This topic provides an example of resource non-compliance events that are delivered to Message Service (MNS) for storage. The following sections describe the content of the example and the parameters involved.

Example

For example, you use an ordinary account whose ID is 120886317861**** and you have an Elastic Compute Service (ECS) instance named test_Instance in the China (Beijing) region. The non-compliance events of the resource are delivered to MNS. The following code shows a sample event:
{
    "annotation": "{\"configuration\":\"classic\",\"desiredValue\":\"vpc\",\"operator\":\"StringEquals\",\"property\":\"$.InstanceNetworkType\"}",
    "riskLevel": "Warning",
    "dataType": "NonCompliantNotification",
    "evaluationResultIdentifier": {
        "orderingTimestamp": 1630907917476,
        "evaluationResultQualifier": {
            "resourceId": "i-2ze1qff61suafi71****",
            "configRuleName": "ecs-instances-in-vpc",
            "configRuleId": "cr-b9046457e0d9003f****",
            "captureTime": 1630907917476,
            "resourceName": "test_Instance",
            "configRuleArn": "acs:config::120886317861****:rule/cr-b9046457e0d9003f****",
            "regionId": "cn-beijing",
            "resourceOwnerId": 120886317861****,
            "resourceType": "ACS::ECS::Instance"
        }
    },
    "eventType": "ResourceCompliance",
    "invokingEventMessageType": "Manual",
    "configRuleInvokedTimestamp": 1630907917476,
    "complianceType": "NON_COMPLIANT",
    "accountId": 120886317861****,
    "requestId": "a13f5505-427d-41ef-ab2e-606394abb9a8",
    "resultRecordedTimestamp": 1630907917547,
    "eventName": "NonCompliant",
    "notificationCreationTime": 1630907919929
}

Parameters

The following table describes the parameters involved in resource non-compliance events that are delivered to MNS.
Parameter Description
annotation The description of the non-compliant configuration.
riskLevel The risk level of the resource based on the rule triggered. Valid values:
  • Info: low risk
  • Warning: medium risk
  • Critical: high risk
dataType The type of the message received by MNS. Valid values:
  • ConfigurationItemChangeNotification: resource change log
  • NonCompliantNotification: resource non-compliance event
evaluationResultIdentifier The information about the compliance evaluation result, including the timestamp when the compliance evaluation was performed and the detailed compliance evaluation result.
orderingTimestamp The timestamp when the compliance evaluation was performed.
evaluationResultQualifier The detailed compliance evaluation result, including the ID, name, and type of the resource, and the name and ID of the rule that was triggered.
eventType The type of the event. Valid values:
  • ResourceChange: resource change event
  • ResourceCompliance: resource non-compliance event
invokingEventMessageType The trigger type of the rule. Valid values:
  • NonCompliantNotification: triggered by configuration non-compliance.
  • ConfigurationItemChangeNotification: triggered by configuration changes.
  • Manual: manually triggered.
configRuleInvokedTimestamp The timestamp when the rule was triggered.
complianceType The compliance evaluation result. The value is fixed to NON_COMPLIANT.
accountId
The ID of the account to which the resource belongs. Cloud Config supports the following types of accounts:
  • Ordinary account: An ordinary account is an independent Alibaba Cloud account that is not included in a resource directory by a management account.
  • Management account: A management account is an Alibaba Cloud account that enables a resource directory and manages all member accounts.
  • Member account: A member account is an Alibaba Cloud account in a resource directory.
resultRecordedTimestamp The timestamp when the compliance evaluation result was recorded.
eventName The name of the event. The value is fixed to NonCompliant.
notificationCreationTime The timestamp when the message was generated.