CreateConfigDeliveryChannel - Cloud Config - Alibaba Cloud Documentation Center

Creates a delivery channel to deliver resource data to Simple Log Service (SLS), Object Storage Service (OSS), or Simple Message Queue (formerly MNS).

Operation description

Background information

Deliver to Simple Log Service (SLS)

When you deliver resource configuration histories, non-compliant events, and scheduled snapshots to a Logstore in SLS, you must first create a project and a Logstore. This lets you query and analyze logs. For examples of the content of the JSON files, see Resource configuration history examples, Non-compliant event examples, and Scheduled resource snapshot examples.
Deliver to Object Storage Service (OSS)

When you deliver scheduled resource snapshots or configuration histories to a specified location in OSS, you must first create a bucket. This lets you view or download the JSON files. For examples of the content of the JSON files, see Scheduled resource snapshot examples and Resource configuration history examples.
Deliver to Simple Message Queue (formerly MNS)

When you deliver resource configuration histories and non-compliant events to a specified topic in MNS, you must first create a topic. This lets you set the push method and content for the topic. For examples of the content of the JSON files, see Resource configuration history examples and Non-compliant event examples.

Limits

You can create a maximum of 5 delivery channels.

Usage notes

This topic provides an example of how to create a delivery channel. In this example, the channel type is OSS and the destination ARN is acs:oss:cn-shanghai:100931896542****:new-bucket. The response shows that a delivery channel with the ID cdc-8e45ff4e06a3a8**** is created.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

config:CreateConfigDeliveryChannel

create

*Delivery

acs:config:*:{#accountId}:delivery/*

None

Request parameters

Parameter	Type	Required	Description	Example
DeliveryChannelName	string	No	The name of the delivery channel. Note If you do not set this parameter, the value is left empty.	testoss
DeliveryChannelType	string	Yes	The type of the delivery channel. Valid values: OSS: Object Storage Service. MNS: Simple Message Queue (formerly MNS). SLS: Simple Log Service.	OSS
DeliveryChannelTargetArn	string	Yes	The ARN of the delivery destination. Valid values: If the delivery channel is OSS, the value is in the format of `acs:oss:{RegionId}:{accountId}:{bucketName}`. Example: `acs:oss:cn-shanghai:100931896542**:new-bucket`. If the delivery channel is MNS, the value is in the format of `acs:mns:{RegionId}:{accountId}:/topics/{topicName}`. Example: `acs:mns:cn-shanghai:100931896542:/topics/topic1`. If the delivery channel is SLS, the value is in the format of `acs:log:{RegionId}:{accountId}:project/{projectName}/logstore/{logstoreName}`. Example: `acs:log:cn-shanghai:100931896542**:project/project1/logstore/logstore1`.	acs:oss:cn-shanghai:100931896542****:new-bucket
DeliveryChannelCondition	string	No	An additional rule for the delivery channel. Use this rule to specify filter conditions for subscriptions. If you subscribe to compliance events, you can specify the minimum risk level and resource types as follows: To specify the minimum risk level of events, use `{"filterType":"RuleRiskLevel","value":"1","multiple":false}`. `value` specifies the risk level to filter. Valid values: 1 for high, 2 for medium, and 3 for low. `multiple` specifies whether the filter supports multiple values. The risk level filter supports only a single value. Therefore, set `multiple` to `false` when you deliver compliance events. To specify the resource types of events, use `{"filterType":"ResourceType","values":["ACS::ACK::Cluster","ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage"],"multiple":true}`. `values` specifies the resource types to which you want to subscribe. The value is a JSON array of resource types. Example: `[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]` `multiple` specifies whether the filter supports multiple values. The resource type filter supports multiple values. If you select multiple resource types, set `multiple` to `true`. You can also specify a risk level and resource types at the same time. Example: `[{"filterType":"RuleRiskLevel","value":"2","multiple":false},{"filterType":"ResourceType","values":["ACS::CDN::Domain","ACS::ActionTrail::Trail"],"multiple":true}]` If you subscribe to resource configuration deliveries, you can specify the resource types as `{"filterType":"ResourceType","values":["ACS::ACK::Cluster","ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage"],"multiple":true}`. `values` specifies the resource types that you want to deliver. The value is a JSON array of resource types. Example: `[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]`	[{"filterType":"ResourceType","values":["ACS::ActionTrail::Trail","ACS::CBWP::CommonBandwidthPackage","ACS::CDN::Domain","ACS::CEN::CenBandwidthPackage","ACS::CEN::CenInstance","ACS::CEN::Flowlog","ACS::DdosCoo::Instance"],"multiple":true}]
OversizedDataOSSTargetArn	string	No	The ARN of the OSS bucket to which the oversized data is delivered when the size of the data exceeds the limit of the delivery channel. The format is `acs:oss:{RegionId}:{accountId}:{bucketName}`. If you do not set this parameter, Cloud Config delivers only the summary of the data. Note This parameter is supported only for SLS and MNS delivery channels. The delivery channel limit for SLS is 1 MB. The delivery channel limit for MNS is 64 KB.	acs:oss:cn-shanghai:100931896542****:new-bucket
Description	string	No	The description of the delivery channel.	My OSS delivery.
ClientToken	string	No	A client token. It is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that the value is unique among different requests. `ClientToken` can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence.	1594295238-f9361358-5843-4294-8d30-b5183fac****
ConfigurationSnapshot	boolean	No	Specifies whether to deliver scheduled resource snapshots. Cloud Config delivers scheduled resource snapshots to OSS or SLS at `04:00Z` and `16:00Z` (UTC) every day. Valid values: true: Deliver scheduled resource snapshots. false (default): Do not deliver scheduled resource snapshots. Note If the delivery channel is OSS, you must set at least one of `ConfigurationSnapshot` (scheduled resource snapshots) and `ConfigurationItemChangeNotification` (resource configuration histories) to true. Note If the delivery channel is SLS, you must set at least one of `ConfigurationSnapshot` (scheduled resource snapshots), `ConfigurationItemChangeNotification` (resource configuration histories), `CompliantSnapshot` (compliance snapshots), and `NonCompliantNotification` (non-compliant events) to true.	true
CompliantSnapshot	boolean	No	Specifies whether to deliver compliance snapshots. Cloud Config delivers the compliance and non-compliance information of resources to SLS. Valid values: true: Deliver compliance snapshots. false: Do not deliver compliance snapshots.	false
ConfigurationItemChangeNotification	boolean	No	Specifies whether to deliver resource configuration histories. When the configuration of a resource changes, Cloud Config delivers the resource configuration history to OSS, SLS, or MNS. Valid values: true: Deliver resource configuration histories. false (default): Do not deliver resource configuration histories. Note If the delivery channel is OSS, you must set at least one of `ConfigurationSnapshot` (scheduled resource snapshots) and `ConfigurationItemChangeNotification` (resource configuration histories) to true. Note If the delivery channel is SLS, you must set at least one of `ConfigurationSnapshot` (scheduled resource snapshots), `CompliantSnapshot` (compliance snapshots), `ConfigurationItemChangeNotification` (resource configuration histories), and `NonCompliantNotification` (non-compliant events) to true. Note If the delivery channel is MNS, you must set at least one of `ConfigurationItemChangeNotification` (resource configuration histories) and `NonCompliantNotification` (non-compliant events) to true.	false
NonCompliantNotification	boolean	No	Specifies whether to deliver non-compliant events. When a resource is evaluated as non-compliant, Cloud Config delivers the non-compliant event to SLS or MNS. Valid values: true: Deliver non-compliant events. false (default): Do not deliver non-compliant events. Note If the delivery channel is SLS, you must set at least one of `ConfigurationSnapshot` (scheduled resource snapshots), `CompliantSnapshot` (compliance snapshots), `ConfigurationItemChangeNotification` (resource configuration histories), and `NonCompliantNotification` (non-compliant events) to true. Note If the delivery channel is MNS, you must set at least one of `ConfigurationItemChangeNotification` (resource configuration histories) and `NonCompliantNotification` (non-compliant events) to true.	false
DeliverySnapshotTime	string	No	The time when Cloud Config starts to deliver scheduled resource snapshots every day. The value must be in the `HH:mmZ` format (UTC). Note When you enable scheduled resource snapshot delivery, you can use this parameter to customize the delivery time. If you do not set this parameter, the snapshots are delivered at `04:00Z` and `16:00Z` (UTC) by default.	09:10Z

