CreateConfigDeliveryChannel - Cloud Config - Alibaba Cloud Documentation Center

Creates a delivery channel to deliver resource data to Simple Log Service (SLS), Object Storage Service (OSS), or Simple Message Queue (formerly MNS).

Operation description

Background information

Deliver to Simple Log Service

When you deliver resource configuration history, non-compliant events, and scheduled snapshots to a Logstore in SLS, you must first create a project and a Logstore. This lets you query and analyze logs. For examples of the content in JSON files, see Resource configuration history examples, Non-compliant event examples, and Scheduled resource snapshot examples.
Deliver to Object Storage Service

When you deliver scheduled resource snapshots or configuration history to a specified location in OSS, you must first create a bucket. This lets you view or download the JSON files. For examples of the content in JSON files, see Scheduled resource snapshot examples and Resource configuration history examples.
Deliver to Simple Message Queue (formerly MNS)

When you deliver resource configuration history and non-compliant events to a specified topic in MNS, you must first create a topic. This lets you set the push method and content for the topic. For examples of the content in JSON files, see Resource configuration history examples and Non-compliant event examples.

Limits

You can create a maximum of 5 delivery channels.

Usage notes

This topic provides an example of how to create a delivery channel of the OSS type with the destination ARN acs:oss:cn-shanghai:100931896542****:new-bucket. The response shows that the delivery channel is successfully created and its ID is cdc-8e45ff4e06a3a8****.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

