All Products
Search

This Product

    Cloud Config:Use CloudMonitor to trigger alert notifications for non-compliance events

    Document Center

    Cloud Config:Use CloudMonitor to trigger alert notifications for non-compliance events

    Last Updated:Sep 08, 2023

    If the configuration of a resource is evaluated as non-compliant, Cloud Config automatically delivers a non-compliance event to CloudMonitor. You can view the non-compliance event in the CloudMonitor console. You can also use the event alert feature of CloudMonitor to trigger an alert notification for the non-compliance event.

    Scenarios

    In this example, a rule of the high-risk level is created in the Cloud Config console based on the ecs-instance-deletion-protection-enabled managed rule. Cloud Config automatically evaluates all Elastic Compute Service (ECS) instances within your Alibaba Cloud account.

    Step 1: Create a rule

    1. Log on to the Cloud Config console.

    2. In the left-side navigation pane, choose Compliance & Audit > Rules.

    3. On the Rules page, click Create Rule.

    4. In the Select Create Method step, select Create from managed rule, search for the ecs-instance-deletion-protection-enabled managed rule, and then click Next.

    5. In the Set Basic Properties step, use the default values for the Rule Name, Parameter Settings, Risk Level, Trigger, and Description parameters. Then, click Next.

    6. In the Set Effective Scope step, use the default resource type and click Next.

    7. In the Set Remediation step, click Submit.

    8. On the Rules page, find the ecs-instance-deletion-protection-enabled managed rule and click Detail in the Actions column.

      In the Compliance Result of Related Resources section on the Result tab, view the evaluation results on ECS instances against the rule.

    Step 2: Create a system event-triggered alert rule

    1. Create an alert contact.
      1. Log on to the CloudMonitor console.
      2. In the left-side navigation pane, choose Alerts > Alert Contacts.
      3. On the Alert Contacts tab, click Create Alert Contact.
      4. In the Set Alert Contact panel, enter the name, email address, and webhook URL of the alert contact. Make sure that the Language of Alert Notifications parameter is set to the default value Automatic.
        Note Automatic indicates that CloudMonitor automatically selects the language of alert notifications based on the language that you use to create your Alibaba Cloud account.
      5. Optional. Test the connectivity of the webhook URL.
        If you want to test the connectivity of the webhook URL, perform the following steps:
        1. Click Test next to the webhook URL.
          In the Webhook Test panel, you can check and troubleshoot the connectivity of the webhook URL based on the returned status code and test result details.
          Note To obtain the details of the test result, configure the Template Type and Language parameters and click Test.
        2. Click Close.
      6. Verify the parameters and click OK.
      7. Optional. Activate the email address of the alert contact.
        By default, the email address of the alert contact is in the Pending Activation state. After the alert contact receives an email that contains the activation link, the alert contact must activate the email address within 24 hours. Otherwise, the alert contact cannot receive alert notifications. After the email address is activated, you can view the email address in the alert contact list.

    2. Create an alert contact group.

      1. On the Alert Contacts page, click the Alert Contact Group tab.
      2. On the Alert Contact Group tab, click Create Alert Contact Group.
      3. In the Create Alert Contact Group panel, enter a name for the alert contact group and add alert contacts to the alert contact group.
      4. Click Confirm.

    3. Create a system event-triggered alert rule.

      After Cloud Config delivers all non-compliance events to CloudMonitor, you can create alert rules based on your business requirements to receive alert notifications.

      1. In the left-side navigation pane, choose Event Center > System Event.

      2. On the page that appears, click the Event-triggered Alert Rules tab.

      3. On the Event-triggered Alert Rules tab, click Create Alert Rule.

      4. In the Create/Modify Event-triggered Alert Rule panel, configure the parameters of the system event-triggered alert rule.

        • In the Basic Info section, enter a name for the system event-triggered alert rule in the Alert Rule Name field.

        • In the Event-triggered Alert Rules section, perform the following operations: Select CloudConfig from the Product Type drop-down list. Select Notifications from the Event Type drop-down list. Select INFO from the Event Level drop-down list. Select ConfigurationNonCompliantNotification from the Event Name drop-down list. Enter Critical in the Keyword Filtering field and select Contains any of the keywords from the Condition drop-down list.

          Note

          You can click the + icon next to the Condition drop-down list to add a keyword that you want to match and select Contains any of the keywords from the Condition drop-down list.

        • In the Notification Method section, select Alert Notification, specify the Contact Group parameter, and then set the Notification Method parameter to Info (Email + Webhook).

      5. Click OK.