For information about common request parameters, see Common parameters.

Response elements

Element	Type	Description	Example
	object	None.
RequestId	string	The request ID.	A7A0FFF8-0B44-40C6-8BBF-3A185EFDERTHG
DeliveryChannelId	string	The ID of the delivery channel.	cdc-8e45ff4e06a3a8****

Examples

Success response

JSON format

{
  "RequestId": "A7A0FFF8-0B44-40C6-8BBF-3A185EFDERTHG",
  "DeliveryChannelId": "cdc-8e45ff4e06a3a8****"
}

Error codes

HTTP status code	Error code	Error message	Description
400	DeliveryChannelNotExists	The delivery channel does not exist.	The delivery channel does not exist.
400	Invalid.DeliveryChannelAssumeRoleArn.Format	The specified format of DeliveryChannelAssumeRoleArn is invalid.	The specified format of DeliveryChannelAssumeRoleArn is invalid.
400	Invalid.DeliveryChannelTargetArn.Format	The specified format of DeliveryChannelTargetArn is invalid.	The specified format of DeliveryChannelTargetArn is invalid.
400	Invalid.DeliveryChannelCondition.Format	The specified format of DeliveryChannelCondition is invalid.	The specified format of DeliveryChannelCondition is invalid.
400	MemberNotBelongToMaster	The specified member does not belong to your organization.
400	DeliveryChannelAccountNotSupport	Cross-account delivery that is not in the RD is not supported.	Cross-account delivery that is not in the RD is not supported.
400	DeliveryChannelMnsUnreachable	The MNS topic is unreachable.	The MNS topic is unreachable.
400	DeliveryChannelOssUnreachable	The OSS bucket is unreachable.	The OSS bucket is unreachable.
400	DeliveryChannelSlsUnreachable	SLS logstore is unreachable.
404	AccountNotExisted	Your account does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.