongs to an ordinary account, the value is null.
  • If the resource belongs to a management account, the information about the account group created by the management account is displayed.
  • If the resource belongs to a member account, the information about the relevant account group is displayed. The relevant account group is created by the management account to which the member account belongs.
configRuleInvokedTimestamp The timestamp when the rule was triggered.
dataType The type of the log received by Log Service. Valid values:
  • ConfigurationItemChangeNotification: resource change log
  • NonCompliantNotification: resource non-compliance event
evaluationResultIdentifier The information about the compliance evaluation result.
eventName The name of the event. The value is fixed to NonCompliant.
eventType The type of the event. Valid values:
  • ResourceChange: resource change event
  • ResourceCompliance: resource non-compliance event
invokingEventMessageType The trigger type of the rule. Valid values:
  • NonCompliantNotification: triggered by configuration non-compliance.
  • ConfigurationItemChangeNotification: triggered by configuration changes.
  • Manual: manually triggered.
notificationCreationTime The timestamp when the log was generated.
resultRecordedTimestamp The timestamp when the compliance evaluation result was recorded.
riskLevel The risk level of the resource based on the rule triggered. Valid values:
  • Info: low risk
  • Warning: medium risk
  • Critical: high risk