config:CreateConfigDeliveryChannel

create

*Delivery

acs:config:*:{#accountId}:delivery/*

None

Request parameters

Parameter	Type	Required	Description	Example
DeliveryChannelName	string	No	The name of the delivery channel. Note If you do not set this parameter, the value is empty.	testoss
DeliveryChannelType	string	Yes	The type of the delivery channel. Valid values: OSS: Object Storage Service. MNS: Simple Message Queue (formerly MNS) SLS: Simple Log Service.	OSS
DeliveryChannelTargetArn	string	Yes	The ARN of the delivery destination. Valid values: When the delivery channel type is OSS, the value is in the format `acs:oss:{RegionId}:{accountId}:{bucketName}`. For example: `acs:oss:cn-shanghai:100931896542**:new-bucket`. When the delivery channel type is MNS, the value is in the format `acs:mns:{RegionId}:{accountId}:/topics/{topicName}`. For example: `acs:mns:cn-shanghai:100931896542:/topics/topic1`. When the delivery channel type is SLS, the value is in the format `acs:log:{RegionId}:{accountId}:project/{projectName}/logstore/{logstoreName}`. For example: `acs:log:cn-shanghai:100931896542**:project/project1/logstore/logstore1`.	acs:oss:cn-shanghai:100931896542****:new-bucket
DeliveryChannelCondition	string	No	An additional rule for the delivery channel to specify filter conditions for subscribed content. If you subscribe to compliance events, you can specify the minimum risk level and resource types: To specify the minimum risk level for subscribed events, use `{"filterType":"RuleRiskLevel","value":"1","multiple":false}`. `value` specifies the risk level. Valid values: 1 (high risk), 2 (medium risk), and 3 (low risk). `multiple` specifies whether the filter supports multiple values. For risk level, only a single value is supported. Set `multiple` to `false`. To specify the resource types for subscribed events, use `{"filterType":"ResourceType","values":["ACS::ACK::Cluster","ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage"],"multiple":true}`. `values` is a JSON array of resource types. For example: `[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]` `multiple` specifies whether the filter supports multiple values. For resource types, multiple values are supported. Set `multiple` to `true`. You can also specify both the risk level and resource types. For example: `[{"filterType":"RuleRiskLevel","value":"2","multiple":false},{"filterType":"ResourceType","values":["ACS::CDN::Domain","ACS::ActionTrail::Trail"],"multiple":true}]` If you deliver resource configurations, you can specify the resource types: `{"filterType":"ResourceType","values":["ACS::ACK::Cluster","ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage"],"multiple":true}`. `values` is a JSON array of the resource types you want to deliver. For example: `[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]`	[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]
OversizedDataOSSTargetArn	string	No	The ARN of the OSS bucket to which the data is transferred when the data size exceeds the channel's limit. The format is `acs:oss:{RegionId}:{accountId}:{bucketName}`. If you do not set this parameter, Cloud Config delivers only a summary of the data. Note This parameter is supported only for SLS and MNS delivery channels. The size limit is 1 MB for SLS channels and 64 KB for MNS channels.	acs:oss:cn-shanghai:100931896542****:new-bucket
Description	string	No	The description of the delivery channel.	My OSS delivery.
ClientToken	string	No	A client token used to ensure the idempotence of the request. Generate a unique value for this parameter from your client. `ClientToken` can contain only ASCII characters and must be no more than 64 characters in length. For more information, see How to ensure idempotence.	1594295238-f9361358-5843-4294-8d30-b5183fac****
ConfigurationSnapshot	boolean	No	Specifies whether to receive scheduled resource snapshots. Every day at `04:00Z` and `16:00Z` (UTC), Cloud Config delivers scheduled resource snapshots to OSS and MNS. Valid values: true: Receive scheduled resource snapshots. false (default): Do not receive scheduled resource snapshots. Note If the delivery channel type is OSS, you must set at least one of `ConfigurationSnapshot` or `ConfigurationItemChangeNotification` to true. Note If the delivery channel type is SLS, you must set at least one of `ConfigurationSnapshot`, `ConfigurationItemChangeNotification`, or `NonCompliantNotification` to true.	false
CompliantSnapshot	boolean	No	Specifies whether to receive compliance snapshots. Cloud Config delivers compliance and non-compliance information of resources to SLS. Valid values: true: Receive compliance snapshots. false: Do not receive compliance snapshots.	false
ConfigurationItemChangeNotification	boolean	No	Specifies whether to receive the configuration history of a resource. When the configuration of a resource changes, Cloud Config delivers the configuration history to OSS, SLS, or MNS. Valid values: true: Receive the configuration history. false (default): Do not receive the configuration history. Note If the delivery channel type is OSS, you must set at least one of `ConfigurationSnapshot` or `ConfigurationItemChangeNotification` to true. Note If the delivery channel type is SLS, you must set at least one of `ConfigurationSnapshot`, `ConfigurationItemChangeNotification`, or `NonCompliantNotification` to true. Note If the delivery channel type is MNS, you must set at least one of `ConfigurationItemChangeNotification` or `NonCompliantNotification` to true.	false
NonCompliantNotification	boolean	No	Specifies whether to receive non-compliant events. When a resource is evaluated as non-compliant, Cloud Config delivers the non-compliant events to SLS or MNS. Valid values: true: Receive non-compliant events. false (default): Do not receive non-compliant events. Note If the delivery channel type is SLS, you must set at least one of `ConfigurationSnapshot`, `ConfigurationItemChangeNotification`, or `NonCompliantNotification` to true. Note If the delivery channel type is MNS, you must set at least one of `ConfigurationItemChangeNotification` or `NonCompliantNotification` to true.	false
DeliverySnapshotTime	string	No	The time of day when Cloud Config starts to deliver scheduled resource snapshots. The time is in the `HH:mmZ` format (UTC). Note When you enable scheduled resource snapshots, you can use this parameter to customize the delivery time. If you do not set this parameter, Cloud Config delivers scheduled resource snapshots at `04:00Z` and `16:00Z` by default.	09:10Z

For more information about common request parameters, see Common parameters.

Response elements

Element	Type	Description	Example
	object	No data is returned.
RequestId	string	The request ID.	A7A0FFF8-0B44-40C6-8BBF-3A185EFDERTHG
DeliveryChannelId	string	The ID of the delivery channel.	cdc-8e45ff4e06a3a8****

Examples

Success response

JSON format

{
  "RequestId": "A7A0FFF8-0B44-40C6-8BBF-3A185EFDERTHG",
  "DeliveryChannelId": "cdc-8e45ff4e06a3a8****"
}

Error codes

HTTP status code	Error code	Error message
400	DeliveryChannelNotExists	The delivery channel does not exist.
400	Invalid.DeliveryChannelAssumeRoleArn.Format	The specified format of DeliveryChannelAssumeRoleArn is invalid.
400	Invalid.DeliveryChannelTargetArn.Format	The specified format of DeliveryChannelTargetArn is invalid.
400	Invalid.DeliveryChannelCondition.Format	The specified format of DeliveryChannelCondition is invalid.
400	MemberNotBelongToMaster	The specified member does not belong to your organization.
400	DeliveryChannelAccountNotSupport	Cross-account delivery that is not in the RD is not supported.
400	DeliveryChannelMnsUnreachable	The MNS topic is unreachable.
400	DeliveryChannelOssUnreachable	The OSS bucket is unreachable.
400	DeliveryChannelSlsUnreachable	SLS logstore is unreachable.
404	AccountNotExisted	Your account does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.